File name:

IK_Multimedia_Keygen.exe

Full analysis: https://app.any.run/tasks/df273f90-f48d-489e-89e4-0b93ea3ecee2
Verdict: Malicious activity
Analysis date: November 13, 2023, 13:27:07
OS: Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Indicators:
MIME: application/x-dosexec
File info: PE32 executable (GUI) Intel 80386, for MS Windows, Nullsoft Installer self-extracting archive
MD5:

531BA8325D3E268ABFECF82F7678C548

SHA1:

F15BBB6942559BC8297C160E838BE4AEA5242519

SHA256:

B69A3F48686FF25E0AC7B7A60B1E42CCBC3AC0B19A1AD913C0FCA4DBE9737CB1

SSDEEP:

24576:G03sUkCKGqFFH9k4KwW1nmDPoDhNS/mcaKGr29mPjlJrjk5:G03sUkCvqFFdk4KwqnmDPolNS/mcaKEy

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Drops the executable file immediately after the start

      • IK_Multimedia_Keygen.exe (PID: 3496)

  • SUSPICIOUS

    • Reads the Internet Settings

      • keygen.exe (PID: 3468)

  • INFO

    • Checks supported languages

      • IK_Multimedia_Keygen.exe (PID: 3496)
      • keygen.exe (PID: 3468)
      • wmpnscfg.exe (PID: 3988)

    • Reads the computer name

      • IK_Multimedia_Keygen.exe (PID: 3496)
      • wmpnscfg.exe (PID: 3988)
      • keygen.exe (PID: 3468)

    • Create files in a temporary directory

      • IK_Multimedia_Keygen.exe (PID: 3496)
      • keygen.exe (PID: 3468)

    • Reads the machine GUID from the registry

      • keygen.exe (PID: 3468)
      • wmpnscfg.exe (PID: 3988)

    • Manual execution by a user

      • wmpnscfg.exe (PID: 3988)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.exe | Win32 Executable MS Visual C++ (generic) (67.4)
.dll | Win32 Dynamic Link Library (generic) (14.2)
.exe | Win32 Executable (generic) (9.7)
.exe | Generic Win/DOS Executable (4.3)
.exe | DOS Executable Generic (4.3)

EXIF

EXE

MachineType: Intel 386 or later, and compatibles
TimeStamp: 2018:01:30 04:57:38+01:00
ImageFileCharacteristics: No relocs, Executable, No line numbers, No symbols, 32-bit
PEType: PE32
LinkerVersion: 6
CodeSize: 25088
InitializedDataSize: 118784
UninitializedDataSize: 1024
EntryPoint: 0x3328
OSVersion: 4
ImageVersion: 6
SubsystemVersion: 4
Subsystem: Windows GUI
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
44
Monitored processes
4
Malicious processes
1
Suspicious processes
0

Behavior graph

Click at the process to see the details
start ik_multimedia_keygen.exe keygen.exe no specs wmpnscfg.exe no specs ik_multimedia_keygen.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
3416"C:\Users\admin\Desktop\IK_Multimedia_Keygen.exe" C:\Users\admin\Desktop\IK_Multimedia_Keygen.exeexplorer.exe
User:
admin
Integrity Level:
MEDIUM
Exit code:
3221226540
Modules
Images
c:\users\admin\desktop\ik_multimedia_keygen.exe
c:\windows\system32\ntdll.dll
3468C:\Users\admin\AppData\Local\Temp\keygen.exeC:\Users\admin\AppData\Local\Temp\keygen.exeIK_Multimedia_Keygen.exe
User:
admin
Integrity Level:
HIGH
Exit code:
3221225547
Modules
Images
c:\users\admin\appdata\local\temp\keygen.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.18837_none_ec86b8d6858ec0bc\comctl32.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\gdi32.dll
3496"C:\Users\admin\Desktop\IK_Multimedia_Keygen.exe" C:\Users\admin\Desktop\IK_Multimedia_Keygen.exe
explorer.exe
User:
admin
Integrity Level:
HIGH
Exit code:
0
Modules
Images
c:\users\admin\desktop\ik_multimedia_keygen.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shell32.dll
3988"C:\Program Files\Windows Media Player\wmpnscfg.exe"C:\Program Files\Windows Media Player\wmpnscfg.exeexplorer.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Windows Media Player Network Sharing Service Configuration Application
Exit code:
0
Version:
12.0.7600.16385 (win7_rtm.090713-1255)
Modules
Images
c:\program files\windows media player\wmpnscfg.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\ole32.dll
Total events
3 568
Read events
3 408
Write events
152
Delete events
8

Modification events

(PID) Process:(3468) keygen.exeKey:HKEY_CURRENT_USER\Software\IK Multimedia\T-RackS CS
Operation:writeName:15f9be4b-16bb-4c5f-9c4e-46644abf94d1
Value:
F3E66A860B566B46F183CFCA3C3783D2
(PID) Process:(3468) keygen.exeKey:HKEY_CURRENT_USER\Software\IK Multimedia\T-RackS CS
Operation:writeName:94eb0063-0e75-4b44-931b-5ee056b66cf3
Value:
B392BB227CF9693A51445EBDEE6F9C24
(PID) Process:(3468) keygen.exeKey:HKEY_CURRENT_USER\Software\IK Multimedia\T-RackS CS
Operation:writeName:c06d8540-2906-4183-9557-22b7c6b66e2e
Value:
3BE1A4149168F7127D10836108EFD14F
(PID) Process:(3468) keygen.exeKey:HKEY_CURRENT_USER\Software\IK Multimedia\T-RackS CS
Operation:writeName:f276fe8c-6c8b-471c-80d3-48f918ec40b5
Value:
4724C404FCC64C7860FADFEE22B89CD2
(PID) Process:(3468) keygen.exeKey:HKEY_CURRENT_USER\Software\IK Multimedia\T-RackS CS
Operation:writeName:7a444c0f-eaae-43f1-a654-04a29885333b
Value:
D6496528F091FE11F6531BD7D1B37675
(PID) Process:(3468) keygen.exeKey:HKEY_CURRENT_USER\Software\IK Multimedia\T-RackS CS
Operation:writeName:68624d42-c6bd-4401-849b-0bc025ef6fcc
Value:
1C64DAC9F16E8F50A4EC71D5E985C8D9
(PID) Process:(3468) keygen.exeKey:HKEY_CURRENT_USER\Software\IK Multimedia\T-RackS CS
Operation:writeName:2ef25657-0b4c-442b-9d63-fb7380a77241
Value:
C7C66489F22E5C9C8F5E21EEA44A8C82
(PID) Process:(3468) keygen.exeKey:HKEY_CURRENT_USER\Software\IK Multimedia\T-RackS CS
Operation:writeName:3e8dc241-ed5d-414e-ba69-427349b6120b
Value:
5BF4C518143CB7A79AFFF87CDD6142CE
(PID) Process:(3468) keygen.exeKey:HKEY_CLASSES_ROOT\Local Settings\Software\Microsoft\Windows\Shell\BagMRU
Operation:writeName:NodeSlots
Value:
02020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202
(PID) Process:(3468) keygen.exeKey:HKEY_CLASSES_ROOT\Local Settings\Software\Microsoft\Windows\Shell\BagMRU
Operation:writeName:MRUListEx
Value:
01000000020000000700000000000000060000000C0000000B0000000D0000000A0000000900000008000000030000000500000004000000FFFFFFFF
Executable files
3
Suspicious files
3
Text files
0
Unknown types
0

Dropped files

PID
Process
Filename
Type
3496IK_Multimedia_Keygen.exeC:\Users\admin\AppData\Local\Temp\keygen.exeexecutable
MD5:5DB8F3C7A4B984F7811E772BC0639418
SHA256:5535B520ED5115F225546892A82393CC6338B300EFF8C2687EF06C4DB8A69FE7
3496IK_Multimedia_Keygen.exeC:\Users\admin\AppData\Local\Temp\R2RIKM2.dllexecutable
MD5:511E942E713956682C1EA73F33A63542
SHA256:7F8124C4B402BCDB0A0628447079CAFDA7755EC17397616B5CE510A98A4F3F07
3496IK_Multimedia_Keygen.exeC:\Users\admin\AppData\Local\Temp\BASSMOD.dllexecutable
MD5:E4EC57E8508C5C4040383EBE6D367928
SHA256:8AD9E47693E292F381DA42DDC13724A3063040E51C26F4CA8E1F8E2F1DDD547F
3496IK_Multimedia_Keygen.exeC:\Users\admin\AppData\Local\Temp\nsf69CC.tmpbinary
MD5:049606444D14220AD25C72C2A546E7B1
SHA256:9A1ACB570E94A4EDC252ADE1E21ABB97FAA4A15BE0718A49445BC46264ECC152
3468keygen.exeC:\Users\admin\AppData\Local\Temp\~DF8587B92DDADBB369.TMPbinary
MD5:2DD1728BA33752EE5CADE81E85604071
SHA256:F004AB009C3B8A5F340164A1CDA17D46C5D8471CAF863FEA7B6BD43F022D2267
3496IK_Multimedia_Keygen.exeC:\Users\admin\AppData\Local\Temp\bgm.xmbinary
MD5:A30878984AF33EE69ACE5CF8E330B974
SHA256:498EADC5B3D65AAF34B8496954C3362F033297C489D7EF4559CBA8890C530171
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
0
TCP/UDP connections
4
DNS requests
0
Threats
0

HTTP requests

No HTTP requests
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
4
System
192.168.100.255:137
whitelisted
2588
svchost.exe
239.255.255.250:1900
whitelisted
4
System
192.168.100.255:138
whitelisted
1080
svchost.exe
224.0.0.252:5355
unknown

DNS requests

No data

Threats

No threats detected
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2025 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
IK_Multimedia_Keygen.exe