| File name: | Tone2_KeyGen.exe |
| Full analysis: | https://app.any.run/tasks/dfcfd0da-b032-48a7-8e40-633938ef3fdc |
| Verdict: | Malicious activity |
| Analysis date: | February 05, 2024, 18:39:40 |
| OS: | Windows 7 Professional Service Pack 1 (build: 7601, 32 bit) |
| Indicators: | |
| MIME: | application/x-dosexec |
| File info: | PE32 executable (GUI) Intel 80386, for MS Windows, Nullsoft Installer self-extracting archive |
| MD5: | A78F0A9A0043E1F2BFEB4AC001B3BE5D |
| SHA1: | 417A7D8CFF2BE2BE3B9E50404E8BFE920D11AD5C |
| SHA256: | 437374299E24A240B57F6F9512CA0574A7EB30D8EC70B361805CD0260EF39288 |
| SSDEEP: | 12288:hJ8m3s9g9kCUWVVVVVVVVv10kSZGUNARG/r39b4FOkKDsHU5plxqyPfuk38uzj:hJ8m3sUkCh0kSMgt4FrKDsHU3lTuRgj |
MALICIOUS
Drops the executable file immediately after the start
- Tone2_KeyGen.exe (PID: 2204)
SUSPICIOUS
Executable content was dropped or overwritten
- Tone2_KeyGen.exe (PID: 2204)
INFO
Checks supported languages
- Tone2_KeyGen.exe (PID: 2204)
- keygen.exe (PID: 3472)
Reads the computer name
- keygen.exe (PID: 3472)
- Tone2_KeyGen.exe (PID: 2204)
Create files in a temporary directory
- keygen.exe (PID: 3472)
- Tone2_KeyGen.exe (PID: 2204)
Reads the machine GUID from the registry
- keygen.exe (PID: 3472)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
TRiD
| .exe | | | Win32 Executable MS Visual C++ (generic) (67.4) |
|---|---|---|
| .dll | | | Win32 Dynamic Link Library (generic) (14.2) |
| .exe | | | Win32 Executable (generic) (9.7) |
| .exe | | | Generic Win/DOS Executable (4.3) |
| .exe | | | DOS Executable Generic (4.3) |
EXIF
EXE
| MachineType: | Intel 386 or later, and compatibles |
|---|---|
| TimeStamp: | 2021:09:25 23:56:47+02:00 |
| ImageFileCharacteristics: | No relocs, Executable, No line numbers, No symbols, 32-bit |
| PEType: | PE32 |
| LinkerVersion: | 6 |
| CodeSize: | 26624 |
| InitializedDataSize: | 141824 |
| UninitializedDataSize: | 2048 |
| EntryPoint: | 0x3640 |
| OSVersion: | 4 |
| ImageVersion: | 6 |
| SubsystemVersion: | 4 |
| Subsystem: | Windows GUI |
Total processes
44
Monitored processes
3
Malicious processes
1
Suspicious processes
0
Behavior graph
Click at the process to see the details
Process information
PID | CMD | Path | Indicators | Parent process | |||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| 1380 | "C:\Users\admin\AppData\Local\Temp\Tone2_KeyGen.exe" | C:\Users\admin\AppData\Local\Temp\Tone2_KeyGen.exe | — | explorer.exe | |||||||||||
User: admin Integrity Level: MEDIUM Exit code: 3221226540 Modules
| |||||||||||||||
| 2204 | "C:\Users\admin\AppData\Local\Temp\Tone2_KeyGen.exe" | C:\Users\admin\AppData\Local\Temp\Tone2_KeyGen.exe | explorer.exe | ||||||||||||
User: admin Integrity Level: HIGH Exit code: 0 Modules
| |||||||||||||||
| 3472 | C:\Users\admin\AppData\Local\Temp\keygen.exe | C:\Users\admin\AppData\Local\Temp\keygen.exe | — | Tone2_KeyGen.exe | |||||||||||
User: admin Integrity Level: HIGH Exit code: 0 Modules
| |||||||||||||||
Total events
804
Read events
804
Write events
0
Delete events
0
Modification events
Executable files
3
Suspicious files
5
Text files
2
Unknown types
0
Dropped files
PID | Process | Filename | Type | |
|---|---|---|---|---|
| 2204 | Tone2_KeyGen.exe | C:\Users\admin\AppData\Local\Temp\BASSMOD.dll | executable | |
MD5:E4EC57E8508C5C4040383EBE6D367928 | SHA256:8AD9E47693E292F381DA42DDC13724A3063040E51C26F4CA8E1F8E2F1DDD547F | |||
| 2204 | Tone2_KeyGen.exe | C:\Users\admin\AppData\Local\Temp\bgm.xm | binary | |
MD5:2DC3EC3F50214A13388932155BAF3724 | SHA256:98C69E7F59231970DCB7858791AB5E229BB310AC7E196DDFC3203B46F2D043B6 | |||
| 2204 | Tone2_KeyGen.exe | C:\Users\admin\AppData\Local\Temp\keygen.exe | executable | |
MD5:0EA0EAC6C95AE6779C9E5B3C21365B86 | SHA256:7F96D5C49352254CA4A97FA3FFB72943793A74ADECC22724BE4CE41399D4AE0D | |||
| 3472 | keygen.exe | C:\Users\admin\Desktop\warmverb.t2k | text | |
MD5:C08D219DF6216BCC32A4662BA269A4FA | SHA256:81AA5E5D862CBF0A88CEEE138137F8A3B7CC51865099D32F1455720A267D60DF | |||
| 3472 | keygen.exe | C:\Users\admin\Desktop\Gladiator2.t2k | text | |
MD5:2A36EA067B2F29C7A0886CB1329E7AAF | SHA256:3E0A5F596416F771E293C1845E80BF0D2FAFCCDE77D64217F9A00EB2A2137DCE | |||
| 2204 | Tone2_KeyGen.exe | C:\Users\admin\AppData\Local\Temp\R2RGLD2KG.dll | executable | |
MD5:0CCAA3E3DF10A44A1DA8479A9B20CA17 | SHA256:984C9E728E9E95CCAA1CBEB6E006A02827DEDC1BFFE5D3526BA6E8A66A91AC31 | |||
| 3472 | keygen.exe | C:\Users\admin\Desktop\akustix.t2k | binary | |
MD5:EEDAAC4543FA5928EFA1E5C51D9050FC | SHA256:9CA8F471238BF69EAC367919D1B35D65FD2715D8C436BA0C3107D6D5E88E9334 | |||
| 3472 | keygen.exe | C:\Users\admin\Desktop\Electra2.t2k | binary | |
MD5:318B520CD886983E30A0687A7DC90CDF | SHA256:99767F1FAF7B02A44363B88C8499A3C2F5830877A7EDE9B44C1F6FF02BC2D884 | |||
| 2204 | Tone2_KeyGen.exe | C:\Users\admin\AppData\Local\Temp\nsl3A7E.tmp | binary | |
MD5:7A0609CFAEA89F8972F42216A82586BC | SHA256:8EA292FE542819100A1910532B830028D93A5A4E687F09ADB33C57620A2E8C9C | |||
| 3472 | keygen.exe | C:\Users\admin\AppData\Local\Temp\~DFB10440AE20147668.TMP | binary | |
MD5:D9C7001CD478E1303C1547F37F331C32 | SHA256:B7885AD9DDA8B3730FDA5B1343EF83FAA3A7587020C6E6CF241B4668B23EE0F3 | |||
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
0
TCP/UDP connections
4
DNS requests
0
Threats
0
HTTP requests
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
Connections
PID | Process | IP | Domain | ASN | CN | Reputation |
|---|---|---|---|---|---|---|
4 | System | 192.168.100.255:138 | — | — | — | whitelisted |
4 | System | 192.168.100.255:137 | — | — | — | whitelisted |
1080 | svchost.exe | 224.0.0.252:5355 | — | — | — | unknown |