File name:

musicmaker.exe

Full analysis: https://app.any.run/tasks/a192a356-3411-4a3d-85c9-631d766b3f8a
Verdict: Malicious activity
Analysis date: January 19, 2024, 18:07:29
OS: Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Indicators:
MIME: application/x-dosexec
File info: PE32 executable (GUI) Intel 80386, for MS Windows
MD5:

32FEBE631DAB33650596593F8E1A2CA2

SHA1:

013E6D68EDE542D09F264E629C0D896DA8B1A519

SHA256:

B06B0E5B5702A0C08DCC7C189F64CCEE04D92F34BAF833F2BACDCC5DFBFE54E0

SSDEEP:

98304:/skV4+x0SCivy//N+uT5+jqIBvjRZenxojE1eM+y63cv5uxpJIxcsGf0xgbgTu2Y:Lyy3C8

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Drops the executable file immediately after the start

      • musicmaker.exe (PID: 2416)

  • SUSPICIOUS

    • Executable content was dropped or overwritten

      • musicmaker.exe (PID: 2416)

    • Reads settings of System Certificates

      • MxDownloadManager.exe (PID: 532)

    • Reads the Internet Settings

      • MxDownloadManager.exe (PID: 532)

    • Checks Windows Trust Settings

      • MxDownloadManager.exe (PID: 532)

    • Reads security settings of Internet Explorer

      • MxDownloadManager.exe (PID: 532)

    • Adds/modifies Windows certificates

      • MxDownloadManager.exe (PID: 532)

  • INFO

    • Checks supported languages

      • musicmaker.exe (PID: 2416)
      • MxDownloadManager.exe (PID: 532)

    • Reads the machine GUID from the registry

      • MxDownloadManager.exe (PID: 532)

    • Reads the computer name

      • MxDownloadManager.exe (PID: 532)

    • Create files in a temporary directory

      • musicmaker.exe (PID: 2416)
      • MxDownloadManager.exe (PID: 532)

    • Creates files or folders in the user directory

      • MxDownloadManager.exe (PID: 532)

    • Checks proxy server information

      • MxDownloadManager.exe (PID: 532)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.exe | Win64 Executable (generic) (76.4)
.exe | Win32 Executable (generic) (12.4)
.exe | Generic Win/DOS Executable (5.5)
.exe | DOS Executable Generic (5.5)

EXIF

EXE

MachineType: Intel 386 or later, and compatibles
TimeStamp: 2022:03:04 15:58:39+01:00
ImageFileCharacteristics: Executable, 32-bit
PEType: PE32
LinkerVersion: 12
CodeSize: 1325568
InitializedDataSize: 2109440
UninitializedDataSize: -
EntryPoint: 0x9f922
OSVersion: 5.1
ImageVersion: -
SubsystemVersion: 5.1
Subsystem: Windows GUI
FileVersionNumber: 1.3.62.54
ProductVersionNumber: 1.3.62.54
FileFlagsMask: 0x003f
FileFlags: (none)
FileOS: Win32
ObjectFileType: Executable application
FileSubtype: -
LanguageCode: Neutral
CharacterSet: Unicode
CompanyName: MAGIX Software GmbH
FileDescription: MUSIC MAKER (en-US)
FileVersion: 1.3.62.54
LegalCopyright: Copyright © MAGIX Software GmbH
ProductName: MUSIC MAKER (en-US)
ProductVersion: 1.3.62.54
MX_Culture: en-US
MX_StubConfig: Release
MX_StubVersion: 1.9.1.0
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
41
Monitored processes
3
Malicious processes
2
Suspicious processes
0

Behavior graph

Click at the process to see the details
start musicmaker.exe mxdownloadmanager.exe musicmaker.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
124"C:\Users\admin\AppData\Local\Temp\musicmaker.exe" C:\Users\admin\AppData\Local\Temp\musicmaker.exeexplorer.exe
User:
admin
Company:
MAGIX Software GmbH
Integrity Level:
MEDIUM
Description:
MUSIC MAKER (en-US)
Exit code:
3221226540
Version:
1.3.62.54
Modules
Images
c:\users\admin\appdata\local\temp\musicmaker.exe
c:\windows\system32\ntdll.dll
532"C:\Users\admin\AppData\Local\Temp\mgxy2odq4xn\MxDownloadManager.exe" -m C:\Users\admin\AppData\Local\Temp\mgxy2odq4xn\SetupValues.dat -s mm32 -rC:\Users\admin\AppData\Local\Temp\mgxy2odq4xn\MxDownloadManager.exe
musicmaker.exe
User:
admin
Company:
MAGIX Software GmbH
Integrity Level:
HIGH
Description:
Installationsmanager
Exit code:
0
Version:
1.3.62.54
Modules
Images
c:\users\admin\appdata\local\temp\mgxy2odq4xn\mxdownloadmanager.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\msimg32.dll
2416"C:\Users\admin\AppData\Local\Temp\musicmaker.exe" C:\Users\admin\AppData\Local\Temp\musicmaker.exe
explorer.exe
User:
admin
Company:
MAGIX Software GmbH
Integrity Level:
HIGH
Description:
MUSIC MAKER (en-US)
Exit code:
0
Version:
1.3.62.54
Modules
Images
c:\users\admin\appdata\local\temp\musicmaker.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\winspool.drv
Total events
6 781
Read events
6 705
Write events
76
Delete events
0

Modification events

(PID) Process:(532) MxDownloadManager.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings
Operation:writeName:ProxyEnable
Value:
0
(PID) Process:(532) MxDownloadManager.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections
Operation:writeName:SavedLegacySettings
Value:
460000005B010000090000000000000000000000000000000400000000000000C0E333BBEAB1D3010000000000000000000000000100000002000000C0A8016B000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000
(PID) Process:(532) MxDownloadManager.exeKey:HKEY_CURRENT_USER\Software\MAGIX\MAGIX Installation manager\Internet_Settings
Operation:writeName:Timeout
Value:
20000
(PID) Process:(532) MxDownloadManager.exeKey:HKEY_CURRENT_USER\Software\MAGIX\MAGIX Installation manager\Internet_Settings
Operation:writeName:Retries
Value:
3
(PID) Process:(532) MxDownloadManager.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:ProxyBypass
Value:
1
(PID) Process:(532) MxDownloadManager.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:IntranetName
Value:
1
(PID) Process:(532) MxDownloadManager.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:UNCAsIntranet
Value:
1
(PID) Process:(532) MxDownloadManager.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:AutoDetect
Value:
0
(PID) Process:(532) MxDownloadManager.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Cookies
Operation:writeName:CachePrefix
Value:
Cookie:
(PID) Process:(532) MxDownloadManager.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\History
Operation:writeName:CachePrefix
Value:
Visited:
Executable files
34
Suspicious files
19
Text files
22
Unknown types
0

Dropped files

PID
Process
Filename
Type
2416musicmaker.exeC:\Users\admin\AppData\Local\Temp\mgxy2odq4xn\ijl20.dllexecutable
MD5:30946BD927EA028B9E241D0075075420
SHA256:2348BBDF3247E2C5227F58E57D790CEAFDBE35625C6264F0912D249D5903C513
2416musicmaker.exeC:\Users\admin\AppData\Local\Temp\mgxy2odq4xn\Bitmaps\mxgui.4.0\Logo.pngimage
MD5:0E4712A4E4EBA8B6B6829CA21FD6DEF8
SHA256:63A0002EFBBB5698778CA16E61CD47654450614423BBD75D20F3F6E2BC3AC8AD
2416musicmaker.exeC:\Users\admin\AppData\Local\Temp\mgxy2odq4xn\Bitmaps\mxgui.4.0\CPleaseWait.initext
MD5:2A3825BED1711C17A63B94591DE18F60
SHA256:4E23AFCB82536D015AEE2D822412E630A9DB9FD52ECAEA61B7D92D7ADC2AFAC2
2416musicmaker.exeC:\Users\admin\AppData\Local\Temp\mgxy2odq4xn\Bitmaps\mxgui.4.0\CMxDownloadManagerDlg_1.initext
MD5:CB3982F5DAF177BEA4BFB4A9E72A18F5
SHA256:BF9AEC3600822017B2580F1F3CEF4725E2580184E9B2A3F476B304F3192B4A18
2416musicmaker.exeC:\Users\admin\AppData\Local\Temp\mgxy2odq4xn\Bitmaps\mxgui.4.0\controlTemplates.initext
MD5:1C52B45AB82DEC4D07801E6868A4C5DA
SHA256:59ED53AAB5990137B4C459DCBEBE39FBA5D6E2345628C0942DD3AC64D984B5FC
2416musicmaker.exeC:\Users\admin\AppData\Local\Temp\mgxy2odq4xn\dm.xmlxml
MD5:2E95FC5A7CF2CB844F65AEDC6BFCE073
SHA256:B9211D7E370E247A50495FA376CB3B9AD9D9BFD12F7722F105BDF221D66DF880
2416musicmaker.exeC:\Users\admin\AppData\Local\Temp\mgxy2odq4xn\magix.icoimage
MD5:6FDE1B06B71E06E44920107D08417550
SHA256:7AEF260163ED2C620530BD10D8434860964908D6432A0F4AD1D8211ACB1280F8
2416musicmaker.exeC:\Users\admin\AppData\Local\Temp\mgxy2odq4xn\Bitmaps\mxgui.4.0\generalTemplates.INItext
MD5:D8ACCCB39FA2BCBC59AE3B7D26B1BC6F
SHA256:C1DE2A676BF7C42F2626A7F9DD63B79774E8D8D39D3716D4E14372172B816608
2416musicmaker.exeC:\Users\admin\AppData\Local\Temp\mgxy2odq4xn\Bitmaps\mxgui.4.0\ProgressDialogTemplates.initext
MD5:A8AB1555DC45A8AB1FFA4CE0F75A9FB0
SHA256:3CD528388545C659DBCE6317EF29B9833A9163E1C07FD44C11A87F942EFEBC90
2416musicmaker.exeC:\Users\admin\AppData\Local\Temp\mgxy2odq4xn\Bitmaps\mxgui.4.0\Promo.pngimage
MD5:0096176D3B94B2E86975D34A423C1863
SHA256:5A729412BF400029D86CF7D1473774BBBBA13D6814E5BCB002D31945417E2716
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
14
TCP/UDP connections
18
DNS requests
13
Threats
0

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
532
MxDownloadManager.exe
GET
301
195.214.216.160:80
http://www.magix.com/
unknown
html
230 b
unknown
532
MxDownloadManager.exe
GET
301
195.214.216.160:80
http://www.magix.com/
unknown
html
230 b
unknown
532
MxDownloadManager.exe
GET
200
184.24.77.210:80
http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/disallowedcertstl.cab?a3ef554ed2256a8e
unknown
compressed
4.66 Kb
unknown
532
MxDownloadManager.exe
GET
200
192.229.221.95:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTfqhLjKLEJQZPin0KCzkdAQpVYowQUsT7DaQP4v0cB1JgmGggC72NkK8MCEAP%2B7xu1tkg0miCVD4vGl1M%3D
unknown
binary
471 b
unknown
532
MxDownloadManager.exe
GET
200
192.229.221.95:80
http://status.geotrust.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTIyCPRUzvKHRw7iRE1lF%2BfcLu%2FjgQUypJnUmHervy6Iit%2FHIdMJftvmVgCEAo534UqBTG6Tl7coMJrriA%3D
unknown
binary
471 b
unknown
532
MxDownloadManager.exe
GET
301
195.214.216.160:80
http://www.magix.com/user/client_redirects/service_api/extservices_crp.utf8.php
unknown
html
288 b
unknown
532
MxDownloadManager.exe
GET
301
195.214.216.160:80
http://www.magix.com/
unknown
html
230 b
unknown
532
MxDownloadManager.exe
GET
200
192.229.221.95:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQ50otx%2Fh0Ztl%2Bz8SiPI7wEWVxDlQQUTiJUIBiV5uNu5g%2F6%2BrkS7QYXjzkCEAkO6MXeW%2Fpi0q4v9wl8SFc%3D
unknown
binary
471 b
unknown
532
MxDownloadManager.exe
GET
200
192.229.221.95:80
http://status.thawte.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBRzhKfQYsAHQZZDzb8RtQ5PgsTjQQQUpYz%2BMszrDyzUGcYIuAAkiF3DxbcCEAn36%2BenzaztEmtAh7AsPUc%3D
unknown
binary
471 b
unknown
532
MxDownloadManager.exe
GET
301
195.214.216.160:80
http://www.magix.com/user/client_redirects/service_api/extservices_crp.utf8.php
unknown
html
288 b
unknown
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
4
System
192.168.100.255:137
whitelisted
4
System
192.168.100.255:138
whitelisted
1080
svchost.exe
224.0.0.252:5355
unknown
532
MxDownloadManager.exe
195.214.216.160:80
www.magix.com
GTT Communications Inc.
DE
unknown
532
MxDownloadManager.exe
195.214.216.160:443
www.magix.com
GTT Communications Inc.
DE
unknown
532
MxDownloadManager.exe
184.24.77.210:80
ctldl.windowsupdate.com
Akamai International B.V.
DE
unknown
532
MxDownloadManager.exe
192.229.221.95:80
ocsp.digicert.com
EDGECAST
US
whitelisted
532
MxDownloadManager.exe
195.214.216.83:443
extapi.magix.com
GTT Communications Inc.
DE
unknown
532
MxDownloadManager.exe
212.102.56.179:443
1066355124.rsc.cdn77.org
Datacamp Limited
DE
unknown
532
MxDownloadManager.exe
23.192.153.142:80
x1.c.lencr.org
AKAMAI-AS
GB
unknown

DNS requests

Domain
IP
Reputation
www.magix.com
  • 195.214.216.160
whitelisted
ctldl.windowsupdate.com
  • 184.24.77.210
  • 184.24.77.194
  • 184.24.77.174
  • 184.24.77.173
  • 184.24.77.187
  • 184.24.77.186
  • 184.24.77.184
  • 184.24.77.197
  • 184.24.77.193
whitelisted
ocsp.digicert.com
  • 192.229.221.95
whitelisted
status.geotrust.com
  • 192.229.221.95
whitelisted
extapi.magix.com
  • 195.214.216.83
unknown
status.thawte.com
  • 192.229.221.95
whitelisted
1066355124.rsc.cdn77.org
  • 212.102.56.179
  • 156.146.33.138
  • 156.146.33.141
  • 195.181.175.16
  • 195.181.175.41
  • 212.102.56.182
  • 195.181.170.18
unknown
x1.c.lencr.org
  • 23.192.153.142
whitelisted
r3.o.lencr.org
  • 23.53.40.154
  • 23.53.40.144
shared

Threats

No threats detected
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2025 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
musicmaker.exe