File name:

audacity-win-3.4.2-64bit.exe

Full analysis: https://app.any.run/tasks/75670833-d02e-49c0-a8a2-a4406ab4006f
Verdict: Malicious activity
Analysis date: March 22, 2024, 13:52:48
OS: Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Indicators:
MIME: application/x-dosexec
File info: PE32 executable (GUI) Intel 80386, for MS Windows
MD5:

DDA7CCE108C6076089C3E025D2E64BF2

SHA1:

4307BA2BA0CB46A737AE8A8C83425CDC9B55E56E

SHA256:

D7BD5AE775DB9E42DA6058DA4A65A8F898A46CE467D9F21585084566213C36BF

SSDEEP:

98304:Y+cD4dnaT4ReD14eFCZyZQeWagHynK0H1J3dlBnuxVCRq0xfGGfq1J3NXWBEjoXD:WAQAfgM0Re+RGoZ+RKKqdC++A9uE5z

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Drops the executable file immediately after the start

      • audacity-win-3.4.2-64bit.exe (PID: 1692)
      • audacity-win-3.4.2-64bit.exe (PID: 1496)
      • audacity-win-3.4.2-64bit.tmp (PID: 2064)

  • SUSPICIOUS

    • Executable content was dropped or overwritten

      • audacity-win-3.4.2-64bit.exe (PID: 1692)
      • audacity-win-3.4.2-64bit.exe (PID: 1496)
      • audacity-win-3.4.2-64bit.tmp (PID: 2064)

    • Reads the Windows owner or organization settings

      • audacity-win-3.4.2-64bit.tmp (PID: 2064)

    • Process drops legitimate windows executable

      • audacity-win-3.4.2-64bit.tmp (PID: 2064)

    • The process drops C-runtime libraries

      • audacity-win-3.4.2-64bit.tmp (PID: 2064)

    • Non-standard symbols in registry

      • audacity-win-3.4.2-64bit.tmp (PID: 2064)

  • INFO

    • Checks supported languages

      • audacity-win-3.4.2-64bit.tmp (PID: 2860)
      • audacity-win-3.4.2-64bit.exe (PID: 1692)
      • audacity-win-3.4.2-64bit.exe (PID: 1496)
      • audacity-win-3.4.2-64bit.tmp (PID: 2064)

    • Create files in a temporary directory

      • audacity-win-3.4.2-64bit.exe (PID: 1692)
      • audacity-win-3.4.2-64bit.exe (PID: 1496)

    • Reads the computer name

      • audacity-win-3.4.2-64bit.tmp (PID: 2860)
      • audacity-win-3.4.2-64bit.tmp (PID: 2064)

    • Creates files in the program directory

      • audacity-win-3.4.2-64bit.tmp (PID: 2064)

    • Creates a software uninstall entry

      • audacity-win-3.4.2-64bit.tmp (PID: 2064)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.exe | Inno Setup installer (67.7)
.exe | Win32 EXE PECompact compressed (generic) (25.6)
.exe | Win32 Executable (generic) (2.7)
.exe | Win16/32 Executable Delphi generic (1.2)
.exe | Generic Win/DOS Executable (1.2)

EXIF

EXE

MachineType: Intel 386 or later, and compatibles
TimeStamp: 2023:02:15 14:54:16+00:00
ImageFileCharacteristics: No relocs, Executable, No line numbers, No symbols, Bytes reversed lo, 32-bit, Bytes reversed hi
PEType: PE32
LinkerVersion: 2.25
CodeSize: 741888
InitializedDataSize: 213504
UninitializedDataSize: -
EntryPoint: 0xb5eec
OSVersion: 6.1
ImageVersion: 6
SubsystemVersion: 6.1
Subsystem: Windows GUI
FileVersionNumber: 3.4.2.0
ProductVersionNumber: 3.4.2.0
FileFlagsMask: 0x003f
FileFlags: (none)
FileOS: Win32
ObjectFileType: Executable application
FileSubtype: -
LanguageCode: Neutral
CharacterSet: Unicode
Comments: This installation was built with Inno Setup.
CompanyName: Audacity Team
FileDescription: Audacity 3.4.2 Setup
FileVersion: 3.4.2.0
LegalCopyright: Copyright © 2018. All rights reserved.
OriginalFileName:
ProductName: Audacity
ProductVersion: 3,4,2,0
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
44
Monitored processes
4
Malicious processes
4
Suspicious processes
0

Behavior graph

Click at the process to see the details
start audacity-win-3.4.2-64bit.exe audacity-win-3.4.2-64bit.tmp no specs audacity-win-3.4.2-64bit.exe audacity-win-3.4.2-64bit.tmp

Process information

PID
CMD
Path
Indicators
Parent process
1496"C:\Users\admin\Desktop\audacity-win-3.4.2-64bit.exe" /SPAWNWND=$F0130 /NOTIFYWND=$D0214 C:\Users\admin\Desktop\audacity-win-3.4.2-64bit.exe
audacity-win-3.4.2-64bit.tmp
User:
admin
Company:
Audacity Team
Integrity Level:
HIGH
Description:
Audacity 3.4.2 Setup
Exit code:
0
Version:
3.4.2.0
Modules
Images
c:\users\admin\desktop\audacity-win-3.4.2-64bit.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\comctl32.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\gdi32.dll
1692"C:\Users\admin\Desktop\audacity-win-3.4.2-64bit.exe" C:\Users\admin\Desktop\audacity-win-3.4.2-64bit.exe
explorer.exe
User:
admin
Company:
Audacity Team
Integrity Level:
MEDIUM
Description:
Audacity 3.4.2 Setup
Exit code:
0
Version:
3.4.2.0
Modules
Images
c:\users\admin\desktop\audacity-win-3.4.2-64bit.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\comctl32.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\gdi32.dll
2064"C:\Users\admin\AppData\Local\Temp\is-TQF7K.tmp\audacity-win-3.4.2-64bit.tmp" /SL5="$1201B4,14705999,956416,C:\Users\admin\Desktop\audacity-win-3.4.2-64bit.exe" /SPAWNWND=$F0130 /NOTIFYWND=$D0214 C:\Users\admin\AppData\Local\Temp\is-TQF7K.tmp\audacity-win-3.4.2-64bit.tmp
audacity-win-3.4.2-64bit.exe
User:
admin
Company:
Audacity Team
Integrity Level:
HIGH
Description:
Setup/Uninstall
Exit code:
0
Version:
51.1052.0.0
Modules
Images
c:\users\admin\appdata\local\temp\is-tqf7k.tmp\audacity-win-3.4.2-64bit.tmp
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\mpr.dll
c:\windows\system32\comdlg32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
2860"C:\Users\admin\AppData\Local\Temp\is-HF0UK.tmp\audacity-win-3.4.2-64bit.tmp" /SL5="$D0214,14705999,956416,C:\Users\admin\Desktop\audacity-win-3.4.2-64bit.exe" C:\Users\admin\AppData\Local\Temp\is-HF0UK.tmp\audacity-win-3.4.2-64bit.tmpaudacity-win-3.4.2-64bit.exe
User:
admin
Company:
Audacity Team
Integrity Level:
MEDIUM
Description:
Setup/Uninstall
Exit code:
0
Version:
51.1052.0.0
Modules
Images
c:\users\admin\appdata\local\temp\is-hf0uk.tmp\audacity-win-3.4.2-64bit.tmp
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\mpr.dll
c:\windows\system32\comdlg32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
Total events
1 626
Read events
1 589
Write events
31
Delete events
6

Modification events

(PID) Process:(2064) audacity-win-3.4.2-64bit.tmpKey:HKEY_CURRENT_USER\Software\Microsoft\RestartManager\Session0000
Operation:writeName:Owner
Value:
100800003C4B9C41607CDA01
(PID) Process:(2064) audacity-win-3.4.2-64bit.tmpKey:HKEY_CURRENT_USER\Software\Microsoft\RestartManager\Session0000
Operation:writeName:SessionHash
Value:
FE5779CDC18AB555F6E971BB2383104EF51CC3539D60BF72CB157DADA3C16496
(PID) Process:(2064) audacity-win-3.4.2-64bit.tmpKey:HKEY_CURRENT_USER\Software\Microsoft\RestartManager\Session0000
Operation:writeName:Sequence
Value:
1
(PID) Process:(2064) audacity-win-3.4.2-64bit.tmpKey:HKEY_CURRENT_USER\Software\Microsoft\RestartManager\Session0000
Operation:writeName:RegFiles0000
Value:
C:\Program Files\Audacity\Audacity.exe
(PID) Process:(2064) audacity-win-3.4.2-64bit.tmpKey:HKEY_CURRENT_USER\Software\Microsoft\RestartManager\Session0000
Operation:writeName:RegFilesHash
Value:
EE708FBF7D41827B1105580C2A516E7BE0B4FC06160AE2680B4F5FD1414BBFE1
(PID) Process:(2064) audacity-win-3.4.2-64bit.tmpKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Audacity_is1
Operation:writeName:Inno Setup: Setup Version
Value:
6.2.2
(PID) Process:(2064) audacity-win-3.4.2-64bit.tmpKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Audacity_is1
Operation:writeName:Inno Setup: App Path
Value:
C:\Program Files\Audacity
(PID) Process:(2064) audacity-win-3.4.2-64bit.tmpKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Audacity_is1
Operation:writeName:InstallLocation
Value:
C:\Program Files\Audacity\
(PID) Process:(2064) audacity-win-3.4.2-64bit.tmpKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Audacity_is1
Operation:writeName:Inno Setup: Icon Group
Value:
(Default)
(PID) Process:(2064) audacity-win-3.4.2-64bit.tmpKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Audacity_is1
Operation:writeName:Inno Setup: User
Value:
admin
Executable files
232
Suspicious files
127
Text files
128
Unknown types
19

Dropped files

PID
Process
Filename
Type
2064audacity-win-3.4.2-64bit.tmpC:\Program Files\Audacity\is-TM26M.tmpexecutable
MD5:567D37BDF13006E0618FD5779055AC11
SHA256:0A655168D6BF8FF68D537E8B2D4DC9C154BE6D74357DA33E02F161C6FF269956
2064audacity-win-3.4.2-64bit.tmpC:\Program Files\Audacity\FirstTime.initext
MD5:95E15C085988C0B3A0435448B51E2198
SHA256:29E4D55E0C05BE59BCBC7606A5BDFB3DFA54DB83624323A72ABEC6800B8DB97D
2064audacity-win-3.4.2-64bit.tmpC:\Program Files\Audacity\is-46NDA.tmptext
MD5:95E15C085988C0B3A0435448B51E2198
SHA256:29E4D55E0C05BE59BCBC7606A5BDFB3DFA54DB83624323A72ABEC6800B8DB97D
2064audacity-win-3.4.2-64bit.tmpC:\Program Files\Audacity\is-CKEA1.tmptext
MD5:AF89B6DEF149203612F56EF0F3B6F5A1
SHA256:F6D3C12A6845004F3B8CD53A3CB09DF58F30CC920AFA98C380AA6FBD71B9A4DC
2064audacity-win-3.4.2-64bit.tmpC:\Program Files\Audacity\LICENSE.txttext
MD5:AF89B6DEF149203612F56EF0F3B6F5A1
SHA256:F6D3C12A6845004F3B8CD53A3CB09DF58F30CC920AFA98C380AA6FBD71B9A4DC
2064audacity-win-3.4.2-64bit.tmpC:\Program Files\Audacity\Audacity.exeexecutable
MD5:5E021C4DEB4F1481610C60ECEA0CCE07
SHA256:3A6149735BDA9300862E16241E48177AE695FA1FEB87E0DE4CE30F5B88A3C0A3
1496audacity-win-3.4.2-64bit.exeC:\Users\admin\AppData\Local\Temp\is-TQF7K.tmp\audacity-win-3.4.2-64bit.tmpexecutable
MD5:0EC2F9743E205F176351957D3CD2958C
SHA256:7611759F31404A0BAD9A5D50D40E3F26DED4425DE716EA86BBA3D45CCB66C0B3
2064audacity-win-3.4.2-64bit.tmpC:\Program Files\Audacity\is-ERPVS.tmpexecutable
MD5:5E021C4DEB4F1481610C60ECEA0CCE07
SHA256:3A6149735BDA9300862E16241E48177AE695FA1FEB87E0DE4CE30F5B88A3C0A3
1692audacity-win-3.4.2-64bit.exeC:\Users\admin\AppData\Local\Temp\is-HF0UK.tmp\audacity-win-3.4.2-64bit.tmpexecutable
MD5:0EC2F9743E205F176351957D3CD2958C
SHA256:7611759F31404A0BAD9A5D50D40E3F26DED4425DE716EA86BBA3D45CCB66C0B3
2064audacity-win-3.4.2-64bit.tmpC:\Program Files\Audacity\crashpad_handler.exeexecutable
MD5:86B619CD0E562E2458E284672378BBDB
SHA256:B2CFA5938D4F4CDCD7858B323DA1C418391CF84C68FC699655C9B6D14B54593C
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
0
TCP/UDP connections
4
DNS requests
0
Threats
0

HTTP requests

No HTTP requests
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
4
System
192.168.100.255:137
whitelisted
4
System
192.168.100.255:138
unknown
224.0.0.252:5355
unknown

DNS requests

No data

Threats

No threats detected
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2025 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
audacity-win-3.4.2-64bit.exe