File name:

Space-Cadet-3D-Pinball_Win_EN (1).exe

Full analysis: https://app.any.run/tasks/b36ea874-53ee-4795-a279-52b2b8316c8c
Verdict: Malicious activity
Analysis date: January 02, 2024, 20:25:38
OS: Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Indicators:
MIME: application/x-dosexec
File info: PE32 executable (GUI) Intel 80386, for MS Windows
MD5:

2670A7ECDAB26460F5217FFE43BA4279

SHA1:

ABA3DCEF1088FBC5D19D91D01DA5B034F1B0F08D

SHA256:

D479594426E1BEC7A2A628717E10DCC171D6A68BFBD8E323FCBE3A04A605FFDB

SSDEEP:

24576:qtz3DAsFGebJwXx8+FA5lOnf9DBVkjyQft1EsW3rnkZKIdIRBhEsc1IR9wsIFK8G:6D6Xy+FASf90jtt1EsW3j+VEBcbO3Qa

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    No malicious indicators.

  • SUSPICIOUS

    • Reads Microsoft Outlook installation path

      • Space-Cadet-3D-Pinball_Win_EN (1).exe (PID: 128)

    • Reads Internet Explorer settings

      • Space-Cadet-3D-Pinball_Win_EN (1).exe (PID: 128)

    • Reads the Internet Settings

      • Space-Cadet-3D-Pinball_Win_EN (1).exe (PID: 128)

  • INFO

    • Reads the computer name

      • Space-Cadet-3D-Pinball_Win_EN (1).exe (PID: 128)
      • Space-Cadet-3D-Pinball_Win_EN (1).exe (PID: 1608)
      • pinball.exe (PID: 1824)

    • Drops the executable file immediately after the start

      • Space-Cadet-3D-Pinball_Win_EN (1).exe (PID: 128)
      • Space-Cadet-3D-Pinball_Win_EN (1).exe (PID: 1608)

    • Checks supported languages

      • Space-Cadet-3D-Pinball_Win_EN (1).exe (PID: 128)
      • Space-Cadet-3D-Pinball_Win_EN (1).exe (PID: 1608)
      • pinball.exe (PID: 1824)

    • Application launched itself

      • Space-Cadet-3D-Pinball_Win_EN (1).exe (PID: 128)

    • Checks proxy server information

      • Space-Cadet-3D-Pinball_Win_EN (1).exe (PID: 128)

    • Reads the machine GUID from the registry

      • Space-Cadet-3D-Pinball_Win_EN (1).exe (PID: 128)

    • Creates files in the program directory

      • Space-Cadet-3D-Pinball_Win_EN (1).exe (PID: 1608)

    • Creates files or folders in the user directory

      • Space-Cadet-3D-Pinball_Win_EN (1).exe (PID: 1608)

    • Manual execution by a user

      • pinball.exe (PID: 1824)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.exe | Win32 Executable MS Visual C++ (generic) (42.2)
.exe | Win64 Executable (generic) (37.3)
.dll | Win32 Dynamic Link Library (generic) (8.8)
.exe | Win32 Executable (generic) (6)
.exe | Generic Win/DOS Executable (2.7)

EXIF

EXE

MachineType: Intel 386 or later, and compatibles
TimeStamp: 2010:03:15 07:27:58+01:00
ImageFileCharacteristics: No relocs, Executable, 32-bit
PEType: PE32
LinkerVersion: 9
CodeSize: 49152
InitializedDataSize: 129536
UninitializedDataSize: -
EntryPoint: 0x913f
OSVersion: 5
ImageVersion: -
SubsystemVersion: 4
Subsystem: Windows GUI
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
40
Monitored processes
3
Malicious processes
1
Suspicious processes
0

Behavior graph

Click at the process to see the details
start space-cadet-3d-pinball_win_en (1).exe no specs space-cadet-3d-pinball_win_en (1).exe pinball.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
128"C:\Users\admin\AppData\Local\Temp\Space-Cadet-3D-Pinball_Win_EN (1).exe" C:\Users\admin\AppData\Local\Temp\Space-Cadet-3D-Pinball_Win_EN (1).exeexplorer.exe
User:
admin
Integrity Level:
MEDIUM
Exit code:
0
Modules
Images
c:\users\admin\appdata\local\temp\space-cadet-3d-pinball_win_en (1).exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.24483_none_2b200f664577e14b\comctl32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
1608"C:\Users\admin\AppData\Local\Temp\Space-Cadet-3D-Pinball_Win_EN (1).exe" -el -s2 "-dC:\Program Files\Microsoft Games\Pinball" "-p" "-sp"C:\Users\admin\AppData\Local\Temp\Space-Cadet-3D-Pinball_Win_EN (1).exe
Space-Cadet-3D-Pinball_Win_EN (1).exe
User:
admin
Integrity Level:
HIGH
Exit code:
0
Modules
Images
c:\users\admin\appdata\local\temp\space-cadet-3d-pinball_win_en (1).exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.24483_none_2b200f664577e14b\comctl32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
1824"C:\Program Files\Microsoft Games\Pinball\pinball.exe" C:\Program Files\Microsoft Games\Pinball\pinball.exeexplorer.exe
User:
admin
Company:
Cinematronics
Integrity Level:
MEDIUM
Description:
3D Pinball
Exit code:
0
Version:
5.1.2600.5512 (xpsp.080413-2105)
Modules
Images
c:\program files\microsoft games\pinball\pinball.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shell32.dll
Total events
1 567
Read events
1 555
Write events
12
Delete events
0

Modification events

(PID) Process:(128) Space-Cadet-3D-Pinball_Win_EN (1).exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings
Operation:writeName:ProxyEnable
Value:
0
(PID) Process:(128) Space-Cadet-3D-Pinball_Win_EN (1).exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections
Operation:writeName:SavedLegacySettings
Value:
460000005B010000090000000000000000000000000000000400000000000000C0E333BBEAB1D3010000000000000000000000000100000002000000C0A8016B000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000
(PID) Process:(128) Space-Cadet-3D-Pinball_Win_EN (1).exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:ProxyBypass
Value:
1
(PID) Process:(128) Space-Cadet-3D-Pinball_Win_EN (1).exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:IntranetName
Value:
1
(PID) Process:(128) Space-Cadet-3D-Pinball_Win_EN (1).exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:UNCAsIntranet
Value:
1
(PID) Process:(128) Space-Cadet-3D-Pinball_Win_EN (1).exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:AutoDetect
Value:
0
(PID) Process:(128) Space-Cadet-3D-Pinball_Win_EN (1).exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Cookies
Operation:writeName:CachePrefix
Value:
Cookie:
(PID) Process:(128) Space-Cadet-3D-Pinball_Win_EN (1).exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\History
Operation:writeName:CachePrefix
Value:
Visited:
Executable files
1
Suspicious files
66
Text files
2
Unknown types
0

Dropped files

PID
Process
Filename
Type
1608Space-Cadet-3D-Pinball_Win_EN (1).exeC:\Program Files\Microsoft Games\Pinball\PINBALL2.MIDbinary
MD5:3C07211C52F4C6F46FD28C41116F9740
SHA256:9F575C7E2B0AF4802B25281A29541455F5C03E810CC5016226F93746358C0169
1608Space-Cadet-3D-Pinball_Win_EN (1).exeC:\Program Files\Microsoft Games\Pinball\SOUND5.WAVwav
MD5:F287CD3E87EB2B04CB77B44220563862
SHA256:E0D2932BDF94581CCB0B5C38421755299DB01D0F594F59C5696C1F466AC86D06
1608Space-Cadet-3D-Pinball_Win_EN (1).exeC:\Program Files\Microsoft Games\Pinball\SOUND4.WAVbinary
MD5:72AFE9567FDACF01253F643C7F28155C
SHA256:83EF8FA7563A5EF1E2D138E7F4878CE0CAC0BF74E17251910C2237E355115DF0
1608Space-Cadet-3D-Pinball_Win_EN (1).exeC:\Program Files\Microsoft Games\Pinball\SOUND6.WAVbinary
MD5:C7E272838C96E946BB567E0A9B28D244
SHA256:75302E43A7C17AD28C2453921B205F3F5F33D51AB2C2D591B562B878AC77AE6B
1608Space-Cadet-3D-Pinball_Win_EN (1).exeC:\Program Files\Microsoft Games\Pinball\SOUND9.WAVwav
MD5:AD7C448E7BBBF279C433DE56B0BF6664
SHA256:2B48A5C3BA88B0AF5B8ABC2A833E2D36D63EE4CEAE893B396481884EED931AA1
1608Space-Cadet-3D-Pinball_Win_EN (1).exeC:\Program Files\Microsoft Games\Pinball\SOUND3.WAVbinary
MD5:14B38461342EEFC9C54BBC7F6D445156
SHA256:81832BC5B34359BC87173DC234CBB30EA23AA541814809AD16EB1BA9BD7335AF
1608Space-Cadet-3D-Pinball_Win_EN (1).exeC:\Program Files\Microsoft Games\Pinball\SOUND18.WAVwav
MD5:400442C6289E5F757FC6444F49DC728A
SHA256:12C46563839B43EA562D7ED581B0EE20E8069F3109435EF33A72E24F429E6336
1608Space-Cadet-3D-Pinball_Win_EN (1).exeC:\Program Files\Microsoft Games\Pinball\SOUND21.WAVbinary
MD5:052A743AEC1B7BEAF7159B8F2A8A368F
SHA256:2029FDFF1153308E251D9C12C4EED3904147E3940FD01549814CD9672B849C42
1608Space-Cadet-3D-Pinball_Win_EN (1).exeC:\Program Files\Microsoft Games\Pinball\SOUND19.WAVbinary
MD5:C2AEDAF860EC7AFC8701473E1E399A71
SHA256:297892C4FC6A854675E2243863A7B3F9BE9B7BA17CFDF6932DEEB6E5A9B78977
1608Space-Cadet-3D-Pinball_Win_EN (1).exeC:\Program Files\Microsoft Games\Pinball\SOUND16.WAVwav
MD5:E41791BBCD5B895ECD909E45E718D3CD
SHA256:4552EADA8E87C3C6DC448F61749AB10E218D786ADDF62D3ABC6DF982BDB4B17E
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
0
TCP/UDP connections
4
DNS requests
0
Threats
0

HTTP requests

No HTTP requests
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
4
System
192.168.100.255:137
whitelisted
4
System
192.168.100.255:138
whitelisted
1080
svchost.exe
224.0.0.252:5355
unknown

DNS requests

No data

Threats

No threats detected
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2025 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
Space-Cadet-3D-Pinball_Win_EN (1).exe