File name:

RonyaSoft CD DVD Label Maker 3.02 Install.exe

Full analysis: https://app.any.run/tasks/cda63ddc-c574-472e-9c41-bcdbb8862cdd
Verdict: Malicious activity
Threats:

Metamorfo is a trojan malware family that has been active since 2018. It remains a top threat, focusing on stealing victims’ financial information, including banking credentials and other data. The malware is known for targeting users in Brazil.

Malware Trends Tracker     >>>
Analysis date: January 28, 2024, 17:12:20
OS: Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Tags:
metamorfo
Indicators:
MIME: application/x-dosexec
File info: PE32 executable (GUI) Intel 80386, for MS Windows, Nullsoft Installer self-extracting archive
MD5:

A124B965E75594EEE124A12C0603190B

SHA1:

64DB8DBBACADD14B20A5826B2A6D4583DDC7CA3E

SHA256:

ECC504565761E793D7E4DD76636975A6226B136FC9D6DC374F853BB9429F7E47

SSDEEP:

98304:HTl8t0dJesXlllIgehixLcZmuC/0Sn918fBCzOb7bzdBrw1fuPkQ/xDpxUwSLX/W:tQggN/1IhAlr6ifmPgECxTMFvOkN2cuv

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Drops the executable file immediately after the start

      • RonyaSoft CD DVD Label Maker 3.02 Install.exe (PID: 2736)

    • METAMORFO has been detected (YARA)

      • CDDVDLabelMaker.exe (PID: 2356)

  • SUSPICIOUS

    • Malware-specific behavior (creating "System.dll" in Temp)

      • RonyaSoft CD DVD Label Maker 3.02 Install.exe (PID: 2736)

    • The process creates files with name similar to system file names

      • RonyaSoft CD DVD Label Maker 3.02 Install.exe (PID: 2736)

    • Executable content was dropped or overwritten

      • RonyaSoft CD DVD Label Maker 3.02 Install.exe (PID: 2736)

    • Reads the Internet Settings

      • RonyaSoft CD DVD Label Maker 3.02 Install.exe (PID: 2736)

  • INFO

    • Checks supported languages

      • RonyaSoft CD DVD Label Maker 3.02 Install.exe (PID: 2736)
      • CDDVDLabelMaker.exe (PID: 2356)

    • Reads the computer name

      • RonyaSoft CD DVD Label Maker 3.02 Install.exe (PID: 2736)
      • CDDVDLabelMaker.exe (PID: 2356)

    • Create files in a temporary directory

      • RonyaSoft CD DVD Label Maker 3.02 Install.exe (PID: 2736)
      • CDDVDLabelMaker.exe (PID: 2356)

    • Creates files in the program directory

      • RonyaSoft CD DVD Label Maker 3.02 Install.exe (PID: 2736)

    • Reads Environment values

      • CDDVDLabelMaker.exe (PID: 2356)

    • Reads product name

      • CDDVDLabelMaker.exe (PID: 2356)

    • Reads the machine GUID from the registry

      • CDDVDLabelMaker.exe (PID: 2356)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.exe | NSIS - Nullsoft Scriptable Install System (94.8)
.exe | Win32 Executable MS Visual C++ (generic) (3.4)
.dll | Win32 Dynamic Link Library (generic) (0.7)
.exe | Win32 Executable (generic) (0.5)
.exe | Generic Win/DOS Executable (0.2)

EXIF

EXE

MachineType: Intel 386 or later, and compatibles
TimeStamp: 2009:12:05 23:50:41+01:00
ImageFileCharacteristics: No relocs, Executable, No line numbers, No symbols, 32-bit
PEType: PE32
LinkerVersion: 6
CodeSize: 23040
InitializedDataSize: 119808
UninitializedDataSize: 1024
EntryPoint: 0x30cb
OSVersion: 4
ImageVersion: 6
SubsystemVersion: 4
Subsystem: Windows GUI
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
45
Monitored processes
3
Malicious processes
2
Suspicious processes
0

Behavior graph

Click at the process to see the details
start ronyasoft cd dvd label maker 3.02 install.exe #METAMORFO cddvdlabelmaker.exe ronyasoft cd dvd label maker 3.02 install.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
2356"C:\Program Files\RonyaSoft\CD DVD Label Maker\CDDVDLabelMaker.exe"C:\Program Files\RonyaSoft\CD DVD Label Maker\CDDVDLabelMaker.exe
RonyaSoft CD DVD Label Maker 3.02 Install.exe
User:
admin
Company:
RonyaSoft
Integrity Level:
HIGH
Description:
RonyaSoft CD DVD Label Maker
Exit code:
0
Version:
3.2.20.1
Modules
Images
c:\program files\ronyasoft\cd dvd label maker\cddvdlabelmaker.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\ole32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
2628"C:\Users\admin\AppData\Local\Temp\RonyaSoft CD DVD Label Maker 3.02 Install.exe" C:\Users\admin\AppData\Local\Temp\RonyaSoft CD DVD Label Maker 3.02 Install.exeexplorer.exe
User:
admin
Integrity Level:
MEDIUM
Exit code:
3221226540
Modules
Images
c:\users\admin\appdata\local\temp\ronyasoft cd dvd label maker 3.02 install.exe
c:\windows\system32\ntdll.dll
2736"C:\Users\admin\AppData\Local\Temp\RonyaSoft CD DVD Label Maker 3.02 Install.exe" C:\Users\admin\AppData\Local\Temp\RonyaSoft CD DVD Label Maker 3.02 Install.exe
explorer.exe
User:
admin
Integrity Level:
HIGH
Exit code:
0
Modules
Images
c:\users\admin\appdata\local\temp\ronyasoft cd dvd label maker 3.02 install.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shell32.dll
Total events
1 104
Read events
1 103
Write events
0
Delete events
1

Modification events

(PID) Process:(2356) CDDVDLabelMaker.exeKey:HKEY_CURRENT_USER\Software\Microsoft\MediaPlayer\Health\{2A09C7F3-B8BC-45AF-B610-B212E697150A}
Operation:delete keyName:(default)
Value:
Executable files
860
Suspicious files
3 169
Text files
144
Unknown types
0

Dropped files

PID
Process
Filename
Type
2736RonyaSoft CD DVD Label Maker 3.02 Install.exeC:\Users\admin\AppData\Local\Temp\nsmA529.tmp\LangDLL.dllexecutable
MD5:9384F4007C492D4FA040924F31C00166
SHA256:60A964095AF1BE79F6A99B22212FEFE2D16F5A0AFD7E707D14394E4143E3F4F5
2736RonyaSoft CD DVD Label Maker 3.02 Install.exeC:\Users\admin\AppData\Local\Temp\nsmA529.tmp\nsDialogs.dllexecutable
MD5:C10E04DD4AD4277D5ADC951BB331C777
SHA256:E31AD6C6E82E603378CB6B80E67D0E0DCD9CF384E1199AC5A65CB4935680021A
2736RonyaSoft CD DVD Label Maker 3.02 Install.exeC:\Users\Public\Documents\RonyaSoft\CD DVD Label Maker\Templates\Full Face Label (with bleeds).rdlbinary
MD5:C73B63E51CA075DFAC7A1A71DAA9D8E7
SHA256:70C1A54BF8F19C3CA1190E9DF5A4BF54243E01F9B1F437FBD93C9E2C171544B4
2736RonyaSoft CD DVD Label Maker 3.02 Install.exeC:\Users\Public\Documents\RonyaSoft\CD DVD Label Maker\Templates\Paper Sleeve.rdlbinary
MD5:E23C98EF0896BB40C4983A91BDFFB3C3
SHA256:44DA3F0204A0C23036228D35D4030C3ACD6B7A475DB2813D7196204E4D955EE9
2736RonyaSoft CD DVD Label Maker 3.02 Install.exeC:\Users\Public\Documents\RonyaSoft\CD DVD Label Maker\Templates\Full Face Label (without bleeds).rdlbinary
MD5:D6403B52A2439925E5F8320EBE373913
SHA256:FB442FE972881570FEF9A3FA864255206BBA2615A7FE1EDA64B51B2B0219F5F9
2736RonyaSoft CD DVD Label Maker 3.02 Install.exeC:\Users\admin\AppData\Local\Temp\nsmA529.tmp\System.dllexecutable
MD5:C17103AE9072A06DA581DEC998343FC1
SHA256:DC58D8AD81CACB0C1ED72E33BFF8F23EA40B5252B5BB55D393A0903E6819AE2F
2736RonyaSoft CD DVD Label Maker 3.02 Install.exeC:\Users\Public\Documents\RonyaSoft\CD DVD Label Maker\Templates\CD Front Double Insert.rdlbinary
MD5:8B047B027DAD67D021836F92E40BF2CD
SHA256:5E7A8311723A059F522A42AE21491CC9BEB23A58561FBF82087EE0665E90B908
2736RonyaSoft CD DVD Label Maker 3.02 Install.exeC:\Users\admin\AppData\Local\Temp\nsmA529.tmp\modern-wizard.bmpimage
MD5:9677343374C1A0735B61CA9919A7387A
SHA256:58C467E96D6544330E820E5F1358C4F41CB486EC4A41A7D96B45070B6A1B764D
2736RonyaSoft CD DVD Label Maker 3.02 Install.exeC:\Users\Public\Documents\RonyaSoft\CD DVD Label Maker\Templates\CD Front Insert.rdlbinary
MD5:74930F3A2DCC95396D23C5F60FC1BD1D
SHA256:4E3534F38A4A04465531D355BAFC9B396DAA0BF89723D721FD6AA6F182C4A554
2736RonyaSoft CD DVD Label Maker 3.02 Install.exeC:\Users\Public\Documents\RonyaSoft\CD DVD Label Maker\Templates\Index.dattext
MD5:9EEA8B033BA13A8DF4CFB37A3B8C5766
SHA256:844BB1F466D127D38D2A3F12FE4E822E81348F98D6FEA01C65961035C5DE5399
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
0
TCP/UDP connections
4
DNS requests
0
Threats
0

HTTP requests

No HTTP requests
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
4
System
192.168.100.255:137
whitelisted
1080
svchost.exe
224.0.0.252:5355
unknown
4
System
192.168.100.255:138
whitelisted

DNS requests

No data

Threats

No threats detected
Process
Message
CDDVDLabelMaker.exe
[TMAIN; 0 (0)]: Dump(String): "[IssueCommand] Cmd: cmdInitializeSource, ID: 1, ThreadID: 1932, Addr: 00000000, EXEFileName: "", PDBFileName: """
CDDVDLabelMaker.exe
[TMAIN; 0 (0)]: Dump(String): " Symbols: 76660000, FileName: "C:\Windows\system32\kernel32.dll", FUsed: 0"
CDDVDLabelMaker.exe
[T3044; 0 (0)]: Dump(String): "[IssueCommand] Cmd: cmdInitializeDebugSymbols, ID: 2, ThreadID: 3044, Addr: 00000000, EXEFileName: "", PDBFileName: """
CDDVDLabelMaker.exe
[T3044; 0 (0)]: Dump(String): "[ProcessCmd] Cmd: cmdInitializeSource, ID: 1, ThreadID: 1932, Addr: 00000000, EXEFileName: "", PDBFileName: """
CDDVDLabelMaker.exe
[T3044; 0 (0)]: Dump(String): "[ProcessCmd] Cmd: cmdInitializeDebugSymbols, ID: 2, ThreadID: 3044, Addr: 00000000, EXEFileName: "", PDBFileName: """
CDDVDLabelMaker.exe
[T3044; 0 (0)]: Dump(String): " Symbols: 76660000, FileName: "C:\Windows\system32\kernel32.dll", FUsed: 1"
CDDVDLabelMaker.exe
[T3044; 0 (0)]: Dump(String): "[IssueCommand] Cmd: cmdCleanupDebugSymbols, ID: 3, ThreadID: 3044, Addr: 00000000, EXEFileName: "", PDBFileName: """
CDDVDLabelMaker.exe
[T3044; 0 (0)]: Dump(String): "[ProcessCmd] Cmd: cmdCleanupDebugSymbols, ID: 3, ThreadID: 3044, Addr: 00000000, EXEFileName: "", PDBFileName: """
CDDVDLabelMaker.exe
[T3044; 62 (0)]: Dump(String): "[ProcessCmd] Cmd: cmdInitializeSource, ID: 5, ThreadID: 1932, Addr: 00000000, EXEFileName: "", PDBFileName: """
CDDVDLabelMaker.exe
[T3044; 62 (0)]: Dump(String): "[ProcessCmd] Cmd: cmdCleanupDebugSymbols, ID: 7, ThreadID: 3044, Addr: 00000000, EXEFileName: "", PDBFileName: """
Interactive malware hunting service ANY.RUN
© 2017-2026 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
RonyaSoft CD DVD Label Maker 3.02 Install.exe