File name:

audacity-win-3.5.1-64bit.exe

Full analysis: https://app.any.run/tasks/b59c565d-3b9e-4c35-9179-9f869db7176c
Verdict: Malicious activity
Analysis date: May 16, 2024, 14:21:40
OS: Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Indicators:
MIME: application/x-dosexec
File info: PE32 executable (GUI) Intel 80386, for MS Windows
MD5:

65B8B69EFFE3A23DCEEA7497E9FC196D

SHA1:

8176CF59D1BA0564FA23501AD30C772234035081

SHA256:

E3D6691546CC57C27972FB3F233D626E3E4A362ECB00955D90C71B25EA0BC0C6

SSDEEP:

98304:D+cD4dnVTInv+mzKiIXyjZ6uAQPjF/yNWghZphTwTM/FENv0yrICsxo/XE4mYiPn:lqnwMh/MXF/I8VE0ywliurmUi7RjR/A+

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Drops the executable file immediately after the start

      • audacity-win-3.5.1-64bit.exe (PID: 3968)
      • audacity-win-3.5.1-64bit.exe (PID: 928)
      • audacity-win-3.5.1-64bit.tmp (PID: 1120)

  • SUSPICIOUS

    • Executable content was dropped or overwritten

      • audacity-win-3.5.1-64bit.exe (PID: 928)
      • audacity-win-3.5.1-64bit.exe (PID: 3968)
      • audacity-win-3.5.1-64bit.tmp (PID: 1120)

    • Reads the Windows owner or organization settings

      • audacity-win-3.5.1-64bit.tmp (PID: 1120)

    • Process drops legitimate windows executable

      • audacity-win-3.5.1-64bit.tmp (PID: 1120)

    • The process drops C-runtime libraries

      • audacity-win-3.5.1-64bit.tmp (PID: 1120)

  • INFO

    • Create files in a temporary directory

      • audacity-win-3.5.1-64bit.exe (PID: 3968)
      • audacity-win-3.5.1-64bit.exe (PID: 928)

    • Checks supported languages

      • audacity-win-3.5.1-64bit.exe (PID: 3968)
      • audacity-win-3.5.1-64bit.tmp (PID: 3984)
      • audacity-win-3.5.1-64bit.exe (PID: 928)
      • audacity-win-3.5.1-64bit.tmp (PID: 1120)

    • Reads the computer name

      • audacity-win-3.5.1-64bit.tmp (PID: 3984)
      • audacity-win-3.5.1-64bit.tmp (PID: 1120)

    • Creates files in the program directory

      • audacity-win-3.5.1-64bit.tmp (PID: 1120)

    • Creates a software uninstall entry

      • audacity-win-3.5.1-64bit.tmp (PID: 1120)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.exe | Inno Setup installer (67.7)
.exe | Win32 EXE PECompact compressed (generic) (25.6)
.exe | Win32 Executable (generic) (2.7)
.exe | Win16/32 Executable Delphi generic (1.2)
.exe | Generic Win/DOS Executable (1.2)

EXIF

EXE

MachineType: Intel 386 or later, and compatibles
TimeStamp: 2023:02:15 14:54:16+00:00
ImageFileCharacteristics: No relocs, Executable, No line numbers, No symbols, Bytes reversed lo, 32-bit, Bytes reversed hi
PEType: PE32
LinkerVersion: 2.25
CodeSize: 741888
InitializedDataSize: 213504
UninitializedDataSize: -
EntryPoint: 0xb5eec
OSVersion: 6.1
ImageVersion: 6
SubsystemVersion: 6.1
Subsystem: Windows GUI
FileVersionNumber: 3.5.1.0
ProductVersionNumber: 3.5.1.0
FileFlagsMask: 0x003f
FileFlags: (none)
FileOS: Win32
ObjectFileType: Executable application
FileSubtype: -
LanguageCode: Neutral
CharacterSet: Unicode
Comments: This installation was built with Inno Setup.
CompanyName: Audacity Team
FileDescription: Audacity 3.5.1 Setup
FileVersion: 3.5.1.0
LegalCopyright: Copyright © 2024. All rights reserved.
OriginalFileName:
ProductName: Audacity
ProductVersion: 3,5,1,0
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
39
Monitored processes
4
Malicious processes
4
Suspicious processes
0

Behavior graph

Click at the process to see the details
start audacity-win-3.5.1-64bit.exe audacity-win-3.5.1-64bit.tmp no specs audacity-win-3.5.1-64bit.exe audacity-win-3.5.1-64bit.tmp

Process information

PID
CMD
Path
Indicators
Parent process
928"C:\Users\admin\AppData\Local\Temp\audacity-win-3.5.1-64bit.exe" /SPAWNWND=$40130 /NOTIFYWND=$20138 C:\Users\admin\AppData\Local\Temp\audacity-win-3.5.1-64bit.exe
audacity-win-3.5.1-64bit.tmp
User:
admin
Company:
Audacity Team
Integrity Level:
HIGH
Description:
Audacity 3.5.1 Setup
Exit code:
0
Version:
3.5.1.0
Modules
Images
c:\users\admin\appdata\local\temp\audacity-win-3.5.1-64bit.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\comctl32.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\gdi32.dll
1120"C:\Users\admin\AppData\Local\Temp\is-J5D3T.tmp\audacity-win-3.5.1-64bit.tmp" /SL5="$3013A,14974996,956416,C:\Users\admin\AppData\Local\Temp\audacity-win-3.5.1-64bit.exe" /SPAWNWND=$40130 /NOTIFYWND=$20138 C:\Users\admin\AppData\Local\Temp\is-J5D3T.tmp\audacity-win-3.5.1-64bit.tmp
audacity-win-3.5.1-64bit.exe
User:
admin
Company:
Audacity Team
Integrity Level:
HIGH
Description:
Setup/Uninstall
Exit code:
0
Version:
51.1052.0.0
Modules
Images
c:\users\admin\appdata\local\temp\is-j5d3t.tmp\audacity-win-3.5.1-64bit.tmp
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\mpr.dll
c:\windows\system32\comdlg32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
3968"C:\Users\admin\AppData\Local\Temp\audacity-win-3.5.1-64bit.exe" C:\Users\admin\AppData\Local\Temp\audacity-win-3.5.1-64bit.exe
explorer.exe
User:
admin
Company:
Audacity Team
Integrity Level:
MEDIUM
Description:
Audacity 3.5.1 Setup
Exit code:
0
Version:
3.5.1.0
Modules
Images
c:\users\admin\appdata\local\temp\audacity-win-3.5.1-64bit.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\comctl32.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\gdi32.dll
3984"C:\Users\admin\AppData\Local\Temp\is-7JFRD.tmp\audacity-win-3.5.1-64bit.tmp" /SL5="$20138,14974996,956416,C:\Users\admin\AppData\Local\Temp\audacity-win-3.5.1-64bit.exe" C:\Users\admin\AppData\Local\Temp\is-7JFRD.tmp\audacity-win-3.5.1-64bit.tmpaudacity-win-3.5.1-64bit.exe
User:
admin
Company:
Audacity Team
Integrity Level:
MEDIUM
Description:
Setup/Uninstall
Exit code:
0
Version:
51.1052.0.0
Modules
Images
c:\users\admin\appdata\local\temp\is-7jfrd.tmp\audacity-win-3.5.1-64bit.tmp
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\mpr.dll
c:\windows\system32\comdlg32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
Total events
3 810
Read events
3 773
Write events
31
Delete events
6

Modification events

(PID) Process:(1120) audacity-win-3.5.1-64bit.tmpKey:HKEY_CURRENT_USER\Software\Microsoft\RestartManager\Session0000
Operation:writeName:Owner
Value:
60040000DAF8AF669CA7DA01
(PID) Process:(1120) audacity-win-3.5.1-64bit.tmpKey:HKEY_CURRENT_USER\Software\Microsoft\RestartManager\Session0000
Operation:writeName:SessionHash
Value:
723CC2BDB32A0363C77EC1228246E3A6E167CD883B159343B8AD50F1D1DE1EFE
(PID) Process:(1120) audacity-win-3.5.1-64bit.tmpKey:HKEY_CURRENT_USER\Software\Microsoft\RestartManager\Session0000
Operation:writeName:Sequence
Value:
1
(PID) Process:(1120) audacity-win-3.5.1-64bit.tmpKey:HKEY_CURRENT_USER\Software\Microsoft\RestartManager\Session0000
Operation:writeName:RegFiles0000
Value:
C:\Program Files\Audacity\Audacity.exe
(PID) Process:(1120) audacity-win-3.5.1-64bit.tmpKey:HKEY_CURRENT_USER\Software\Microsoft\RestartManager\Session0000
Operation:writeName:RegFilesHash
Value:
74E516529222EAE38159F515DBAE4127C0962F5D7708985323B966EBC139013D
(PID) Process:(1120) audacity-win-3.5.1-64bit.tmpKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Audacity_is1
Operation:writeName:Inno Setup: Setup Version
Value:
6.2.2
(PID) Process:(1120) audacity-win-3.5.1-64bit.tmpKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Audacity_is1
Operation:writeName:Inno Setup: App Path
Value:
C:\Program Files\Audacity
(PID) Process:(1120) audacity-win-3.5.1-64bit.tmpKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Audacity_is1
Operation:writeName:InstallLocation
Value:
C:\Program Files\Audacity\
(PID) Process:(1120) audacity-win-3.5.1-64bit.tmpKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Audacity_is1
Operation:writeName:Inno Setup: Icon Group
Value:
(Default)
(PID) Process:(1120) audacity-win-3.5.1-64bit.tmpKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Audacity_is1
Operation:writeName:Inno Setup: User
Value:
admin
Executable files
254
Suspicious files
25
Text files
122
Unknown types
123

Dropped files

PID
Process
Filename
Type
928audacity-win-3.5.1-64bit.exeC:\Users\admin\AppData\Local\Temp\is-J5D3T.tmp\audacity-win-3.5.1-64bit.tmpexecutable
MD5:85E061D92C59F771BCFD6A132C5D90B5
SHA256:50E61029FE28BAF61E08E7028B5BD4C5F16D0FD52B2C72BB1D259F3BFE1163A0
1120audacity-win-3.5.1-64bit.tmpC:\Program Files\Audacity\is-PG1RV.tmpexecutable
MD5:757DB4D37D824C61986B2EBD90D147BF
SHA256:E5906BBB4195D0276128B2A9BF150EB70843858289F7B68EE1868C44AA627AFB
1120audacity-win-3.5.1-64bit.tmpC:\Program Files\Audacity\is-DGO00.tmpexecutable
MD5:D4ACC23F4977C21F978C5DCDE46EF1F7
SHA256:E0B2ADBD386F0A97492776E47FADFF91C17658A3AAEE744389C7AC4C4382F8B2
1120audacity-win-3.5.1-64bit.tmpC:\Program Files\Audacity\crashpad_handler.exeexecutable
MD5:D4ACC23F4977C21F978C5DCDE46EF1F7
SHA256:E0B2ADBD386F0A97492776E47FADFF91C17658A3AAEE744389C7AC4C4382F8B2
1120audacity-win-3.5.1-64bit.tmpC:\Program Files\Audacity\LICENSE.txttext
MD5:AF89B6DEF149203612F56EF0F3B6F5A1
SHA256:F6D3C12A6845004F3B8CD53A3CB09DF58F30CC920AFA98C380AA6FBD71B9A4DC
3968audacity-win-3.5.1-64bit.exeC:\Users\admin\AppData\Local\Temp\is-7JFRD.tmp\audacity-win-3.5.1-64bit.tmpexecutable
MD5:85E061D92C59F771BCFD6A132C5D90B5
SHA256:50E61029FE28BAF61E08E7028B5BD4C5F16D0FD52B2C72BB1D259F3BFE1163A0
1120audacity-win-3.5.1-64bit.tmpC:\Program Files\Audacity\unins000.exeexecutable
MD5:85E061D92C59F771BCFD6A132C5D90B5
SHA256:50E61029FE28BAF61E08E7028B5BD4C5F16D0FD52B2C72BB1D259F3BFE1163A0
1120audacity-win-3.5.1-64bit.tmpC:\Program Files\Audacity\is-1M3FC.tmpexecutable
MD5:85E061D92C59F771BCFD6A132C5D90B5
SHA256:50E61029FE28BAF61E08E7028B5BD4C5F16D0FD52B2C72BB1D259F3BFE1163A0
1120audacity-win-3.5.1-64bit.tmpC:\Program Files\Audacity\is-B93RC.tmptext
MD5:95E15C085988C0B3A0435448B51E2198
SHA256:29E4D55E0C05BE59BCBC7606A5BDFB3DFA54DB83624323A72ABEC6800B8DB97D
1120audacity-win-3.5.1-64bit.tmpC:\Program Files\Audacity\is-HIDDG.tmpexecutable
MD5:914FB66ABC8B0F22C71A529FA9BEE6C6
SHA256:000D490852DD61EE0DC492C485E3DF23D00272B3AFC6A6D6930C55BAA090BA82
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
0
TCP/UDP connections
4
DNS requests
0
Threats
0

HTTP requests

No HTTP requests
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
4
System
192.168.100.255:137
whitelisted
224.0.0.252:5355
unknown
4
System
192.168.100.255:138
unknown

DNS requests

No data

Threats

No threats detected
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2025 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
audacity-win-3.5.1-64bit.exe