f777af867c1b91cbbb3020c2533b19df0c5c340baf840980bea6ec25f8bf28d7

Resubmissions

03-11-2020 12:42

201103-ye573c9e42 8

03-11-2020 12:37

201103-cc58f8xvj6 8

Analysis

max time kernel
38s
max time network
29s
platform
windows7_x64
resource
win7v20201028
submitted
03-11-2020 12:42

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Setup Studio One 5 v5.1.0.exe
Size

129.5MB
MD5

15b43bd6ad25da3f9d5613a8b2f8a343
SHA1

aadc9f027164eb2b7a3b7f17e1c0b5245380a444
SHA256

f777af867c1b91cbbb3020c2533b19df0c5c340baf840980bea6ec25f8bf28d7
SHA512

d2edd7ef26545d8e9b6def9628eb3f0e508d2eca1941e3106d178e5158098545c6557fd505fbea458a7581c1e1b8be1e51604440fd792578c81625c4758796ec

Score

8^/10

discovery

Malware Config

Signatures

Executes dropped EXE 2 IoCs

Processes:

Setup Studio One 5 v5.1.0.tmpStudio One.exe

pid process

2000 Setup Studio One 5 v5.1.0.tmp
2040 Studio One.exe

pid	process
2000	Setup Studio One 5 v5.1.0.tmp
2040	Studio One.exe

Loads dropped DLL 16 IoCs

Processes:

Setup Studio One 5 v5.1.0.exeSetup Studio One 5 v5.1.0.tmpStudio One.exe

pid	process
1096	Setup Studio One 5 v5.1.0.exe
2000	Setup Studio One 5 v5.1.0.tmp
2000	Setup Studio One 5 v5.1.0.tmp
2000	Setup Studio One 5 v5.1.0.tmp
2000	Setup Studio One 5 v5.1.0.tmp
2000	Setup Studio One 5 v5.1.0.tmp
2000	Setup Studio One 5 v5.1.0.tmp
1248
1248
1248
1248
1248
1248
2040	Studio One.exe
2040	Studio One.exe
2040	Studio One.exe

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Drops file in Program Files directory 2368 IoCs

Processes:

Setup Studio One 5 v5.1.0.tmp

description	ioc	process
File created	C:\Program Files\PreSonus\Studio One 5\Presets\PreSonus\Mai Tai\Poly\is-E01RT.tmp	Setup Studio One 5 v5.1.0.tmp
File created	C:\Program Files\PreSonus\Studio One 5\Presets\PreSonus\Mixverb\is-NIKJ2.tmp	Setup Studio One 5 v5.1.0.tmp
File created	C:\Program Files\PreSonus\Studio One 5\Presets\PreSonus\Repeater\Sequence\is-DCD04.tmp	Setup Studio One 5 v5.1.0.tmp
File created	C:\Program Files\PreSonus\Studio One 5\devices\M-Audio\X-Session Pro\is-OQ6MD.tmp	Setup Studio One 5 v5.1.0.tmp
File created	C:\Program Files\PreSonus\Studio One 5\Presets\PreSonus\Chorus\Guitar\is-RKI04.tmp	Setup Studio One 5 v5.1.0.tmp
File created	C:\Program Files\PreSonus\Studio One 5\Presets\PreSonus\Fat Channel\Guitar\is-9F4GQ.tmp	Setup Studio One 5 v5.1.0.tmp
File created	C:\Program Files\PreSonus\Studio One 5\Presets\PreSonus\Mai Tai\Bass\is-L93E0.tmp	Setup Studio One 5 v5.1.0.tmp
File created	C:\Program Files\PreSonus\Studio One 5\Presets\PreSonus\Mai Tai\Bass\is-4QVS4.tmp	Setup Studio One 5 v5.1.0.tmp
File created	C:\Program Files\PreSonus\Studio One 5\devices\PreSonus\ATOM\ATOM SQ\is-5I2UD.tmp	Setup Studio One 5 v5.1.0.tmp
File created	C:\Program Files\PreSonus\Studio One 5\devices\PreSonus\FaderPort 8+16\is-TEINT.tmp	Setup Studio One 5 v5.1.0.tmp
File created	C:\Program Files\PreSonus\Studio One 5\Presets\PreSonus\Analog Delay\is-0IJ3K.tmp	Setup Studio One 5 v5.1.0.tmp
File created	C:\Program Files\PreSonus\Studio One 5\Presets\PreSonus\Chorus\is-16VKF.tmp	Setup Studio One 5 v5.1.0.tmp
File created	C:\Program Files\PreSonus\Studio One 5\Presets\PreSonus\Mai Tai\Pad\is-OI26S.tmp	Setup Studio One 5 v5.1.0.tmp
File created	C:\Program Files\PreSonus\Studio One 5\Presets\PreSonus\Phaser\Guitar\is-J00T0.tmp	Setup Studio One 5 v5.1.0.tmp
File opened for modification	C:\Program Files\PreSonus\Studio One 5\cclnet.dll	Setup Studio One 5 v5.1.0.tmp
File created	C:\Program Files\PreSonus\Studio One 5\devices\PreSonus\Qwerty\is-CR000.tmp	Setup Studio One 5 v5.1.0.tmp
File created	C:\Program Files\PreSonus\Studio One 5\Presets\PreSonus\Groove Delay\is-677LN.tmp	Setup Studio One 5 v5.1.0.tmp
File created	C:\Program Files\PreSonus\Studio One 5\Presets\PreSonus\Chorus\is-H77VI.tmp	Setup Studio One 5 v5.1.0.tmp
File created	C:\Program Files\PreSonus\Studio One 5\Presets\PreSonus\Fat Channel\EQ Passive\is-9EUKC.tmp	Setup Studio One 5 v5.1.0.tmp
File created	C:\Program Files\PreSonus\Studio One 5\Presets\PreSonus\FX Chains\Vocals\is-H4UVT.tmp	Setup Studio One 5 v5.1.0.tmp
File created	C:\Program Files\PreSonus\Studio One 5\Presets\PreSonus\Pro EQ\Misc\is-EIC5A.tmp	Setup Studio One 5 v5.1.0.tmp
File opened for modification	C:\Program Files\PreSonus\Studio One 5\ucnet.dll	Setup Studio One 5 v5.1.0.tmp
File created	C:\Program Files\PreSonus\Studio One 5\devices\PreSonus\Qwerty\skin\is-KG80Q.tmp	Setup Studio One 5 v5.1.0.tmp
File created	C:\Program Files\PreSonus\Studio One 5\Presets\PreSonus\Pedalboard\Guitar\is-9QI6S.tmp	Setup Studio One 5 v5.1.0.tmp
File created	C:\Program Files\PreSonus\Studio One 5\Presets\PreSonus\Pro EQ\Drums\is-KD6TE.tmp	Setup Studio One 5 v5.1.0.tmp
File created	C:\Program Files\PreSonus\Studio One 5\Presets\PreSonus\X-Trem\is-4JEIF.tmp	Setup Studio One 5 v5.1.0.tmp
File created	C:\Program Files\PreSonus\Studio One 5\Presets\PreSonus\FX Chains\Send\is-2CBA3.tmp	Setup Studio One 5 v5.1.0.tmp
File created	C:\Program Files\PreSonus\Studio One 5\Presets\PreSonus\Mixverb\is-1IO06.tmp	Setup Studio One 5 v5.1.0.tmp
File created	C:\Program Files\PreSonus\Studio One 5\Presets\PreSonus\Pedalboard\Keys\is-T72FF.tmp	Setup Studio One 5 v5.1.0.tmp
File created	C:\Program Files\PreSonus\Studio One 5\templates\is-EUSUC.tmp	Setup Studio One 5 v5.1.0.tmp
File created	C:\Program Files\PreSonus\Studio One 5\clicks\is-C390K.tmp	Setup Studio One 5 v5.1.0.tmp
File created	C:\Program Files\PreSonus\Studio One 5\Presets\PreSonus\Analog Delay\is-OP5ER.tmp	Setup Studio One 5 v5.1.0.tmp
File created	C:\Program Files\PreSonus\Studio One 5\Presets\PreSonus\Autofilter\is-AEUOO.tmp	Setup Studio One 5 v5.1.0.tmp
File created	C:\Program Files\PreSonus\Studio One 5\devices\CME\Xkey\is-KQ6DO.tmp	Setup Studio One 5 v5.1.0.tmp
File created	C:\Program Files\PreSonus\Studio One 5\devices\Native Instruments\Maschine\is-ABCOI.tmp	Setup Studio One 5 v5.1.0.tmp
File created	C:\Program Files\PreSonus\Studio One 5\devices\PreSonus\FaderPort\is-0DDIB.tmp	Setup Studio One 5 v5.1.0.tmp
File created	C:\Program Files\PreSonus\Studio One 5\Presets\PreSonus\Mojito\is-SFJ53.tmp	Setup Studio One 5 v5.1.0.tmp
File created	C:\Program Files\PreSonus\Studio One 5\Presets\PreSonus\Pro EQ\Misc\is-VHMBR.tmp	Setup Studio One 5 v5.1.0.tmp
File opened for modification	C:\Program Files\PreSonus\Studio One 5\Plugins\chordengine.dll	Setup Studio One 5 v5.1.0.tmp
File created	C:\Program Files\PreSonus\Studio One 5\devices\M-Audio\Axiom Pro\is-D5MMC.tmp	Setup Studio One 5 v5.1.0.tmp
File created	C:\Program Files\PreSonus\Studio One 5\Presets\PreSonus\Bitcrusher\is-C41SE.tmp	Setup Studio One 5 v5.1.0.tmp
File created	C:\Program Files\PreSonus\Studio One 5\Presets\PreSonus\Fat Channel\Compressor Tube\is-FEDJ5.tmp	Setup Studio One 5 v5.1.0.tmp
File created	C:\Program Files\PreSonus\Studio One 5\Presets\PreSonus\Phaser\is-7VQAE.tmp	Setup Studio One 5 v5.1.0.tmp
File created	C:\Program Files\PreSonus\Studio One 5\Presets\PreSonus\Flanger\is-49NFF.tmp	Setup Studio One 5 v5.1.0.tmp
File created	C:\Program Files\PreSonus\Studio One 5\Presets\PreSonus\Flanger\Guitar\is-RSJ9P.tmp	Setup Studio One 5 v5.1.0.tmp
File created	C:\Program Files\PreSonus\Studio One 5\Presets\PreSonus\Mixtool\is-I6CTN.tmp	Setup Studio One 5 v5.1.0.tmp
File created	C:\Program Files\PreSonus\Studio One 5\devices\Doepfer\PocketFader\is-PVPF6.tmp	Setup Studio One 5 v5.1.0.tmp
File created	C:\Program Files\PreSonus\Studio One 5\devices\Mackie\Control\skin\is-NPB8B.tmp	Setup Studio One 5 v5.1.0.tmp
File created	C:\Program Files\PreSonus\Studio One 5\Presets\PreSonus\Compressor\Drums\is-VEOE5.tmp	Setup Studio One 5 v5.1.0.tmp
File created	C:\Program Files\PreSonus\Studio One 5\Presets\PreSonus\Compressor\Drums\is-E2C7V.tmp	Setup Studio One 5 v5.1.0.tmp
File created	C:\Program Files\PreSonus\Studio One 5\Presets\PreSonus\Compressor\Drums\is-7ANNT.tmp	Setup Studio One 5 v5.1.0.tmp
File created	C:\Program Files\PreSonus\Studio One 5\Presets\PreSonus\Mojito\is-GVIQG.tmp	Setup Studio One 5 v5.1.0.tmp
File created	C:\Program Files\PreSonus\Studio One 5\Presets\PreSonus\RedlightDist\is-QQR6M.tmp	Setup Studio One 5 v5.1.0.tmp
File created	C:\Program Files\PreSonus\Studio One 5\Presets\PreSonus\Rotor\is-J1MN5.tmp	Setup Studio One 5 v5.1.0.tmp
File created	C:\Program Files\PreSonus\Studio One 5\templates\is-2QMNO.tmp	Setup Studio One 5 v5.1.0.tmp
File created	C:\Program Files\PreSonus\Studio One 5\license\is-SDLT5.tmp	Setup Studio One 5 v5.1.0.tmp
File created	C:\Program Files\PreSonus\Studio One 5\Presets\PreSonus\Fat Channel\EQ Passive\is-0TQ28.tmp	Setup Studio One 5 v5.1.0.tmp
File created	C:\Program Files\PreSonus\Studio One 5\Presets\User Presets\Color Schemes\Light Scheme\is-SN980.tmp	Setup Studio One 5 v5.1.0.tmp
File created	C:\Program Files\PreSonus\Studio One 5\templates\is-VR27T.tmp	Setup Studio One 5 v5.1.0.tmp
File created	C:\Program Files\PreSonus\Studio One 5\Presets\PreSonus\Fat Channel\EQ Vintage\is-A3CRH.tmp	Setup Studio One 5 v5.1.0.tmp
File created	C:\Program Files\PreSonus\Studio One 5\Presets\PreSonus\Groove Delay\is-0HGFI.tmp	Setup Studio One 5 v5.1.0.tmp
File created	C:\Program Files\PreSonus\Studio One 5\Presets\PreSonus\Mojito\is-PVLM9.tmp	Setup Studio One 5 v5.1.0.tmp
File created	C:\Program Files\PreSonus\Studio One 5\Presets\PreSonus\Mojito\is-HKL3S.tmp	Setup Studio One 5 v5.1.0.tmp
File created	C:\Program Files\PreSonus\Studio One 5\Presets\PreSonus\RedlightDist\is-TA4GV.tmp	Setup Studio One 5 v5.1.0.tmp

Modifies registry class 142 IoCs

Processes:

Setup Studio One 5 v5.1.0.tmp

description	ioc	process
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.license	Setup Studio One 5 v5.1.0.tmp
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.macropage	Setup Studio One 5 v5.1.0.tmp
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\PreSonusMultitrackFile\shell	Setup Studio One 5 v5.1.0.tmp
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\PreSonusMusicloopFile\ = "PreSonus Multitrack File"	Setup Studio One 5 v5.1.0.tmp
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.install	Setup Studio One 5 v5.1.0.tmp
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\PreSonusCaptureSession\DefaultIcon\ = "C:\\Program Files\\PreSonus\\Studio One 5\\Studio One.exe,3"	Setup Studio One 5 v5.1.0.tmp
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\PreSonusInstallFile\ = "PreSonus Installation File"	Setup Studio One 5 v5.1.0.tmp
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\PreSonusInstallFile\DefaultIcon\ = "C:\\Program Files\\PreSonus\\Studio One 5\\Studio One.exe,8"	Setup Studio One 5 v5.1.0.tmp
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\PreSonusInstallFile\shell\ = "open"	Setup Studio One 5 v5.1.0.tmp
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\StudioOneShortcutsFile\ = "Studio One Keyboard Shortcuts"	Setup Studio One 5 v5.1.0.tmp
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\StudioOneProject\ = "Studio One Project"	Setup Studio One 5 v5.1.0.tmp
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\StudioOneSoundSetFile\DefaultIcon	Setup Studio One 5 v5.1.0.tmp
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\studioone\DefaultIcon	Setup Studio One 5 v5.1.0.tmp
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\StudioOneSoundSetFile\shell\ = "open"	Setup Studio One 5 v5.1.0.tmp
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\StudioOneSong\shell	Setup Studio One 5 v5.1.0.tmp
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.click\ = "StudioOneClickFile"	Setup Studio One 5 v5.1.0.tmp
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.preset\ = "StudioOnePreset"	Setup Studio One 5 v5.1.0.tmp
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.song	Setup Studio One 5 v5.1.0.tmp
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.song\ = "StudioOneSong"	Setup Studio One 5 v5.1.0.tmp
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\StudioOneSong\shell\open\command\ = "\"C:\\Program Files\\PreSonus\\Studio One 5\\Studio One.exe\" \"%1\""	Setup Studio One 5 v5.1.0.tmp
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\PreSonusAudioloopFile\ = "PreSonus Audioloop"	Setup Studio One 5 v5.1.0.tmp
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\StudioOneClickFile\ = "Studio One Metronome Preset"	Setup Studio One 5 v5.1.0.tmp
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\StudioOneColorScheme\DefaultIcon\ = "C:\\Program Files\\PreSonus\\Studio One 5\\Studio One.exe,15"	Setup Studio One 5 v5.1.0.tmp
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\StudioOneLicenseFile\DefaultIcon\ = "C:\\Program Files\\PreSonus\\Studio One 5\\Studio One.exe,6"	Setup Studio One 5 v5.1.0.tmp
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.capture\ = "PreSonusAudioloopFile"	Setup Studio One 5 v5.1.0.tmp
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.instrument	Setup Studio One 5 v5.1.0.tmp
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\StudioOneLicenseFile	Setup Studio One 5 v5.1.0.tmp
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\StudioOneProject\shell\open\command	Setup Studio One 5 v5.1.0.tmp
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\StudioOneSong\shell\open	Setup Studio One 5 v5.1.0.tmp
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.install\ = "PreSonusInstallFile"	Setup Studio One 5 v5.1.0.tmp
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\StudioOneColorScheme	Setup Studio One 5 v5.1.0.tmp
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\StudioOneMultiPreset	Setup Studio One 5 v5.1.0.tmp
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\PreSonusMusicloopFile\DefaultIcon\ = "C:\\Program Files\\PreSonus\\Studio One 5\\Studio One.exe,13"	Setup Studio One 5 v5.1.0.tmp
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.quantize	Setup Studio One 5 v5.1.0.tmp
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\StudioOneSoundSetFile\shell\open\command\ = "\"C:\\Program Files\\PreSonus\\Studio One 5\\Studio One.exe\" \"%1\""	Setup Studio One 5 v5.1.0.tmp
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\PreSonusAudioloopFile\DefaultIcon\ = "C:\\Program Files\\PreSonus\\Studio One 5\\Studio One.exe,12"	Setup Studio One 5 v5.1.0.tmp
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.audioloop	Setup Studio One 5 v5.1.0.tmp
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.project	Setup Studio One 5 v5.1.0.tmp
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.pitchlist	Setup Studio One 5 v5.1.0.tmp
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\StudioOneMacroFile\DefaultIcon	Setup Studio One 5 v5.1.0.tmp
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\PreSonusCaptureSession\DefaultIcon	Setup Studio One 5 v5.1.0.tmp
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\StudioOneColorScheme\DefaultIcon	Setup Studio One 5 v5.1.0.tmp
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\PreSonusInstallFile\DefaultIcon	Setup Studio One 5 v5.1.0.tmp
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.studioonemacro	Setup Studio One 5 v5.1.0.tmp
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.colorscheme\ = "StudioOneColorScheme"	Setup Studio One 5 v5.1.0.tmp
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.capture	Setup Studio One 5 v5.1.0.tmp
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\PreSonusInstallFile\shell	Setup Studio One 5 v5.1.0.tmp
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\StudioOneShortcutsFile\DefaultIcon	Setup Studio One 5 v5.1.0.tmp
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.license\ = "StudioOneLicenseFile"	Setup Studio One 5 v5.1.0.tmp
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.musicloop	Setup Studio One 5 v5.1.0.tmp
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\StudioOnePreset\DefaultIcon\ = "C:\\Program Files\\PreSonus\\Studio One 5\\Studio One.exe,4"	Setup Studio One 5 v5.1.0.tmp
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\StudioOneProject\DefaultIcon\ = "C:\\Program Files\\PreSonus\\Studio One 5\\Studio One.exe,2"	Setup Studio One 5 v5.1.0.tmp
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\studioone\DefaultIcon\ = "\"C:\\Program Files\\PreSonus\\Studio One 5\\Studio One.exe\" \"%1\""	Setup Studio One 5 v5.1.0.tmp
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.songtemplate\ = "StudioOneSong"	Setup Studio One 5 v5.1.0.tmp
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\StudioOneClickFile	Setup Studio One 5 v5.1.0.tmp
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\PreSonusInstallFile\shell\open\command	Setup Studio One 5 v5.1.0.tmp
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.instrument\ = "StudioOneMultiPreset"	Setup Studio One 5 v5.1.0.tmp
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\StudioOneMacroPage\DefaultIcon\ = "C:\\Program Files\\PreSonus\\Studio One 5\\Studio One.exe,17"	Setup Studio One 5 v5.1.0.tmp
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\PreSonusMusicloopFile\DefaultIcon	Setup Studio One 5 v5.1.0.tmp
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\StudioOneQuantizeFile	Setup Studio One 5 v5.1.0.tmp
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\StudioOneQuantizeFile\DefaultIcon	Setup Studio One 5 v5.1.0.tmp
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\studioone	Setup Studio One 5 v5.1.0.tmp
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\PreSonusCaptureSession	Setup Studio One 5 v5.1.0.tmp
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.multitrack	Setup Studio One 5 v5.1.0.tmp

Suspicious behavior: EnumeratesProcesses 2 IoCs

Processes:

Setup Studio One 5 v5.1.0.tmp

pid process

2000 Setup Studio One 5 v5.1.0.tmp
2000 Setup Studio One 5 v5.1.0.tmp
Suspicious use of FindShellTrayWindow 1 IoCs

Processes:

Setup Studio One 5 v5.1.0.tmp

pid process

2000 Setup Studio One 5 v5.1.0.tmp
Suspicious use of SetWindowsHookEx 1 IoCs

Processes:

Setup Studio One 5 v5.1.0.tmp

pid process

2000 Setup Studio One 5 v5.1.0.tmp

pid	process
2000	Setup Studio One 5 v5.1.0.tmp
2000	Setup Studio One 5 v5.1.0.tmp

pid	process
2000	Setup Studio One 5 v5.1.0.tmp

pid	process
2000	Setup Studio One 5 v5.1.0.tmp

Suspicious use of WriteProcessMemory 7 IoCs

Processes:

Setup Studio One 5 v5.1.0.exe

description	pid	process	target process
PID 1096 wrote to memory of 2000	1096	Setup Studio One 5 v5.1.0.exe	Setup Studio One 5 v5.1.0.tmp
PID 1096 wrote to memory of 2000	1096	Setup Studio One 5 v5.1.0.exe	Setup Studio One 5 v5.1.0.tmp
PID 1096 wrote to memory of 2000	1096	Setup Studio One 5 v5.1.0.exe	Setup Studio One 5 v5.1.0.tmp
PID 1096 wrote to memory of 2000	1096	Setup Studio One 5 v5.1.0.exe	Setup Studio One 5 v5.1.0.tmp
PID 1096 wrote to memory of 2000	1096	Setup Studio One 5 v5.1.0.exe	Setup Studio One 5 v5.1.0.tmp
PID 1096 wrote to memory of 2000	1096	Setup Studio One 5 v5.1.0.exe	Setup Studio One 5 v5.1.0.tmp
PID 1096 wrote to memory of 2000	1096	Setup Studio One 5 v5.1.0.exe	Setup Studio One 5 v5.1.0.tmp

C:\Users\Admin\AppData\Local\Temp\Setup Studio One 5 v5.1.0.exe
"C:\Users\Admin\AppData\Local\Temp\Setup Studio One 5 v5.1.0.exe"
1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:1096

C:\Users\Admin\AppData\Local\Temp\is-9P2Q2.tmp\Setup Studio One 5 v5.1.0.tmp
"C:\Users\Admin\AppData\Local\Temp\is-9P2Q2.tmp\Setup Studio One 5 v5.1.0.tmp" /SL5="$20158,135223530,401920,C:\Users\Admin\AppData\Local\Temp\Setup Studio One 5 v5.1.0.exe"
2⤵
- Executes dropped EXE
- Loads dropped DLL
- Drops file in Program Files directory
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
PID:2000

C:\Program Files\PreSonus\Studio One 5\Studio One.exe
"C:\Program Files\PreSonus\Studio One 5\Studio One.exe"
1⤵
- Executes dropped EXE
- Loads dropped DLL
PID:2040

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\PreSonus\Studio One 5\Studio One.exe
MD5
058f122c348f673a582773041fcf8420

SHA1
f00c6a64b3c94285cc0701dac3565b6f76f08679

SHA256
47f63885ebab308f0c44cce6270994acf9c86d00cc4d7968e7ff80f13a897746

SHA512
0ed4e48cc51b8fca8fe9e6b2dad51c11ab071f9dae3cf09461ca137f24cd22c82e7ceca185751f2f4052f85d0a3ec45d1c87d0912ce5652077f90505e8a38ff5

Download Submit
C:\Program Files\PreSonus\Studio One 5\cclgui.dll
MD5
13fad42bf615a89cb1e240cd1af49905

SHA1
41c9c368568c1ed8b2a3d87a1036a8593cfe64ce

SHA256
663b777962e9aba1ea189aee5edca08b1cd0085fdffd2ab22c225d74899c0a7d

SHA512
ed79a48735156b4000729736a65c2ece1d849322ed17ef2b9a0e5f90cb23c578b0e1b1317c6610607d2a093eb395e098efff907e0b8939d28c72267a5d40bd42

Download Submit
C:\Program Files\PreSonus\Studio One 5\cclsystem.dll
MD5
0642e65dc102644e2737f15cf8fac9b2

SHA1
4880f5820af38a7152fbef63dfa8552bd029c57a

SHA256
932a884e0d84e43700b4f86df099cd9317e5423f155868b9fab0b47780bd9368

SHA512
b2dca4c5014be391ca242fe2465f8b0001a6f9162905b3befec8b7dbdc1a9d32121ef8637b1daac970f26e8cefb5958b13f914de8c320f5a2e07a1446e152f3c

Download Submit
C:\Program Files\PreSonus\Studio One 5\ccltext.dll
MD5
6e7de425e858f7367c6577fa89572e3c

SHA1
1c1eaf6a857418c6b44d985c5f6ac33ee71e6ff4

SHA256
89cf73b88cc10ce74251deec4bec9ad4ca4cf9c5a9d44825bde7604cdd83f741

SHA512
38873671c542b844205558eb0a62294275fbf0ce1e2058d8aaca0971c9cabc51ec5df8ef168dcd15a465c414c65c99dc132fdd1f461d7b8d76abf0e9299cd7f6

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-9P2Q2.tmp\Setup Studio One 5 v5.1.0.tmp
MD5
fc809e529045b95f153064607f4490a5

SHA1
79e6edab31167500db7ec34f206f8560ad9b528e

SHA256
9cedc0126ddf43441ad80ea65a5dcef5c99e33ef30cfd9fff626e6f30fc7a668

SHA512
35c853853b0aff4ae556a8bf73be5fca5508310c9d61bba5c1d637a2a403a51a8b01c576812f263f715b11f55ed5c226ea8eeed3cb4f0eca623be9595d9b663d

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-9P2Q2.tmp\Setup Studio One 5 v5.1.0.tmp
MD5
fc809e529045b95f153064607f4490a5

SHA1
79e6edab31167500db7ec34f206f8560ad9b528e

SHA256
9cedc0126ddf43441ad80ea65a5dcef5c99e33ef30cfd9fff626e6f30fc7a668

SHA512
35c853853b0aff4ae556a8bf73be5fca5508310c9d61bba5c1d637a2a403a51a8b01c576812f263f715b11f55ed5c226ea8eeed3cb4f0eca623be9595d9b663d

Download Submit
\Program Files\PreSonus\Studio One 5\Studio One.exe
MD5
058f122c348f673a582773041fcf8420

SHA1
f00c6a64b3c94285cc0701dac3565b6f76f08679

SHA256
47f63885ebab308f0c44cce6270994acf9c86d00cc4d7968e7ff80f13a897746

SHA512
0ed4e48cc51b8fca8fe9e6b2dad51c11ab071f9dae3cf09461ca137f24cd22c82e7ceca185751f2f4052f85d0a3ec45d1c87d0912ce5652077f90505e8a38ff5

Download Submit
\Program Files\PreSonus\Studio One 5\Studio One.exe
MD5
058f122c348f673a582773041fcf8420

SHA1
f00c6a64b3c94285cc0701dac3565b6f76f08679

SHA256
47f63885ebab308f0c44cce6270994acf9c86d00cc4d7968e7ff80f13a897746

SHA512
0ed4e48cc51b8fca8fe9e6b2dad51c11ab071f9dae3cf09461ca137f24cd22c82e7ceca185751f2f4052f85d0a3ec45d1c87d0912ce5652077f90505e8a38ff5

Download Submit
\Program Files\PreSonus\Studio One 5\Studio One.exe
MD5
058f122c348f673a582773041fcf8420

SHA1
f00c6a64b3c94285cc0701dac3565b6f76f08679

SHA256
47f63885ebab308f0c44cce6270994acf9c86d00cc4d7968e7ff80f13a897746

SHA512
0ed4e48cc51b8fca8fe9e6b2dad51c11ab071f9dae3cf09461ca137f24cd22c82e7ceca185751f2f4052f85d0a3ec45d1c87d0912ce5652077f90505e8a38ff5

Download Submit
\Program Files\PreSonus\Studio One 5\Studio One.exe
MD5
058f122c348f673a582773041fcf8420

SHA1
f00c6a64b3c94285cc0701dac3565b6f76f08679

SHA256
47f63885ebab308f0c44cce6270994acf9c86d00cc4d7968e7ff80f13a897746

SHA512
0ed4e48cc51b8fca8fe9e6b2dad51c11ab071f9dae3cf09461ca137f24cd22c82e7ceca185751f2f4052f85d0a3ec45d1c87d0912ce5652077f90505e8a38ff5

Download Submit
\Program Files\PreSonus\Studio One 5\Studio One.exe
MD5
058f122c348f673a582773041fcf8420

SHA1
f00c6a64b3c94285cc0701dac3565b6f76f08679

SHA256
47f63885ebab308f0c44cce6270994acf9c86d00cc4d7968e7ff80f13a897746

SHA512
0ed4e48cc51b8fca8fe9e6b2dad51c11ab071f9dae3cf09461ca137f24cd22c82e7ceca185751f2f4052f85d0a3ec45d1c87d0912ce5652077f90505e8a38ff5

Download Submit
\Program Files\PreSonus\Studio One 5\Studio One.exe
MD5
058f122c348f673a582773041fcf8420

SHA1
f00c6a64b3c94285cc0701dac3565b6f76f08679

SHA256
47f63885ebab308f0c44cce6270994acf9c86d00cc4d7968e7ff80f13a897746

SHA512
0ed4e48cc51b8fca8fe9e6b2dad51c11ab071f9dae3cf09461ca137f24cd22c82e7ceca185751f2f4052f85d0a3ec45d1c87d0912ce5652077f90505e8a38ff5

Download Submit
\Program Files\PreSonus\Studio One 5\Studio One.exe
MD5
058f122c348f673a582773041fcf8420

SHA1
f00c6a64b3c94285cc0701dac3565b6f76f08679

SHA256
47f63885ebab308f0c44cce6270994acf9c86d00cc4d7968e7ff80f13a897746

SHA512
0ed4e48cc51b8fca8fe9e6b2dad51c11ab071f9dae3cf09461ca137f24cd22c82e7ceca185751f2f4052f85d0a3ec45d1c87d0912ce5652077f90505e8a38ff5

Download Submit
\Program Files\PreSonus\Studio One 5\Studio One.exe
MD5
058f122c348f673a582773041fcf8420

SHA1
f00c6a64b3c94285cc0701dac3565b6f76f08679

SHA256
47f63885ebab308f0c44cce6270994acf9c86d00cc4d7968e7ff80f13a897746

SHA512
0ed4e48cc51b8fca8fe9e6b2dad51c11ab071f9dae3cf09461ca137f24cd22c82e7ceca185751f2f4052f85d0a3ec45d1c87d0912ce5652077f90505e8a38ff5

Download Submit
\Program Files\PreSonus\Studio One 5\cclgui.dll
MD5
13fad42bf615a89cb1e240cd1af49905

SHA1
41c9c368568c1ed8b2a3d87a1036a8593cfe64ce

SHA256
663b777962e9aba1ea189aee5edca08b1cd0085fdffd2ab22c225d74899c0a7d

SHA512
ed79a48735156b4000729736a65c2ece1d849322ed17ef2b9a0e5f90cb23c578b0e1b1317c6610607d2a093eb395e098efff907e0b8939d28c72267a5d40bd42

Download Submit
\Program Files\PreSonus\Studio One 5\cclsystem.dll
MD5
0642e65dc102644e2737f15cf8fac9b2

SHA1
4880f5820af38a7152fbef63dfa8552bd029c57a

SHA256
932a884e0d84e43700b4f86df099cd9317e5423f155868b9fab0b47780bd9368

SHA512
b2dca4c5014be391ca242fe2465f8b0001a6f9162905b3befec8b7dbdc1a9d32121ef8637b1daac970f26e8cefb5958b13f914de8c320f5a2e07a1446e152f3c

Download Submit
\Program Files\PreSonus\Studio One 5\ccltext.dll
MD5
6e7de425e858f7367c6577fa89572e3c

SHA1
1c1eaf6a857418c6b44d985c5f6ac33ee71e6ff4

SHA256
89cf73b88cc10ce74251deec4bec9ad4ca4cf9c5a9d44825bde7604cdd83f741

SHA512
38873671c542b844205558eb0a62294275fbf0ce1e2058d8aaca0971c9cabc51ec5df8ef168dcd15a465c414c65c99dc132fdd1f461d7b8d76abf0e9299cd7f6

Download Submit
\Program Files\PreSonus\Studio One 5\unins000.exe
MD5
24fb165f1896a1fe070ca711ff101e31

SHA1
73581efe1bb07c228eb27818540117b3bea669ce

SHA256
8d92f46b835c3b8a8a22b2c17bbf59246d49fe745a064c6e744e5d36f152a278

SHA512
664c6049fdd71af3835de352611f3e4282fbdaafba2c3db86b0c1ed5707799f86fae8db3bd49ada34ab96ad53b6b79c5fd63a95fcc0efe5e1d6b70a0e2eefc96

Download Submit
\Users\Admin\AppData\Local\Temp\is-9P2Q2.tmp\Setup Studio One 5 v5.1.0.tmp
MD5
fc809e529045b95f153064607f4490a5

SHA1
79e6edab31167500db7ec34f206f8560ad9b528e

SHA256
9cedc0126ddf43441ad80ea65a5dcef5c99e33ef30cfd9fff626e6f30fc7a668

SHA512
35c853853b0aff4ae556a8bf73be5fca5508310c9d61bba5c1d637a2a403a51a8b01c576812f263f715b11f55ed5c226ea8eeed3cb4f0eca623be9595d9b663d

Download Submit
\Users\Admin\AppData\Local\Temp\is-P4CL7.tmp\ISSKINU.DLL
MD5
f30afccd6fafc1cad4567ada824c9358

SHA1
60a65b72f208563f90fba0da6af013a36707caa9

SHA256
e28d16fad16bca8198c47d7dd44acfd362dd6ba1654f700add8aaf2c0732622d

SHA512
59b199085ed4b59ef2b385a09d0901ff2efde7b344db1e900684a425fc2df8e2010ca73d2f2bffa547040cb1dd4c8938b175c463ccc5e39a840a19f9aa301a6c

Download Submit
\Users\Admin\AppData\Local\Temp\is-P4CL7.tmp\R2RINNO.dll
MD5
0f8bbab51c5f70093b7ed7dd825d68e8

SHA1
a96809560b3e9001124083937a339cf2453a94c8

SHA256
7fc4fa7f5cea34df0a6733527081886cfb1c49b369df2db454de87cc4e70bdb5

SHA512
7b824ad5d7ec786535106d98bc80c9350f35ac2b76d7ee20163e90becf076dfeaca4732c0ecbe2d3d84a2efef337c380d5548ca0123e69e66e30bb396f0b9b81

Download Submit
\Users\Admin\AppData\Local\Temp\is-P4CL7.tmp\SKIN.CJSTYLES
MD5
5f87caf3f7cf63dde8e6af53bdf31289

SHA1
a2c3cc3d9d831acd797155b667db59a32000d7a8

SHA256
4731982b02b067d3f5a5a7518279a9265a49fb0f7b3f8dc3d61b82a5359d4940

SHA512
4875298d82037ef1fff1ee3c58a9059d8480274326c862729fcc56664ecb49e2692c3838948c66dc8336e4050469d831cbf1fbd79b66565ab673d2a67765109d

Download Submit
memory/2000-1-0x0000000000000000-mapping.dmp

Download

Resubmissions

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix ATT&CK v6

Replay Monitor

Loading Replay Monitor...

Downloads