File name:

instspeedfan452.exe

Full analysis: https://app.any.run/tasks/2b7a931b-0316-4c72-803e-1a4423345016
Verdict: Malicious activity
Analysis date: November 21, 2023, 03:50:04
OS: Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Indicators:
MIME: application/x-dosexec
File info: PE32 executable (GUI) Intel 80386, for MS Windows, Nullsoft Installer self-extracting archive
MD5:

9B62520616B647979AD053DFFA80311C

SHA1:

BABEB8BDD47D51E5BB7F66B9197AA0A1B9F3A2AA

SHA256:

E2CCB3C0D23F0D04EE8057F5CE3861EEA952FB20694C1656C9805B1D4CD922FF

SSDEEP:

49152:pJAZvThICXI+X/w5zcnTdSljPWHb59XUmisH5VdEPF63gO8FsAA:pJAZvThIqXqzYTYLWnisP2PF63gxtA

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Creates a writable file in the system directory

      • instspeedfan452.exe (PID: 3472)

    • Drops the executable file immediately after the start

      • instspeedfan452.exe (PID: 3472)

  • SUSPICIOUS

    • Drops a system driver (possible attempt to evade defenses)

      • instspeedfan452.exe (PID: 3472)

  • INFO

    • Reads the computer name

      • instspeedfan452.exe (PID: 3472)

    • Checks supported languages

      • instspeedfan452.exe (PID: 3472)

    • Create files in a temporary directory

      • instspeedfan452.exe (PID: 3472)

    • Creates files in the program directory

      • instspeedfan452.exe (PID: 3472)

    • Creates files or folders in the user directory

      • instspeedfan452.exe (PID: 3472)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.exe | NSIS - Nullsoft Scriptable Install System (94.8)
.exe | Win32 Executable MS Visual C++ (generic) (3.4)
.dll | Win32 Dynamic Link Library (generic) (0.7)
.exe | Win32 Executable (generic) (0.5)
.exe | Generic Win/DOS Executable (0.2)

EXIF

EXE

MachineType: Intel 386 or later, and compatibles
TimeStamp: 2009:12:05 23:50:41+01:00
ImageFileCharacteristics: No relocs, Executable, No line numbers, No symbols, 32-bit
PEType: PE32
LinkerVersion: 6
CodeSize: 23040
InitializedDataSize: 120832
UninitializedDataSize: 1024
EntryPoint: 0x30cb
OSVersion: 4
ImageVersion: 6
SubsystemVersion: 4
Subsystem: Windows GUI
No data.
screenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
39
Monitored processes
2
Malicious processes
1
Suspicious processes
0

Behavior graph

Click at the process to see the details
start instspeedfan452.exe instspeedfan452.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
3460"C:\Users\admin\AppData\Local\Temp\instspeedfan452.exe" C:\Users\admin\AppData\Local\Temp\instspeedfan452.exeexplorer.exe
User:
admin
Integrity Level:
MEDIUM
Exit code:
3221226540
Modules
Images
c:\users\admin\appdata\local\temp\instspeedfan452.exe
c:\windows\system32\ntdll.dll
3472"C:\Users\admin\AppData\Local\Temp\instspeedfan452.exe" C:\Users\admin\AppData\Local\Temp\instspeedfan452.exe
explorer.exe
User:
admin
Integrity Level:
HIGH
Exit code:
0
Modules
Images
c:\users\admin\appdata\local\temp\instspeedfan452.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shell32.dll
Total events
718
Read events
718
Write events
0
Delete events
0

Modification events

No data
Executable files
6
Suspicious files
8
Text files
3
Unknown types
0

Dropped files

PID
Process
Filename
Type
3472instspeedfan452.exeC:\Program Files\SpeedFan\speedfan.chmbinary
MD5:DD66CFCC239E913FAAE6930411039F24
SHA256:0DCE2AEBEEA31AE843BB90E6BC1C744E3CF5267A032F930CC80B72E673CE8F0C
3472instspeedfan452.exeC:\Windows\system32\giveio.sysexecutable
MD5:77EBF3E9386DAA51551AF429052D88D0
SHA256:94C3294BB9E14B07448734AE65B37801D3FF15BEC987D182A929A017FEF7B276
3472instspeedfan452.exeC:\Program Files\SpeedFan\speedfan.exeexecutable
MD5:2EC7B1B5E9FDDBA22B4F426170E4C834
SHA256:4E9F8F2C3528BEC9BA78985D8473BCB3BE50E28C4C27363333FDA80DE9649F94
3472instspeedfan452.exeC:\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SpeedFan\Uninstall SpeedFan.lnkbinary
MD5:F3ABD7E65E7F930E2CB054F30BF74CD2
SHA256:5669BADD6169105FCA04C04737173A03C3E415A41363D35B2A8269100A2950BC
3472instspeedfan452.exeC:\Users\admin\AppData\Local\Temp\initdebug.nfotext
MD5:FD7E2F2A576F1C9CC3C1B1C80A11108D
SHA256:7D2AB952103F5EA104299C6A474C33A6617B260BB6D2ADE225410EB43E3FC4CA
3472instspeedfan452.exeC:\Windows\system32\initdebug.nfotext
MD5:EE0E1E996D17F5AFBD59A1E6A8D2AEB2
SHA256:1C18F678F8B5C4CB71FFF0A4F1EE1DEE3F7346638DDC8D1810263FDE7DE19259
3472instspeedfan452.exeC:\Program Files\SpeedFan\configs.zipcompressed
MD5:68BE3E4D029FE0A8257BC172EFC4BF16
SHA256:2463B8FB7B46A88A90821A4112717BBB366C02843A16887FAEEBB54852CFB80D
3472instspeedfan452.exeC:\Program Files\SpeedFan\sfextra.dllexecutable
MD5:DC096997EDFBDF22B160D3EA272711CD
SHA256:5C9A6055049361F3F691F075FF70B547B7CD4A72ECAFF81F4390D1E03C389511
3472instspeedfan452.exeC:\Users\admin\AppData\Local\Temp\sfextra.dllexecutable
MD5:DC096997EDFBDF22B160D3EA272711CD
SHA256:5C9A6055049361F3F691F075FF70B547B7CD4A72ECAFF81F4390D1E03C389511
3472instspeedfan452.exeC:\Program Files\SpeedFan\pciidsdata.csvbinary
MD5:A360FD38A30A93AE8CCED192DBA5D5A5
SHA256:1C1A334D486CF7591069D947282091545A4302C81935A7833FF909C5B3B75DDF
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
0
TCP/UDP connections
4
DNS requests
0
Threats
0

HTTP requests

No HTTP requests
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
4
System
192.168.100.255:137
whitelisted
1080
svchost.exe
224.0.0.252:5355
unknown
4
System
192.168.100.255:138
whitelisted
2588
svchost.exe
239.255.255.250:1900
whitelisted

DNS requests

No data

Threats

No threats detected
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2025 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
instspeedfan452.exe