| File name: | XLN_KeyGen.exe |
| Full analysis: | https://app.any.run/tasks/fa85f5d0-95d3-404a-afc3-05c95b8f79a2 |
| Verdict: | Malicious activity |
| Analysis date: | May 17, 2024, 22:07:31 |
| OS: | Windows 7 Professional Service Pack 1 (build: 7601, 32 bit) |
| Indicators: | |
| MIME: | application/x-dosexec |
| File info: | PE32 executable (GUI) Intel 80386, for MS Windows, Nullsoft Installer self-extracting archive |
| MD5: | 7FA1D4F943E7E3896E78A79D3F465B89 |
| SHA1: | DCB63394EE41F59F7600ABB6394A61365014A46D |
| SHA256: | 9010ADA93277BC1A52D16FBDEB702DEE99340AAD03044946CF59BD6DEAC377DB |
| SSDEEP: | 49152:G03sUkCkLxtqc5iWWsY+LxkXNVNsNbop+5oJ4ZHDpAQmxsNZSD9Enu2JgxhDsfcD:G08Ufw2WZY/hsNUY5lZjpAQmmGyq/D8y |
MALICIOUS
Drops the executable file immediately after the start
- XLN_KeyGen.exe (PID: 4076)
SUSPICIOUS
Executable content was dropped or overwritten
- XLN_KeyGen.exe (PID: 4076)
INFO
Checks supported languages
- XLN_KeyGen.exe (PID: 4076)
- keygen.exe (PID: 1024)
Reads the computer name
- XLN_KeyGen.exe (PID: 4076)
- keygen.exe (PID: 1024)
Create files in a temporary directory
- XLN_KeyGen.exe (PID: 4076)
- keygen.exe (PID: 1024)
Reads the machine GUID from the registry
- keygen.exe (PID: 1024)
Creates files in the program directory
- keygen.exe (PID: 1024)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
TRiD
| .exe | | | Win32 Executable MS Visual C++ (generic) (67.4) |
|---|---|---|
| .dll | | | Win32 Dynamic Link Library (generic) (14.2) |
| .exe | | | Win32 Executable (generic) (9.7) |
| .exe | | | Generic Win/DOS Executable (4.3) |
| .exe | | | DOS Executable Generic (4.3) |
EXIF
EXE
| MachineType: | Intel 386 or later, and compatibles |
|---|---|
| TimeStamp: | 2018:01:30 03:57:38+00:00 |
| ImageFileCharacteristics: | No relocs, Executable, No line numbers, No symbols, 32-bit |
| PEType: | PE32 |
| LinkerVersion: | 6 |
| CodeSize: | 25088 |
| InitializedDataSize: | 118784 |
| UninitializedDataSize: | 1024 |
| EntryPoint: | 0x3328 |
| OSVersion: | 4 |
| ImageVersion: | 6 |
| SubsystemVersion: | 4 |
| Subsystem: | Windows GUI |
Total processes
39
Monitored processes
3
Malicious processes
1
Suspicious processes
0
Behavior graph
Click at the process to see the details
Process information
PID | CMD | Path | Indicators | Parent process | |||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| 1024 | C:\Users\admin\AppData\Local\Temp\keygen.exe | C:\Users\admin\AppData\Local\Temp\keygen.exe | — | XLN_KeyGen.exe | |||||||||||
User: admin Integrity Level: HIGH Exit code: 0 Modules
| |||||||||||||||
| 3972 | "C:\Users\admin\AppData\Local\Temp\XLN_KeyGen.exe" | C:\Users\admin\AppData\Local\Temp\XLN_KeyGen.exe | — | explorer.exe | |||||||||||
User: admin Integrity Level: MEDIUM Exit code: 3221226540 Modules
| |||||||||||||||
| 4076 | "C:\Users\admin\AppData\Local\Temp\XLN_KeyGen.exe" | C:\Users\admin\AppData\Local\Temp\XLN_KeyGen.exe | explorer.exe | ||||||||||||
User: admin Integrity Level: HIGH Exit code: 0 Modules
| |||||||||||||||
Total events
4 361
Read events
4 361
Write events
0
Delete events
0
Modification events
Executable files
3
Suspicious files
3
Text files
1
Unknown types
0
Dropped files
PID | Process | Filename | Type | |
|---|---|---|---|---|
| 4076 | XLN_KeyGen.exe | C:\Users\admin\AppData\Local\Temp\bgm.mod | binary | |
MD5:179949DB15DC96C6F242C1969A033543 | SHA256:7AA1E2789C5222A5CDD09125CB268A28569A482E7CED85B150B27E0C57AD1E9A | |||
| 4076 | XLN_KeyGen.exe | C:\Users\admin\AppData\Local\Temp\keygen.exe | executable | |
MD5:57E28A819899078172A062E2A45755DA | SHA256:6B26B0992EECC89E32084A9FDF1B15BC142BC8BE7B6E8F9CDD299AF460298C7D | |||
| 4076 | XLN_KeyGen.exe | C:\Users\admin\AppData\Local\Temp\R2RXLNKG.dll | executable | |
MD5:6E896F1D8F89D46A7BDCBF744EE38723 | SHA256:DF7486657D7575A488C00F3CC7F8E96DB6E08248CB8E111BF48A7329B083078A | |||
| 4076 | XLN_KeyGen.exe | C:\Users\admin\AppData\Local\Temp\BASSMOD.dll | executable | |
MD5:E4EC57E8508C5C4040383EBE6D367928 | SHA256:8AD9E47693E292F381DA42DDC13724A3063040E51C26F4CA8E1F8E2F1DDD547F | |||
| 4076 | XLN_KeyGen.exe | C:\Users\admin\AppData\Local\Temp\nst32FA.tmp | binary | |
MD5:3272046098AE2EFE60A996FD7BF39B68 | SHA256:3EBF17AF4B2308865A76FBD359AD5822AFE970D6872DF45C2F8D439C0DB82650 | |||
| 1024 | keygen.exe | C:\ProgramData\XLN Audio\XLN Online Installer\App\Licenses\LicensesOI.txt | text | |
MD5:26CB1457DE4DF310014CE54740875646 | SHA256:38A31249D79D70D76D95FF19323DF908930D26BD622C5CAD2AE9135FD0D8818B | |||
| 1024 | keygen.exe | C:\Users\admin\AppData\Local\Temp\~DF3878021887B7B27A.TMP | binary | |
MD5:15D52C89C6467E581A8A34D27DE2BC02 | SHA256:B8CC9B8D849BBFACC585330D667F91F09E9A1BAC0EF50852E813F55425BC09DE | |||
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
0
TCP/UDP connections
4
DNS requests
0
Threats
0
HTTP requests
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
Connections
PID | Process | IP | Domain | ASN | CN | Reputation |
|---|---|---|---|---|---|---|
4 | System | 192.168.100.255:137 | — | — | — | whitelisted |
4 | System | 192.168.100.255:138 | — | — | — | whitelisted |
— | — | 224.0.0.252:5355 | — | — | — | unknown |
1088 | svchost.exe | 224.0.0.252:5355 | — | — | — | unknown |