Overview

overview

7

Static

static

3

Ableton_KeyGen.exe

windows10-2004-x64

7

$TEMP/BASSMOD.dll

windows10-2004-x64

1

$TEMP/R2RLIVE2.dll

windows10-2004-x64

3

$TEMP/bgm.xm

windows10-2004-x64

1

$TEMP/keygen.exe

windows10-2004-x64

1

Analysis

  • max time kernel
    74s
  • max time network
    75s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240419-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240419-enlocale:en-usos:windows10-2004-x64system
  • submitted
    05/05/2024, 11:10

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Ableton_KeyGen.exe

  • Size

    823KB

  • MD5

    4071527ad1bca5989a6618ecb5fcbcff

  • SHA1

    96fd30d34fbe253308692c9f68ecfc10262fca78

  • SHA256

    979a66f347df50eea02a69e44985585a1c13d9ed93c63f65ed241dcc142064ae

  • SHA512

    a6840c0826bece62dc06294c023c1829e3d3fcbe7749c061dbba6139eab557349f4aa0659244d03d03a587683f49a136b6efcbaf81311fbc4d6dd423c4b4e261

  • SSDEEP

    24576:XYkcL5bjSJcsTU2WQZDEBq5RndwceTrAHmRuTjq:okA5jSJPTUYEB+feGzTjq

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 3 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies registry class 33 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 2 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\Ableton_KeyGen.exe
    "C:\Users\Admin\AppData\Local\Temp\Ableton_KeyGen.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:4556
    • C:\Users\Admin\AppData\Local\Temp\keygen.exe
      C:\Users\Admin\AppData\Local\Temp\keygen.exe
      2⤵
      • Executes dropped EXE
      • Loads dropped DLL
      • Modifies registry class
      • Suspicious behavior: GetForegroundWindowSpam
      • Suspicious use of SetWindowsHookEx
      PID:4916
  • C:\Windows\system32\AUDIODG.EXE
    C:\Windows\system32\AUDIODG.EXE 0x500 0x508
    1⤵
    • Suspicious use of AdjustPrivilegeToken
    PID:844

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\BASSMOD.dll
    Filesize

    33KB

    MD5

    e4ec57e8508c5c4040383ebe6d367928

    SHA1

    b22bcce36d9fdeae8ab7a7ecc0b01c8176648d06

    SHA256

    8ad9e47693e292f381da42ddc13724a3063040e51c26f4ca8e1f8e2f1ddd547f

    SHA512

    77d5cf66caf06e192e668fae2b2594e60a498e8e0ccef5b09b9710721a4cdb0c852d00c446fd32c5b5c85e739de2e73cb1f1f6044879fe7d237341bbb6f27822

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\R2RLIVE2.dll
    Filesize

    90KB

    MD5

    3ca4451d558602c81380dfc1d22a71c5

    SHA1

    83222d82d15c0b088422f2d5be707500dcb9fed3

    SHA256

    a446a90d6873b1fbe20d9ba00ce730012260d8ec8ffd538a98fc61b632b11d96

    SHA512

    377a93342369d9455df86e49a1b8a40ecfddf5a3db052721baed2530d3d7c21afacf7a9ea58e1b50f56e675d06fd215a8707df529f1bd4312f43714aa44e61ef

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\bgm.xm
    Filesize

    1.0MB

    MD5

    eac249a6cbd92e5a744f1921261b4134

    SHA1

    3c1be061f209bf9cef151399f896a1e7927bb2cb

    SHA256

    9ae311e672f224a27350dd37cce871187377531741df048082b9cb680cd12882

    SHA512

    3cdb465c746c816b5f9badbe10020a636aca694c1992e076cb251f81ba9cca158ba5455587d0bb966743b943ce88ad0c99c74d39664c55723e169d070a799459

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\keygen.exe
    Filesize

    442KB

    MD5

    f6b07dc43d3c4f489e95e05b6857425c

    SHA1

    8eee74c99659b4095646705a6f34913658518739

    SHA256

    780a30ea7a71707e5d49253f2687fc19e5ec31cca9311df48f16b7aa61a97433

    SHA512

    0bd9feb7827728ee0b72355641d4d569ac982478ec8fe58bc7e3aa0ccf219605fd4a68408ba7d0d0d5fb681f6aea1e978eb4e96359498dbeeed14f7e1c873b37

    Download Submit

  • memory/4916-6-0x0000000000400000-0x0000000000441000-memory.dmp

    Filesize

    260KB

    Download

  • memory/4916-14-0x00000000008C0000-0x00000000008DF000-memory.dmp

    Filesize

    124KB

    Download

  • memory/4916-11-0x0000000010000000-0x0000000010013000-memory.dmp

    Filesize

    76KB

    Download

  • memory/4916-17-0x0000000010000000-0x0000000010013000-memory.dmp

    Filesize

    76KB

    Download

  • memory/4916-18-0x0000000010000000-0x0000000010013000-memory.dmp

    Filesize

    76KB

    Download

  • memory/4916-19-0x0000000010000000-0x0000000010013000-memory.dmp

    Filesize

    76KB

    Download

  • memory/4916-20-0x0000000010000000-0x0000000010013000-memory.dmp

    Filesize

    76KB

    Download

  • memory/4916-21-0x0000000010000000-0x0000000010013000-memory.dmp

    Filesize

    76KB

    Download