File name:

musicmaker.exe

Full analysis: https://app.any.run/tasks/a192a356-3411-4a3d-85c9-631d766b3f8a
Verdict: Malicious activity
Analysis date: January 19, 2024, 18:07:29
OS: Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Indicators:
MIME: application/x-dosexec
File info: PE32 executable (GUI) Intel 80386, for MS Windows
MD5:

32FEBE631DAB33650596593F8E1A2CA2

SHA1:

013E6D68EDE542D09F264E629C0D896DA8B1A519

SHA256:

B06B0E5B5702A0C08DCC7C189F64CCEE04D92F34BAF833F2BACDCC5DFBFE54E0

SSDEEP:

98304:/skV4+x0SCivy//N+uT5+jqIBvjRZenxojE1eM+y63cv5uxpJIxcsGf0xgbgTu2Y:Lyy3C8

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Drops the executable file immediately after the start

      • musicmaker.exe (PID: 2416)

  • SUSPICIOUS

    • Reads the Internet Settings

      • MxDownloadManager.exe (PID: 532)

    • Adds/modifies Windows certificates

      • MxDownloadManager.exe (PID: 532)

    • Reads settings of System Certificates

      • MxDownloadManager.exe (PID: 532)

    • Checks Windows Trust Settings

      • MxDownloadManager.exe (PID: 532)

    • Reads security settings of Internet Explorer

      • MxDownloadManager.exe (PID: 532)

    • Executable content was dropped or overwritten

      • musicmaker.exe (PID: 2416)

  • INFO

    • Create files in a temporary directory

      • musicmaker.exe (PID: 2416)
      • MxDownloadManager.exe (PID: 532)

    • Checks supported languages

      • musicmaker.exe (PID: 2416)
      • MxDownloadManager.exe (PID: 532)

    • Reads the computer name

      • MxDownloadManager.exe (PID: 532)

    • Checks proxy server information

      • MxDownloadManager.exe (PID: 532)

    • Reads the machine GUID from the registry

      • MxDownloadManager.exe (PID: 532)

    • Creates files or folders in the user directory

      • MxDownloadManager.exe (PID: 532)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.exe | Win64 Executable (generic) (76.4)
.exe | Win32 Executable (generic) (12.4)
.exe | Generic Win/DOS Executable (5.5)
.exe | DOS Executable Generic (5.5)

EXIF

EXE

MachineType: Intel 386 or later, and compatibles
TimeStamp: 2022:03:04 15:58:39+01:00
ImageFileCharacteristics: Executable, 32-bit
PEType: PE32
LinkerVersion: 12
CodeSize: 1325568
InitializedDataSize: 2109440
UninitializedDataSize: -
EntryPoint: 0x9f922
OSVersion: 5.1
ImageVersion: -
SubsystemVersion: 5.1
Subsystem: Windows GUI
FileVersionNumber: 1.3.62.54
ProductVersionNumber: 1.3.62.54
FileFlagsMask: 0x003f
FileFlags: (none)
FileOS: Win32
ObjectFileType: Executable application
FileSubtype: -
LanguageCode: Neutral
CharacterSet: Unicode
CompanyName: MAGIX Software GmbH
FileDescription: MUSIC MAKER (en-US)
FileVersion: 1.3.62.54
LegalCopyright: Copyright © MAGIX Software GmbH
ProductName: MUSIC MAKER (en-US)
ProductVersion: 1.3.62.54
MX_Culture: en-US
MX_StubConfig: Release
MX_StubVersion: 1.9.1.0
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
41
Monitored processes
3
Malicious processes
2
Suspicious processes
0

Behavior graph

Click at the process to see the details
start musicmaker.exe mxdownloadmanager.exe musicmaker.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
124"C:\Users\admin\AppData\Local\Temp\musicmaker.exe" C:\Users\admin\AppData\Local\Temp\musicmaker.exeexplorer.exe
User:
admin
Company:
MAGIX Software GmbH
Integrity Level:
MEDIUM
Description:
MUSIC MAKER (en-US)
Exit code:
3221226540
Version:
1.3.62.54
Modules
Images
c:\users\admin\appdata\local\temp\musicmaker.exe
c:\windows\system32\ntdll.dll
532"C:\Users\admin\AppData\Local\Temp\mgxy2odq4xn\MxDownloadManager.exe" -m C:\Users\admin\AppData\Local\Temp\mgxy2odq4xn\SetupValues.dat -s mm32 -rC:\Users\admin\AppData\Local\Temp\mgxy2odq4xn\MxDownloadManager.exe
musicmaker.exe
User:
admin
Company:
MAGIX Software GmbH
Integrity Level:
HIGH
Description:
Installationsmanager
Exit code:
0
Version:
1.3.62.54
Modules
Images
c:\users\admin\appdata\local\temp\mgxy2odq4xn\mxdownloadmanager.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\msimg32.dll
2416"C:\Users\admin\AppData\Local\Temp\musicmaker.exe" C:\Users\admin\AppData\Local\Temp\musicmaker.exe
explorer.exe
User:
admin
Company:
MAGIX Software GmbH
Integrity Level:
HIGH
Description:
MUSIC MAKER (en-US)
Exit code:
0
Version:
1.3.62.54
Modules
Images
c:\users\admin\appdata\local\temp\musicmaker.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\winspool.drv
Total events
6 781
Read events
6 705
Write events
76
Delete events
0

Modification events

(PID) Process:(532) MxDownloadManager.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings
Operation:writeName:ProxyEnable
Value:
0
(PID) Process:(532) MxDownloadManager.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections
Operation:writeName:SavedLegacySettings
Value:
460000005B010000090000000000000000000000000000000400000000000000C0E333BBEAB1D3010000000000000000000000000100000002000000C0A8016B000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000
(PID) Process:(532) MxDownloadManager.exeKey:HKEY_CURRENT_USER\Software\MAGIX\MAGIX Installation manager\Internet_Settings
Operation:writeName:Timeout
Value:
20000
(PID) Process:(532) MxDownloadManager.exeKey:HKEY_CURRENT_USER\Software\MAGIX\MAGIX Installation manager\Internet_Settings
Operation:writeName:Retries
Value:
3
(PID) Process:(532) MxDownloadManager.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:ProxyBypass
Value:
1
(PID) Process:(532) MxDownloadManager.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:IntranetName
Value:
1
(PID) Process:(532) MxDownloadManager.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:UNCAsIntranet
Value:
1
(PID) Process:(532) MxDownloadManager.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:AutoDetect
Value:
0
(PID) Process:(532) MxDownloadManager.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Cookies
Operation:writeName:CachePrefix
Value:
Cookie:
(PID) Process:(532) MxDownloadManager.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\History
Operation:writeName:CachePrefix
Value:
Visited:
Executable files
34
Suspicious files
19
Text files
22
Unknown types
0

Dropped files

PID
Process
Filename
Type
2416musicmaker.exeC:\Users\admin\AppData\Local\Temp\mgxy2odq4xn\Bitmaps\mxgui.4.0\generalTemplates.INItext
MD5:D8ACCCB39FA2BCBC59AE3B7D26B1BC6F
SHA256:C1DE2A676BF7C42F2626A7F9DD63B79774E8D8D39D3716D4E14372172B816608
2416musicmaker.exeC:\Users\admin\AppData\Local\Temp\mgxy2odq4xn\Bitmaps\mxgui.4.0\Logo.pngimage
MD5:0E4712A4E4EBA8B6B6829CA21FD6DEF8
SHA256:63A0002EFBBB5698778CA16E61CD47654450614423BBD75D20F3F6E2BC3AC8AD
2416musicmaker.exeC:\Users\admin\AppData\Local\Temp\mgxy2odq4xn\Bitmaps\mxgui.4.0\CMxDownloadManagerDlg.initext
MD5:F5763A04B92889A6F8C08172451CFDC3
SHA256:F733D9056C7C9E47E8E835518A677A1D75E2654F05698EA684790F3AF7D9117A
2416musicmaker.exeC:\Users\admin\AppData\Local\Temp\mgxy2odq4xn\Bitmaps\mxgui.4.0\CMxDownloadManagerDlg_2.initext
MD5:A7DFF513385F3DA702B2D20EDD55985C
SHA256:D3ADB922390B65726672EA7A6123866326F0887824DB6876881EDC437A87D197
2416musicmaker.exeC:\Users\admin\AppData\Local\Temp\mgxy2odq4xn\Bitmaps\mxgui.4.0\ProgressDialogTemplates.initext
MD5:A8AB1555DC45A8AB1FFA4CE0F75A9FB0
SHA256:3CD528388545C659DBCE6317EF29B9833A9163E1C07FD44C11A87F942EFEBC90
2416musicmaker.exeC:\Users\admin\AppData\Local\Temp\mgxy2odq4xn\installed.xmlxml
MD5:AEA624768256AE1708E75309BF8299EE
SHA256:8F49354F824579622074CC96A4E85F0E0E003F17367B6426CF3C0226A7C46FD6
2416musicmaker.exeC:\Users\admin\AppData\Local\Temp\mgxy2odq4xn\MusicMaker32.icoimage
MD5:FECF6184FE0E8C02C4FD02DE5988E2EE
SHA256:A6687F6911BD833BB0F5CA612308061352DD0AF9B09749CD5312DD7ACBDF356E
2416musicmaker.exeC:\Users\admin\AppData\Local\Temp\mgxy2odq4xn\magix.icoimage
MD5:6FDE1B06B71E06E44920107D08417550
SHA256:7AEF260163ED2C620530BD10D8434860964908D6432A0F4AD1D8211ACB1280F8
2416musicmaker.exeC:\Users\admin\AppData\Local\Temp\mgxy2odq4xn\MFL_rel_u_vc12.dllexecutable
MD5:10A2916057E394BDF133EC9FC1AF53A7
SHA256:73CCAA16D2D51B91F13BF614BB58AB1C7E3E718F8F1B5D8CC7CC273C6975FC9F
2416musicmaker.exeC:\Users\admin\AppData\Local\Temp\mgxy2odq4xn\Bitmaps\mxgui.4.0\ProgressDialogTemplates.pngimage
MD5:CBE0A7C1EE665C7272873C031A0C5D52
SHA256:9CF7CE3D45C97311E6A400413C61BEFCCF9BF6E9820D5886414829D1D2F2CA86
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
14
TCP/UDP connections
18
DNS requests
13
Threats
0

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
532
MxDownloadManager.exe
GET
301
195.214.216.160:80
http://www.magix.com/
unknown
html
230 b
unknown
532
MxDownloadManager.exe
GET
301
195.214.216.160:80
http://www.magix.com/
unknown
html
230 b
unknown
532
MxDownloadManager.exe
GET
200
184.24.77.210:80
http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/disallowedcertstl.cab?a3ef554ed2256a8e
unknown
compressed
4.66 Kb
unknown
532
MxDownloadManager.exe
GET
301
195.214.216.160:80
http://www.magix.com/user/client_redirects/service_api/extservices_crp.utf8.php
unknown
html
288 b
unknown
532
MxDownloadManager.exe
GET
301
195.214.216.160:80
http://www.magix.com/user/client_redirects/service_api/extservices_crp.utf8.php
unknown
html
288 b
unknown
532
MxDownloadManager.exe
GET
301
195.214.216.160:80
http://www.magix.com/
unknown
html
230 b
unknown
532
MxDownloadManager.exe
GET
200
192.229.221.95:80
http://status.geotrust.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTIyCPRUzvKHRw7iRE1lF%2BfcLu%2FjgQUypJnUmHervy6Iit%2FHIdMJftvmVgCEAo534UqBTG6Tl7coMJrriA%3D
unknown
binary
471 b
unknown
532
MxDownloadManager.exe
GET
200
192.229.221.95:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTfqhLjKLEJQZPin0KCzkdAQpVYowQUsT7DaQP4v0cB1JgmGggC72NkK8MCEAP%2B7xu1tkg0miCVD4vGl1M%3D
unknown
binary
471 b
unknown
532
MxDownloadManager.exe
GET
200
192.229.221.95:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQ50otx%2Fh0Ztl%2Bz8SiPI7wEWVxDlQQUTiJUIBiV5uNu5g%2F6%2BrkS7QYXjzkCEAkO6MXeW%2Fpi0q4v9wl8SFc%3D
unknown
binary
471 b
unknown
532
MxDownloadManager.exe
GET
200
184.24.77.210:80
http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab?c8a6c3b57d016454
unknown
compressed
65.2 Kb
unknown
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
4
System
192.168.100.255:137
whitelisted
4
System
192.168.100.255:138
whitelisted
1080
svchost.exe
224.0.0.252:5355
unknown
532
MxDownloadManager.exe
195.214.216.160:80
www.magix.com
GTT Communications Inc.
DE
unknown
532
MxDownloadManager.exe
195.214.216.160:443
www.magix.com
GTT Communications Inc.
DE
unknown
532
MxDownloadManager.exe
184.24.77.210:80
ctldl.windowsupdate.com
Akamai International B.V.
DE
unknown
532
MxDownloadManager.exe
192.229.221.95:80
ocsp.digicert.com
EDGECAST
US
whitelisted
532
MxDownloadManager.exe
195.214.216.83:443
extapi.magix.com
GTT Communications Inc.
DE
unknown
532
MxDownloadManager.exe
212.102.56.179:443
1066355124.rsc.cdn77.org
Datacamp Limited
DE
unknown
532
MxDownloadManager.exe
23.192.153.142:80
x1.c.lencr.org
AKAMAI-AS
GB
unknown

DNS requests

Domain
IP
Reputation
www.magix.com
  • 195.214.216.160
whitelisted
ctldl.windowsupdate.com
  • 184.24.77.210
  • 184.24.77.194
  • 184.24.77.174
  • 184.24.77.173
  • 184.24.77.187
  • 184.24.77.186
  • 184.24.77.184
  • 184.24.77.197
  • 184.24.77.193
whitelisted
ocsp.digicert.com
  • 192.229.221.95
whitelisted
status.geotrust.com
  • 192.229.221.95
whitelisted
extapi.magix.com
  • 195.214.216.83
unknown
status.thawte.com
  • 192.229.221.95
whitelisted
1066355124.rsc.cdn77.org
  • 212.102.56.179
  • 156.146.33.138
  • 156.146.33.141
  • 195.181.175.16
  • 195.181.175.41
  • 212.102.56.182
  • 195.181.170.18
unknown
x1.c.lencr.org
  • 23.192.153.142
whitelisted
r3.o.lencr.org
  • 23.53.40.154
  • 23.53.40.144
shared

Threats

No threats detected
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2026 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
musicmaker.exe