File name:

Ableton_KeyGen.exe

Full analysis: https://app.any.run/tasks/56c9d69b-c383-430c-9a05-ea7d93673ace
Verdict: Malicious activity
Analysis date: July 15, 2024, 00:29:55
OS: Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Indicators:
MIME: application/x-dosexec
File info: PE32 executable (GUI) Intel 80386, for MS Windows, Nullsoft Installer self-extracting archive
MD5:

E411DD01187DF2E61A273E651107B524

SHA1:

745F0CD4AD88611B6032B6023AD554BF6DDEADE6

SHA256:

D613BBF19A5003A2C514056665F79C7C2C3AFF9D3712639F13078734FFFCAE5B

SSDEEP:

24576:hJ8m3sUkChcDa47z7j5NGVqN7owVyyCGWZm13R2EV9Nqvjcp2sLEUpvWdxV1n/HJ:hJ8m3sUkCuW47z7lNGVqZowAyCGWZm1s

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Drops the executable file immediately after the start

      • Ableton_KeyGen.exe (PID: 3204)

  • SUSPICIOUS

    • Executable content was dropped or overwritten

      • Ableton_KeyGen.exe (PID: 3204)

  • INFO

    • Reads the computer name

      • Ableton_KeyGen.exe (PID: 3204)
      • keygen.exe (PID: 3372)

    • Checks supported languages

      • Ableton_KeyGen.exe (PID: 3204)
      • keygen.exe (PID: 3372)

    • Create files in a temporary directory

      • Ableton_KeyGen.exe (PID: 3204)
      • keygen.exe (PID: 3372)

    • Reads the machine GUID from the registry

      • keygen.exe (PID: 3372)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.exe | Win32 Executable MS Visual C++ (generic) (67.4)
.dll | Win32 Dynamic Link Library (generic) (14.2)
.exe | Win32 Executable (generic) (9.7)
.exe | Generic Win/DOS Executable (4.3)
.exe | DOS Executable Generic (4.3)

EXIF

EXE

MachineType: Intel 386 or later, and compatibles
TimeStamp: 2021:09:25 21:56:47+00:00
ImageFileCharacteristics: No relocs, Executable, No line numbers, No symbols, 32-bit
PEType: PE32
LinkerVersion: 6
CodeSize: 26624
InitializedDataSize: 141824
UninitializedDataSize: 2048
EntryPoint: 0x3640
OSVersion: 4
ImageVersion: 6
SubsystemVersion: 4
Subsystem: Windows GUI
No data.
screenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
43
Monitored processes
3
Malicious processes
1
Suspicious processes
0

Behavior graph

Click at the process to see the details
start ableton_keygen.exe keygen.exe no specs ableton_keygen.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
3204"C:\Users\admin\AppData\Local\Temp\Ableton_KeyGen.exe" C:\Users\admin\AppData\Local\Temp\Ableton_KeyGen.exe
explorer.exe
User:
admin
Integrity Level:
HIGH
Exit code:
0
Modules
Images
c:\users\admin\appdata\local\temp\ableton_keygen.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
3372C:\Users\admin\AppData\Local\Temp\keygen.exeC:\Users\admin\AppData\Local\Temp\keygen.exeAbleton_KeyGen.exe
User:
admin
Integrity Level:
HIGH
Exit code:
0
Modules
Images
c:\users\admin\appdata\local\temp\keygen.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.18837_none_ec86b8d6858ec0bc\comctl32.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\gdi32.dll
3400"C:\Users\admin\AppData\Local\Temp\Ableton_KeyGen.exe" C:\Users\admin\AppData\Local\Temp\Ableton_KeyGen.exeexplorer.exe
User:
admin
Integrity Level:
MEDIUM
Exit code:
3221226540
Modules
Images
c:\users\admin\appdata\local\temp\ableton_keygen.exe
c:\windows\system32\ntdll.dll
Total events
2 524
Read events
2 524
Write events
0
Delete events
0

Modification events

No data
Executable files
3
Suspicious files
3
Text files
0
Unknown types
0

Dropped files

PID
Process
Filename
Type
3204Ableton_KeyGen.exeC:\Users\admin\AppData\Local\Temp\BASSMOD.dllexecutable
MD5:E4EC57E8508C5C4040383EBE6D367928
SHA256:8AD9E47693E292F381DA42DDC13724A3063040E51C26F4CA8E1F8E2F1DDD547F
3204Ableton_KeyGen.exeC:\Users\admin\AppData\Local\Temp\R2RLIVE2.dllexecutable
MD5:D544F8F89B89AD6D48426E6C74C8761C
SHA256:B19809C08159BBE10544CCB5F72DC1582900ED4B395DFFB8B2B4C59F042EDD49
3204Ableton_KeyGen.exeC:\Users\admin\AppData\Local\Temp\bgm.xmxm
MD5:EAC249A6CBD92E5A744F1921261B4134
SHA256:9AE311E672F224A27350DD37CCE871187377531741DF048082B9CB680CD12882
3204Ableton_KeyGen.exeC:\Users\admin\AppData\Local\Temp\nseE76F.tmpbinary
MD5:EB8F5BCAB7F48D729DF15DCF5119BF74
SHA256:6638FB8FBF509BB3795A9B9B13BC7F2096B61E778A1F655EAC53A6597E04E24D
3204Ableton_KeyGen.exeC:\Users\admin\AppData\Local\Temp\keygen.exeexecutable
MD5:23EBA9883FEFC81D7CCCB833C09731B1
SHA256:C105A865C9C0F6588243527427B86292DA435B7885F6FD50CCA2352833A48F59
3372keygen.exeC:\Users\admin\AppData\Local\Temp\~DF4A9E96912DBC7DEA.TMPbinary
MD5:DC3314377DBFD75E2B575BF82D191150
SHA256:5910FD7908352D112E0E2F494EBB5636554612E08D47FF70C945BA0DC208251C
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
3
TCP/UDP connections
11
DNS requests
6
Threats
0

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
1372
svchost.exe
GET
304
23.53.40.49:80
http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/disallowedcertstl.cab?33775f6043c93e33
unknown
whitelisted
1372
svchost.exe
GET
200
23.48.23.143:80
http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl
unknown
whitelisted
1372
svchost.exe
GET
200
95.101.149.131:80
http://www.microsoft.com/pkiops/crl/MicSecSerCA2011_2011-10-18.crl
unknown
whitelisted
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
4
System
192.168.100.255:137
whitelisted
1372
svchost.exe
40.127.240.158:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
unknown
2564
svchost.exe
239.255.255.250:3702
whitelisted
1060
svchost.exe
224.0.0.252:5355
whitelisted
4
System
192.168.100.255:138
whitelisted
1372
svchost.exe
51.104.136.2:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
1372
svchost.exe
23.53.40.49:80
ctldl.windowsupdate.com
Akamai International B.V.
DE
unknown
1372
svchost.exe
23.48.23.143:80
crl.microsoft.com
Akamai International B.V.
DE
unknown
1372
svchost.exe
95.101.149.131:80
www.microsoft.com
Akamai International B.V.
NL
unknown

DNS requests

Domain
IP
Reputation
settings-win.data.microsoft.com
  • 40.127.240.158
  • 51.104.136.2
whitelisted
google.com
  • 142.250.185.110
whitelisted
ctldl.windowsupdate.com
  • 23.53.40.49
  • 23.53.40.35
whitelisted
crl.microsoft.com
  • 23.48.23.143
  • 23.48.23.156
whitelisted
www.microsoft.com
  • 95.101.149.131
whitelisted

Threats

No threats detected
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2025 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
Ableton_KeyGen.exe