File name:

Space-Cadet-3D-Pinball_Win_EN (1).exe

Full analysis: https://app.any.run/tasks/b36ea874-53ee-4795-a279-52b2b8316c8c
Verdict: Malicious activity
Analysis date: January 02, 2024, 20:25:38
OS: Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Indicators:
MIME: application/x-dosexec
File info: PE32 executable (GUI) Intel 80386, for MS Windows
MD5:

2670A7ECDAB26460F5217FFE43BA4279

SHA1:

ABA3DCEF1088FBC5D19D91D01DA5B034F1B0F08D

SHA256:

D479594426E1BEC7A2A628717E10DCC171D6A68BFBD8E323FCBE3A04A605FFDB

SSDEEP:

24576:qtz3DAsFGebJwXx8+FA5lOnf9DBVkjyQft1EsW3rnkZKIdIRBhEsc1IR9wsIFK8G:6D6Xy+FASf90jtt1EsW3j+VEBcbO3Qa

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    No malicious indicators.

  • SUSPICIOUS

    • Reads the Internet Settings

      • Space-Cadet-3D-Pinball_Win_EN (1).exe (PID: 128)

    • Reads Microsoft Outlook installation path

      • Space-Cadet-3D-Pinball_Win_EN (1).exe (PID: 128)

    • Reads Internet Explorer settings

      • Space-Cadet-3D-Pinball_Win_EN (1).exe (PID: 128)

  • INFO

    • Drops the executable file immediately after the start

      • Space-Cadet-3D-Pinball_Win_EN (1).exe (PID: 128)
      • Space-Cadet-3D-Pinball_Win_EN (1).exe (PID: 1608)

    • Reads the computer name

      • Space-Cadet-3D-Pinball_Win_EN (1).exe (PID: 128)
      • Space-Cadet-3D-Pinball_Win_EN (1).exe (PID: 1608)
      • pinball.exe (PID: 1824)

    • Checks supported languages

      • Space-Cadet-3D-Pinball_Win_EN (1).exe (PID: 128)
      • Space-Cadet-3D-Pinball_Win_EN (1).exe (PID: 1608)
      • pinball.exe (PID: 1824)

    • Checks proxy server information

      • Space-Cadet-3D-Pinball_Win_EN (1).exe (PID: 128)

    • Application launched itself

      • Space-Cadet-3D-Pinball_Win_EN (1).exe (PID: 128)

    • Reads the machine GUID from the registry

      • Space-Cadet-3D-Pinball_Win_EN (1).exe (PID: 128)

    • Creates files in the program directory

      • Space-Cadet-3D-Pinball_Win_EN (1).exe (PID: 1608)

    • Creates files or folders in the user directory

      • Space-Cadet-3D-Pinball_Win_EN (1).exe (PID: 1608)

    • Manual execution by a user

      • pinball.exe (PID: 1824)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.exe | Win32 Executable MS Visual C++ (generic) (42.2)
.exe | Win64 Executable (generic) (37.3)
.dll | Win32 Dynamic Link Library (generic) (8.8)
.exe | Win32 Executable (generic) (6)
.exe | Generic Win/DOS Executable (2.7)

EXIF

EXE

MachineType: Intel 386 or later, and compatibles
TimeStamp: 2010:03:15 07:27:58+01:00
ImageFileCharacteristics: No relocs, Executable, 32-bit
PEType: PE32
LinkerVersion: 9
CodeSize: 49152
InitializedDataSize: 129536
UninitializedDataSize: -
EntryPoint: 0x913f
OSVersion: 5
ImageVersion: -
SubsystemVersion: 4
Subsystem: Windows GUI
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
40
Monitored processes
3
Malicious processes
1
Suspicious processes
0

Behavior graph

Click at the process to see the details
start space-cadet-3d-pinball_win_en (1).exe no specs space-cadet-3d-pinball_win_en (1).exe pinball.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
128"C:\Users\admin\AppData\Local\Temp\Space-Cadet-3D-Pinball_Win_EN (1).exe" C:\Users\admin\AppData\Local\Temp\Space-Cadet-3D-Pinball_Win_EN (1).exeexplorer.exe
User:
admin
Integrity Level:
MEDIUM
Exit code:
0
Modules
Images
c:\users\admin\appdata\local\temp\space-cadet-3d-pinball_win_en (1).exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.24483_none_2b200f664577e14b\comctl32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
1608"C:\Users\admin\AppData\Local\Temp\Space-Cadet-3D-Pinball_Win_EN (1).exe" -el -s2 "-dC:\Program Files\Microsoft Games\Pinball" "-p" "-sp"C:\Users\admin\AppData\Local\Temp\Space-Cadet-3D-Pinball_Win_EN (1).exe
Space-Cadet-3D-Pinball_Win_EN (1).exe
User:
admin
Integrity Level:
HIGH
Exit code:
0
Modules
Images
c:\users\admin\appdata\local\temp\space-cadet-3d-pinball_win_en (1).exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.24483_none_2b200f664577e14b\comctl32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
1824"C:\Program Files\Microsoft Games\Pinball\pinball.exe" C:\Program Files\Microsoft Games\Pinball\pinball.exeexplorer.exe
User:
admin
Company:
Cinematronics
Integrity Level:
MEDIUM
Description:
3D Pinball
Exit code:
0
Version:
5.1.2600.5512 (xpsp.080413-2105)
Modules
Images
c:\program files\microsoft games\pinball\pinball.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shell32.dll
Total events
1 567
Read events
1 555
Write events
12
Delete events
0

Modification events

(PID) Process:(128) Space-Cadet-3D-Pinball_Win_EN (1).exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings
Operation:writeName:ProxyEnable
Value:
0
(PID) Process:(128) Space-Cadet-3D-Pinball_Win_EN (1).exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections
Operation:writeName:SavedLegacySettings
Value:
460000005B010000090000000000000000000000000000000400000000000000C0E333BBEAB1D3010000000000000000000000000100000002000000C0A8016B000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000
(PID) Process:(128) Space-Cadet-3D-Pinball_Win_EN (1).exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:ProxyBypass
Value:
1
(PID) Process:(128) Space-Cadet-3D-Pinball_Win_EN (1).exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:IntranetName
Value:
1
(PID) Process:(128) Space-Cadet-3D-Pinball_Win_EN (1).exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:UNCAsIntranet
Value:
1
(PID) Process:(128) Space-Cadet-3D-Pinball_Win_EN (1).exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:AutoDetect
Value:
0
(PID) Process:(128) Space-Cadet-3D-Pinball_Win_EN (1).exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Cookies
Operation:writeName:CachePrefix
Value:
Cookie:
(PID) Process:(128) Space-Cadet-3D-Pinball_Win_EN (1).exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\History
Operation:writeName:CachePrefix
Value:
Visited:
Executable files
1
Suspicious files
66
Text files
2
Unknown types
0

Dropped files

PID
Process
Filename
Type
1608Space-Cadet-3D-Pinball_Win_EN (1).exeC:\Program Files\Microsoft Games\Pinball\SOUND4.WAVbinary
MD5:72AFE9567FDACF01253F643C7F28155C
SHA256:83EF8FA7563A5EF1E2D138E7F4878CE0CAC0BF74E17251910C2237E355115DF0
1608Space-Cadet-3D-Pinball_Win_EN (1).exeC:\Program Files\Microsoft Games\Pinball\SOUND7.WAVbinary
MD5:0034D353BFDEFA03770C7596E9788393
SHA256:7A9ECEBE58055FE42C4AF7F9B3B319439F85C3CD745D1E245AD4DB19C0E34783
1608Space-Cadet-3D-Pinball_Win_EN (1).exeC:\Program Files\Microsoft Games\Pinball\SOUND5.WAVwav
MD5:F287CD3E87EB2B04CB77B44220563862
SHA256:E0D2932BDF94581CCB0B5C38421755299DB01D0F594F59C5696C1F466AC86D06
1608Space-Cadet-3D-Pinball_Win_EN (1).exeC:\Program Files\Microsoft Games\Pinball\SOUND12.WAVbinary
MD5:E5123C98593AA610E794CE852AECEFAF
SHA256:9902227BB6CEDEDE8636C99688391D1A0A77428193E3A12DD7FB12401A598D5A
1608Space-Cadet-3D-Pinball_Win_EN (1).exeC:\Program Files\Microsoft Games\Pinball\SOUND8.WAVbinary
MD5:D8D44E1E37BE2DAA7C45275D99D023E1
SHA256:1C457B41C4B5F7A35E6B539CAEC28520515B297EB1E23069173E7CDC5C0AE61C
1608Space-Cadet-3D-Pinball_Win_EN (1).exeC:\Program Files\Microsoft Games\Pinball\SOUND13.WAVbinary
MD5:F2DCA9CA1B4008676D8E6A6C205BE905
SHA256:0F537E4C5C1B5C48185C9C02CFA101DAFAD9111D20BFBFC3AD4BFEFE82978818
1608Space-Cadet-3D-Pinball_Win_EN (1).exeC:\Program Files\Microsoft Games\Pinball\SOUND14.WAVwav
MD5:6E16123605BE6EAD006DE652A7BFEE6B
SHA256:F6BD098350AD28571427AE7535DA76EC13DEF5A0D24CD33A4259FC93177861BF
1608Space-Cadet-3D-Pinball_Win_EN (1).exeC:\Program Files\Microsoft Games\Pinball\SOUND19.WAVbinary
MD5:C2AEDAF860EC7AFC8701473E1E399A71
SHA256:297892C4FC6A854675E2243863A7B3F9BE9B7BA17CFDF6932DEEB6E5A9B78977
1608Space-Cadet-3D-Pinball_Win_EN (1).exeC:\Program Files\Microsoft Games\Pinball\SOUND16.WAVwav
MD5:E41791BBCD5B895ECD909E45E718D3CD
SHA256:4552EADA8E87C3C6DC448F61749AB10E218D786ADDF62D3ABC6DF982BDB4B17E
1608Space-Cadet-3D-Pinball_Win_EN (1).exeC:\Program Files\Microsoft Games\Pinball\PINBALL2.MIDbinary
MD5:3C07211C52F4C6F46FD28C41116F9740
SHA256:9F575C7E2B0AF4802B25281A29541455F5C03E810CC5016226F93746358C0169
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
0
TCP/UDP connections
4
DNS requests
0
Threats
0

HTTP requests

No HTTP requests
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
4
System
192.168.100.255:137
whitelisted
4
System
192.168.100.255:138
whitelisted
1080
svchost.exe
224.0.0.252:5355
unknown

DNS requests

No data

Threats

No threats detected
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2026 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
Space-Cadet-3D-Pinball_Win_EN (1).exe