File name:

melodyne-5.3.1.018-installer_vvz-xC1.exe

Full analysis: https://app.any.run/tasks/fae7f703-0ec5-4aa9-b374-034a060b0726
Verdict: Malicious activity
Analysis date: November 13, 2023, 03:39:07
OS: Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Indicators:
MIME: application/x-dosexec
File info: PE32 executable (GUI) Intel 80386, for MS Windows
MD5:

5E490E1188B03B411E941B88BE7388E0

SHA1:

9767343DCC68A8D2C591A648F452593C2CC1BD0F

SHA256:

C484600D6A850D0E45CC5B17BB5CD9ED9B95245AA707F2C0001D107411E248DE

SSDEEP:

24576:27FUDowAyrTVE3U5FmzVRKuPaJPfrT90eKc4cgFLNPfs8duMpmsDq:2BuZrEUgRKuwPH9RHgFLRdp/O

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Drops the executable file immediately after the start

      • melodyne-5.3.1.018-installer_vvz-xC1.exe (PID: 3448)
      • melodyne-5.3.1.018-installer_vvz-xC1.exe (PID: 3572)
      • melodyne-5.3.1.018-installer_vvz-xC1.tmp (PID: 3464)

  • SUSPICIOUS

    • Reads the Windows owner or organization settings

      • melodyne-5.3.1.018-installer_vvz-xC1.tmp (PID: 3464)

    • Reads settings of System Certificates

      • melodyne-5.3.1.018-installer_vvz-xC1.tmp (PID: 3464)

  • INFO

    • Checks supported languages

      • melodyne-5.3.1.018-installer_vvz-xC1.exe (PID: 3448)
      • melodyne-5.3.1.018-installer_vvz-xC1.tmp (PID: 3156)
      • melodyne-5.3.1.018-installer_vvz-xC1.exe (PID: 3572)
      • melodyne-5.3.1.018-installer_vvz-xC1.tmp (PID: 3464)
      • wmpnscfg.exe (PID: 3624)

    • Reads the computer name

      • melodyne-5.3.1.018-installer_vvz-xC1.tmp (PID: 3156)
      • melodyne-5.3.1.018-installer_vvz-xC1.tmp (PID: 3464)
      • wmpnscfg.exe (PID: 3624)

    • Create files in a temporary directory

      • melodyne-5.3.1.018-installer_vvz-xC1.exe (PID: 3448)
      • melodyne-5.3.1.018-installer_vvz-xC1.exe (PID: 3572)
      • melodyne-5.3.1.018-installer_vvz-xC1.tmp (PID: 3464)

    • Reads the machine GUID from the registry

      • melodyne-5.3.1.018-installer_vvz-xC1.tmp (PID: 3464)
      • wmpnscfg.exe (PID: 3624)

    • Manual execution by a user

      • wmpnscfg.exe (PID: 3624)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.exe | Inno Setup installer (53.5)
.exe | InstallShield setup (21)
.exe | Win32 EXE PECompact compressed (generic) (20.2)
.exe | Win32 Executable (generic) (2.1)
.exe | Win16/32 Executable Delphi generic (1)

EXIF

EXE

MachineType: Intel 386 or later, and compatibles
TimeStamp: 2022:04:14 18:10:23+02:00
ImageFileCharacteristics: No relocs, Executable, No line numbers, No symbols, Bytes reversed lo, 32-bit, Bytes reversed hi
PEType: PE32
LinkerVersion: 2.25
CodeSize: 741888
InitializedDataSize: 89600
UninitializedDataSize: -
EntryPoint: 0xb5eec
OSVersion: 6.1
ImageVersion: 6
SubsystemVersion: 6.1
Subsystem: Windows GUI
FileVersionNumber: 6.44.2683.0
ProductVersionNumber: 6.44.2683.0
FileFlagsMask: 0x003f
FileFlags: (none)
FileOS: Win32
ObjectFileType: Executable application
FileSubtype: -
LanguageCode: Neutral
CharacterSet: Unicode
Comments: This installation was built with Inno Setup.
CompanyName:
FileDescription: Softoníc International SA
FileVersion: 6.44.2683
LegalCopyright: ©2022 Softoníc International SA
OriginalFileName:
ProductName: Softoníc International SA
ProductVersion: 6.44.2683
No data.
screenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
41
Monitored processes
5
Malicious processes
3
Suspicious processes
1

Behavior graph

Click at the process to see the details
start melodyne-5.3.1.018-installer_vvz-xc1.exe no specs melodyne-5.3.1.018-installer_vvz-xc1.tmp no specs melodyne-5.3.1.018-installer_vvz-xc1.exe melodyne-5.3.1.018-installer_vvz-xc1.tmp wmpnscfg.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
3156"C:\Users\admin\AppData\Local\Temp\is-8R7OJ.tmp\melodyne-5.3.1.018-installer_vvz-xC1.tmp" /SL5="$60134,875199,832512,C:\Users\admin\AppData\Local\Temp\melodyne-5.3.1.018-installer_vvz-xC1.exe" C:\Users\admin\AppData\Local\Temp\is-8R7OJ.tmp\melodyne-5.3.1.018-installer_vvz-xC1.tmpmelodyne-5.3.1.018-installer_vvz-xC1.exe
User:
admin
Company:
Integrity Level:
MEDIUM
Description:
Setup/Uninstall
Exit code:
1
Version:
51.1052.0.0
Modules
Images
c:\users\admin\appdata\local\temp\is-8r7oj.tmp\melodyne-5.3.1.018-installer_vvz-xc1.tmp
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\mpr.dll
c:\windows\system32\comdlg32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
3448"C:\Users\admin\AppData\Local\Temp\melodyne-5.3.1.018-installer_vvz-xC1.exe" C:\Users\admin\AppData\Local\Temp\melodyne-5.3.1.018-installer_vvz-xC1.exeexplorer.exe
User:
admin
Company:
Integrity Level:
MEDIUM
Description:
Softoníc International SA
Exit code:
1
Version:
6.44.2683
Modules
Images
c:\users\admin\appdata\local\temp\melodyne-5.3.1.018-installer_vvz-xc1.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.24483_none_2b200f664577e14b\comctl32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
3464"C:\Users\admin\AppData\Local\Temp\is-SFER7.tmp\melodyne-5.3.1.018-installer_vvz-xC1.tmp" /SL5="$601FC,875199,832512,C:\Users\admin\AppData\Local\Temp\melodyne-5.3.1.018-installer_vvz-xC1.exe" /SPAWNWND=$501F6 /NOTIFYWND=$60134 C:\Users\admin\AppData\Local\Temp\is-SFER7.tmp\melodyne-5.3.1.018-installer_vvz-xC1.tmp
melodyne-5.3.1.018-installer_vvz-xC1.exe
User:
admin
Company:
Integrity Level:
HIGH
Description:
Setup/Uninstall
Exit code:
1
Version:
51.1052.0.0
Modules
Images
c:\users\admin\appdata\local\temp\is-sfer7.tmp\melodyne-5.3.1.018-installer_vvz-xc1.tmp
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\mpr.dll
c:\windows\system32\comdlg32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
3572"C:\Users\admin\AppData\Local\Temp\melodyne-5.3.1.018-installer_vvz-xC1.exe" /SPAWNWND=$501F6 /NOTIFYWND=$60134 C:\Users\admin\AppData\Local\Temp\melodyne-5.3.1.018-installer_vvz-xC1.exe
melodyne-5.3.1.018-installer_vvz-xC1.tmp
User:
admin
Company:
Integrity Level:
HIGH
Description:
Softoníc International SA
Exit code:
1
Version:
6.44.2683
Modules
Images
c:\users\admin\appdata\local\temp\melodyne-5.3.1.018-installer_vvz-xc1.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.24483_none_2b200f664577e14b\comctl32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
3624"C:\Program Files\Windows Media Player\wmpnscfg.exe"C:\Program Files\Windows Media Player\wmpnscfg.exeexplorer.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Windows Media Player Network Sharing Service Configuration Application
Exit code:
0
Version:
12.0.7600.16385 (win7_rtm.090713-1255)
Modules
Images
c:\program files\windows media player\wmpnscfg.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\ole32.dll
Total events
3 681
Read events
3 662
Write events
12
Delete events
7

Modification events

(PID) Process:(3464) melodyne-5.3.1.018-installer_vvz-xC1.tmpKey:HKEY_CLASSES_ROOT\Local Settings\MuiCache\17A\52C64B7E
Operation:writeName:LanguageList
Value:
en-US
(PID) Process:(3624) wmpnscfg.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Media Player NSS\3.0\Events\{E61F2836-56B3-4B08-A90B-F09F12873CA2}\{FFE9D7E0-E4BB-4A1A-B8C6-B400DF3E92F2}
Operation:delete keyName:(default)
Value:
(PID) Process:(3624) wmpnscfg.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Media Player NSS\3.0\Events\{E61F2836-56B3-4B08-A90B-F09F12873CA2}
Operation:delete keyName:(default)
Value:
(PID) Process:(3624) wmpnscfg.exeKey:HKEY_CURRENT_USER\Software\Microsoft\MediaPlayer\Health\{198E0182-290A-42EC-9EA3-03409C947D4E}
Operation:delete keyName:(default)
Value:
(PID) Process:(3464) melodyne-5.3.1.018-installer_vvz-xC1.tmpKey:HKEY_CURRENT_USER\Software\Microsoft\RestartManager\Session0000
Operation:delete valueName:Sequence
Value:
1
(PID) Process:(3464) melodyne-5.3.1.018-installer_vvz-xC1.tmpKey:HKEY_CURRENT_USER\Software\Microsoft\RestartManager\Session0000
Operation:delete valueName:SessionHash
Value:
7C2005D7E21999A8D9BDFC6324FA8815526A6563FD52D78B2B9F9CC76A16EAEA
(PID) Process:(3464) melodyne-5.3.1.018-installer_vvz-xC1.tmpKey:HKEY_CURRENT_USER\Software\Microsoft\RestartManager\Session0000
Operation:delete valueName:Owner
Value:
880D00000AFEA1F9E215DA01
(PID) Process:(3464) melodyne-5.3.1.018-installer_vvz-xC1.tmpKey:HKEY_CURRENT_USER\Software\Microsoft\RestartManager\Session0000
Operation:delete keyName:(default)
Value:
Executable files
3
Suspicious files
0
Text files
0
Unknown types
0

Dropped files

PID
Process
Filename
Type
3448melodyne-5.3.1.018-installer_vvz-xC1.exeC:\Users\admin\AppData\Local\Temp\is-8R7OJ.tmp\melodyne-5.3.1.018-installer_vvz-xC1.tmpexecutable
MD5:E6C28EB71E3839115F44ACBE4AB73729
SHA256:FE883C092E139F2A83C19AD272096B5F16B3794DA9D7B1E9401216AEBF079399
3464melodyne-5.3.1.018-installer_vvz-xC1.tmpC:\Users\admin\AppData\Local\Temp\is-2630E.tmp\botva2.dllexecutable
MD5:67965A5957A61867D661F05AE1F4773E
SHA256:450B9B0BA25BF068AFBC2B23D252585A19E282939BF38326384EA9112DFD0105
3572melodyne-5.3.1.018-installer_vvz-xC1.exeC:\Users\admin\AppData\Local\Temp\is-SFER7.tmp\melodyne-5.3.1.018-installer_vvz-xC1.tmpexecutable
MD5:E6C28EB71E3839115F44ACBE4AB73729
SHA256:FE883C092E139F2A83C19AD272096B5F16B3794DA9D7B1E9401216AEBF079399
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
0
TCP/UDP connections
6
DNS requests
1
Threats
0

HTTP requests

No HTTP requests
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
4
System
192.168.100.255:137
whitelisted
1080
svchost.exe
224.0.0.252:5355
unknown
4
System
192.168.100.255:138
whitelisted
2588
svchost.exe
239.255.255.250:1900
whitelisted
3464
melodyne-5.3.1.018-installer_vvz-xC1.tmp
18.66.107.32:443
ds0ipd79cknej.cloudfront.net
AMAZON-02
US
unknown

DNS requests

Domain
IP
Reputation
ds0ipd79cknej.cloudfront.net
  • 18.66.107.32
  • 18.66.107.82
  • 18.66.107.117
  • 18.66.107.145
unknown

Threats

No threats detected
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2025 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
melodyne-5.3.1.018-installer_vvz-xC1.exe