File name:

Setup Meter Tap 3 v1.0.4.exe

Full analysis: https://app.any.run/tasks/7e280321-a430-484a-8ca4-94ac9a8150bf
Verdict: Malicious activity
Analysis date: October 05, 2023, 11:36:25
OS: Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Indicators:
MIME: application/x-dosexec
File info: PE32 executable (GUI) Intel 80386, for MS Windows
MD5:

F06D58FAFB6C869853FAACFBA858D74E

SHA1:

D0D72F869DC55672906B3C14DD1CBA6A4D6DA3B8

SHA256:

C0FFF6B5B26F20AB79928BF2F05CB5CBACFE63604ABDD4A44C8CC7DDAF4C4705

SSDEEP:

98304:o0lukgDZXTKbXSO+PVnzuXgH/Fu1LmmWfjlpl7UaHnV7e:ef4

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Loads dropped or rewritten executable

      • Setup Meter Tap 3 v1.0.4.tmp (PID: 4036)

    • Drops the executable file immediately after the start

      • Setup Meter Tap 3 v1.0.4.exe (PID: 3980)
      • Setup Meter Tap 3 v1.0.4.tmp (PID: 4036)
      • Setup Meter Tap 3 v1.0.4.exe (PID: 1164)

  • SUSPICIOUS

    • Reads the Windows owner or organization settings

      • Setup Meter Tap 3 v1.0.4.tmp (PID: 4036)

  • INFO

    • Checks supported languages

      • Setup Meter Tap 3 v1.0.4.exe (PID: 1164)
      • Setup Meter Tap 3 v1.0.4.exe (PID: 3980)
      • wmpnscfg.exe (PID: 1372)
      • Setup Meter Tap 3 v1.0.4.tmp (PID: 4036)
      • Setup Meter Tap 3 v1.0.4.tmp (PID: 3244)

    • Reads the computer name

      • Setup Meter Tap 3 v1.0.4.tmp (PID: 3244)
      • wmpnscfg.exe (PID: 1372)
      • Setup Meter Tap 3 v1.0.4.tmp (PID: 4036)

    • Reads the machine GUID from the registry

      • wmpnscfg.exe (PID: 1372)

    • Create files in a temporary directory

      • Setup Meter Tap 3 v1.0.4.exe (PID: 3980)
      • Setup Meter Tap 3 v1.0.4.tmp (PID: 4036)
      • Setup Meter Tap 3 v1.0.4.exe (PID: 1164)

    • Creates files in the program directory

      • Setup Meter Tap 3 v1.0.4.tmp (PID: 4036)

    • Application was dropped or rewritten from another process

      • Setup Meter Tap 3 v1.0.4.tmp (PID: 4036)
      • Setup Meter Tap 3 v1.0.4.tmp (PID: 3244)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.exe | Win32 Executable Delphi generic (45.2)
.dll | Win32 Dynamic Link Library (generic) (20.9)
.exe | Win32 Executable (generic) (14.3)
.exe | Win16/32 Executable Delphi generic (6.6)
.exe | Generic Win/DOS Executable (6.3)

EXIF

EXE

ProductVersion: 1.0.4
ProductName: Meter Tap 3
LegalCopyright: iZotope
FileVersion: 1.0.4
FileDescription: iZotope Meter Tap 3 Setup
CompanyName: iZotope
Comments: This installation was built with Inno Setup.
CharacterSet: Unicode
LanguageCode: Neutral
FileSubtype: -
ObjectFileType: Executable application
FileOS: Win32
FileFlags: (none)
FileFlagsMask: 0x003f
ProductVersionNumber: 1.0.4.0
FileVersionNumber: 1.0.4.0
Subsystem: Windows GUI
SubsystemVersion: 5
ImageVersion: 6
OSVersion: 5
EntryPoint: 0x1181c
UninitializedDataSize: -
InitializedDataSize: 53760
CodeSize: 66560
LinkerVersion: 2.25
PEType: PE32
ImageFileCharacteristics: No relocs, Executable, No line numbers, No symbols, Bytes reversed lo, 32-bit, Bytes reversed hi
TimeStamp: 2018:06:14 15:27:46+02:00
MachineType: Intel 386 or later, and compatibles
No data.
screenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
41
Monitored processes
5
Malicious processes
4
Suspicious processes
0

Behavior graph

Click at the process to see the details
drop and start start drop and start wmpnscfg.exe no specs setup meter tap 3 v1.0.4.exe no specs setup meter tap 3 v1.0.4.tmp no specs setup meter tap 3 v1.0.4.exe setup meter tap 3 v1.0.4.tmp no specs

Process information

PID
CMD
Path
Indicators
Parent process
1372"C:\Program Files\Windows Media Player\wmpnscfg.exe"C:\Program Files\Windows Media Player\wmpnscfg.exeexplorer.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Windows Media Player Network Sharing Service Configuration Application
Exit code:
0
Version:
12.0.7600.16385 (win7_rtm.090713-1255)
Modules
Images
c:\program files\windows media player\wmpnscfg.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\sechost.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\ole32.dll
3980"C:\Users\admin\AppData\Local\Temp\Setup Meter Tap 3 v1.0.4.exe" C:\Users\admin\AppData\Local\Temp\Setup Meter Tap 3 v1.0.4.exeexplorer.exe
User:
admin
Company:
iZotope
Integrity Level:
MEDIUM
Description:
iZotope Meter Tap 3 Setup
Exit code:
0
Version:
1.0.4
Modules
Images
c:\users\admin\appdata\local\temp\setup meter tap 3 v1.0.4.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\ole32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
3244"C:\Users\admin\AppData\Local\Temp\is-R3358.tmp\Setup Meter Tap 3 v1.0.4.tmp" /SL5="$1000FA,2170716,121344,C:\Users\admin\AppData\Local\Temp\Setup Meter Tap 3 v1.0.4.exe" C:\Users\admin\AppData\Local\Temp\is-R3358.tmp\Setup Meter Tap 3 v1.0.4.tmpSetup Meter Tap 3 v1.0.4.exe
User:
admin
Integrity Level:
MEDIUM
Description:
Setup/Uninstall
Exit code:
0
Version:
51.1052.0.0
Modules
Images
c:\users\admin\appdata\local\temp\is-r3358.tmp\setup meter tap 3 v1.0.4.tmp
c:\windows\system32\kernel32.dll
c:\windows\system32\ntdll.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\ole32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
1164"C:\Users\admin\AppData\Local\Temp\Setup Meter Tap 3 v1.0.4.exe" /SPAWNWND=$90216 /NOTIFYWND=$1000FA C:\Users\admin\AppData\Local\Temp\Setup Meter Tap 3 v1.0.4.exe
Setup Meter Tap 3 v1.0.4.tmp
User:
admin
Company:
iZotope
Integrity Level:
HIGH
Description:
iZotope Meter Tap 3 Setup
Exit code:
0
Version:
1.0.4
Modules
Images
c:\users\admin\appdata\local\temp\setup meter tap 3 v1.0.4.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\ole32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
4036"C:\Users\admin\AppData\Local\Temp\is-4DVKP.tmp\Setup Meter Tap 3 v1.0.4.tmp" /SL5="$D019E,2170716,121344,C:\Users\admin\AppData\Local\Temp\Setup Meter Tap 3 v1.0.4.exe" /SPAWNWND=$90216 /NOTIFYWND=$1000FA C:\Users\admin\AppData\Local\Temp\is-4DVKP.tmp\Setup Meter Tap 3 v1.0.4.tmpSetup Meter Tap 3 v1.0.4.exe
User:
admin
Integrity Level:
HIGH
Description:
Setup/Uninstall
Exit code:
0
Version:
51.1052.0.0
Modules
Images
c:\users\admin\appdata\local\temp\is-4dvkp.tmp\setup meter tap 3 v1.0.4.tmp
c:\windows\system32\kernel32.dll
c:\windows\system32\ntdll.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\ole32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
Total events
1 198
Read events
1 189
Write events
0
Delete events
9

Modification events

(PID) Process:(1372) wmpnscfg.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Media Player NSS\3.0\Events\{2C019454-9679-48A8-B357-8C1C4E21180A}\{1B503B80-DBD4-4071-A9AA-BDA9EB18AD69}
Operation:delete keyName:(default)
Value:
(PID) Process:(1372) wmpnscfg.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Media Player NSS\3.0\Events\{2C019454-9679-48A8-B357-8C1C4E21180A}
Operation:delete keyName:(default)
Value:
(PID) Process:(1372) wmpnscfg.exeKey:HKEY_CURRENT_USER\Software\Microsoft\MediaPlayer\Health\{F16957CA-9D53-4A34-A09D-028BA49E56FC}
Operation:delete keyName:(default)
Value:
(PID) Process:(4036) Setup Meter Tap 3 v1.0.4.tmpKey:HKEY_CURRENT_USER\Software\Microsoft\RestartManager\Session0000
Operation:delete valueName:RegFilesHash
Value:
13F345877EA58AA15E0FF464EBC5C6D0A2E1D477A2E43F63F53A5650B39646DE
(PID) Process:(4036) Setup Meter Tap 3 v1.0.4.tmpKey:HKEY_CURRENT_USER\Software\Microsoft\RestartManager\Session0000
Operation:delete valueName:RegFiles0000
Value:
C:\Program Files\iZotope\Meter Tap 3\Win32\Meter Tap 3.dll
(PID) Process:(4036) Setup Meter Tap 3 v1.0.4.tmpKey:HKEY_CURRENT_USER\Software\Microsoft\RestartManager\Session0000
Operation:delete valueName:Sequence
Value:
1
(PID) Process:(4036) Setup Meter Tap 3 v1.0.4.tmpKey:HKEY_CURRENT_USER\Software\Microsoft\RestartManager\Session0000
Operation:delete valueName:SessionHash
Value:
3CB16CD09D72CC7F594177F2CF6D1C62AC40E85D6B530825ABF2523F8D16FF41
(PID) Process:(4036) Setup Meter Tap 3 v1.0.4.tmpKey:HKEY_CURRENT_USER\Software\Microsoft\RestartManager\Session0000
Operation:delete valueName:Owner
Value:
C40F0000205F003280F7D901
(PID) Process:(4036) Setup Meter Tap 3 v1.0.4.tmpKey:HKEY_CURRENT_USER\Software\Microsoft\RestartManager\Session0000
Operation:delete keyName:(default)
Value:
Executable files
11
Suspicious files
2
Text files
0
Unknown types
0

Dropped files

PID
Process
Filename
Type
4036Setup Meter Tap 3 v1.0.4.tmpC:\Users\admin\AppData\Local\Temp\is-GQ3KV.tmp\SKIN.CJSTYLESexecutable
MD5:5F87CAF3F7CF63DDE8E6AF53BDF31289
SHA256:4731982B02B067D3F5A5A7518279A9265A49FB0F7B3F8DC3D61B82A5359D4940
4036Setup Meter Tap 3 v1.0.4.tmpC:\Program Files\iZotope\Meter Tap 3\unins000.datbinary
MD5:0BF97EBEC3E40DC717E9CE140FC50B45
SHA256:6A95DAB24FA79B7E9A811ECA8B805FEBE75C192915A7DC5D5DA9F1D35F4C8E15
4036Setup Meter Tap 3 v1.0.4.tmpC:\Program Files\iZotope\Meter Tap 3\unins000.exeexecutable
MD5:3F00754F899838C6EAF21660FA26BA41
SHA256:874D6946F066981DB6BD48A77E955D5067588A3AEB0298C352E13031A335BB52
4036Setup Meter Tap 3 v1.0.4.tmpC:\Program Files\iZotope\Meter Tap 3\is-O1NVQ.tmpexecutable
MD5:3F00754F899838C6EAF21660FA26BA41
SHA256:874D6946F066981DB6BD48A77E955D5067588A3AEB0298C352E13031A335BB52
4036Setup Meter Tap 3 v1.0.4.tmpC:\Users\admin\AppData\Local\Temp\is-GQ3KV.tmp\R2RINNO.dllexecutable
MD5:5DF8ADA84A16F5DFC24096EF90A5CE3A
SHA256:48A9C8C332FDE541B571D9D522D0E37834B452F55AF8CBDC341B12222E78FB5B
3980Setup Meter Tap 3 v1.0.4.exeC:\Users\admin\AppData\Local\Temp\is-R3358.tmp\Setup Meter Tap 3 v1.0.4.tmpexecutable
MD5:34ACC2BDB45A9C436181426828C4CB49
SHA256:9C81817ACD4982632D8C7F1DF3898FCA1477577738184265D735F49FC5480F07
4036Setup Meter Tap 3 v1.0.4.tmpC:\Program Files\iZotope\Meter Tap 3\x64\Meter Tap 3.dllexecutable
MD5:D5A625B9D63F27700A7932B0E81714BB
SHA256:D97D42D7C30C7D45970A45AE1E64AD0BD8DBFBA640A688B719667C47FD27C62D
4036Setup Meter Tap 3 v1.0.4.tmpC:\Program Files\iZotope\Meter Tap 3\Win32\Meter Tap 3.dllexecutable
MD5:2AD5241B099040AC68B3E400FA6305F8
SHA256:8305D046FD4312CF1AA70061A81777813BF30364434807F95729590447173CB1
4036Setup Meter Tap 3 v1.0.4.tmpC:\Program Files\iZotope\Meter Tap 3\Win32\is-PROQ9.tmpexecutable
MD5:2AD5241B099040AC68B3E400FA6305F8
SHA256:8305D046FD4312CF1AA70061A81777813BF30364434807F95729590447173CB1
4036Setup Meter Tap 3 v1.0.4.tmpC:\Program Files\iZotope\Meter Tap 3\x64\is-QDCJP.tmpexecutable
MD5:D5A625B9D63F27700A7932B0E81714BB
SHA256:D97D42D7C30C7D45970A45AE1E64AD0BD8DBFBA640A688B719667C47FD27C62D
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
0
TCP/UDP connections
3
DNS requests
0
Threats
0

HTTP requests

No HTTP requests
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
4
System
192.168.100.255:137
whitelisted
2656
svchost.exe
239.255.255.250:1900
whitelisted
4
System
192.168.100.255:138
whitelisted

DNS requests

No data

Threats

No threats detected
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2024 ANY.RUN LLC. ALL RIGHTS RESERVED
ANY.RUN
Reports
Setup Meter Tap 3 v1.0.4.exe