f777af867c1b91cbbb3020c2533b19df0c5c340baf840980bea6ec25f8bf28d7

General

Target

Setup Studio One 5 v5.1.0.exe
Size

129.5MB
MD5

15b43bd6ad25da3f9d5613a8b2f8a343
SHA1

aadc9f027164eb2b7a3b7f17e1c0b5245380a444
SHA256

f777af867c1b91cbbb3020c2533b19df0c5c340baf840980bea6ec25f8bf28d7
SHA512

d2edd7ef26545d8e9b6def9628eb3f0e508d2eca1941e3106d178e5158098545c6557fd505fbea458a7581c1e1b8be1e51604440fd792578c81625c4758796ec

Score

8^/10

Malware Config

Signatures

Executes dropped EXE 1 IoCs

Processes:

Setup Studio One 5 v5.1.0.tmp

pid process

3892 Setup Studio One 5 v5.1.0.tmp

Loads dropped DLL 5 IoCs

Processes:

Setup Studio One 5 v5.1.0.tmp

pid	process
3892	Setup Studio One 5 v5.1.0.tmp
3892	Setup Studio One 5 v5.1.0.tmp
3892	Setup Studio One 5 v5.1.0.tmp
3892	Setup Studio One 5 v5.1.0.tmp
3892	Setup Studio One 5 v5.1.0.tmp

Drops file in Program Files directory 1967 IoCs

Processes:

Setup Studio One 5 v5.1.0.tmp

description	ioc	process
File created	C:\Program Files\PreSonus\Studio One 5\license\is-B2J26.tmp	Setup Studio One 5 v5.1.0.tmp
File created	C:\Program Files\PreSonus\Studio One 5\license\is-P5ETA.tmp	Setup Studio One 5 v5.1.0.tmp
File created	C:\Program Files\PreSonus\Studio One 5\Presets\PreSonus\Expander\Instruments\is-F16NG.tmp	Setup Studio One 5 v5.1.0.tmp
File created	C:\Program Files\PreSonus\Studio One 5\Presets\PreSonus\Mojito\is-N42ED.tmp	Setup Studio One 5 v5.1.0.tmp
File created	C:\Program Files\PreSonus\Studio One 5\Presets\PreSonus\RedlightDist\is-IO9I2.tmp	Setup Studio One 5 v5.1.0.tmp
File created	C:\Program Files\PreSonus\Studio One 5\is-LEAUB.tmp	Setup Studio One 5 v5.1.0.tmp
File created	C:\Program Files\PreSonus\Studio One 5\devices\Behringer\BCR2000\is-JU5Q9.tmp	Setup Studio One 5 v5.1.0.tmp
File created	C:\Program Files\PreSonus\Studio One 5\languages\is-FJEI8.tmp	Setup Studio One 5 v5.1.0.tmp
File created	C:\Program Files\PreSonus\Studio One 5\Presets\PreSonus\Console Shaper\is-EURFV.tmp	Setup Studio One 5 v5.1.0.tmp
File created	C:\Program Files\PreSonus\Studio One 5\Presets\PreSonus\Room Reverb\is-HGNG5.tmp	Setup Studio One 5 v5.1.0.tmp
File created	C:\Program Files\PreSonus\Studio One 5\devices\Edirol\PCR-1\is-B0M3S.tmp	Setup Studio One 5 v5.1.0.tmp
File created	C:\Program Files\PreSonus\Studio One 5\Presets\PreSonus\Compressor\Drums\is-6PPLK.tmp	Setup Studio One 5 v5.1.0.tmp
File created	C:\Program Files\PreSonus\Studio One 5\Presets\PreSonus\Compressor\Vocals\is-K6L1T.tmp	Setup Studio One 5 v5.1.0.tmp
File created	C:\Program Files\PreSonus\Studio One 5\Presets\PreSonus\Fat Channel\Compressor Tube\is-VN57J.tmp	Setup Studio One 5 v5.1.0.tmp
File created	C:\Program Files\PreSonus\Studio One 5\Presets\PreSonus\Mai Tai\Templates\is-SIE02.tmp	Setup Studio One 5 v5.1.0.tmp
File created	C:\Program Files\PreSonus\Studio One 5\Presets\PreSonus\Mojito\is-7391Q.tmp	Setup Studio One 5 v5.1.0.tmp
File created	C:\Program Files\PreSonus\Studio One 5\Presets\PreSonus\Room Reverb\is-JJ1AO.tmp	Setup Studio One 5 v5.1.0.tmp
File opened for modification	C:\Program Files\PreSonus\Studio One 5\Plugins\audiocodec.dll	Setup Studio One 5 v5.1.0.tmp
File created	C:\Program Files\PreSonus\Studio One 5\devices\Acorn Instruments\MasterKey 49\is-ACVMH.tmp	Setup Studio One 5 v5.1.0.tmp
File created	C:\Program Files\PreSonus\Studio One 5\Presets\PreSonus\Analog Delay\is-A7FQG.tmp	Setup Studio One 5 v5.1.0.tmp
File created	C:\Program Files\PreSonus\Studio One 5\devices\Native Instruments\Komplete Kontrol\Keyboard\is-KOI54.tmp	Setup Studio One 5 v5.1.0.tmp
File created	C:\Program Files\PreSonus\Studio One 5\Presets\PreSonus\Ampire\Experimental\is-FKLLF.tmp	Setup Studio One 5 v5.1.0.tmp
File created	C:\Program Files\PreSonus\Studio One 5\Presets\PreSonus\Autofilter\is-N4L29.tmp	Setup Studio One 5 v5.1.0.tmp
File created	C:\Program Files\PreSonus\Studio One 5\Presets\PreSonus\Autofilter\is-MEER3.tmp	Setup Studio One 5 v5.1.0.tmp
File created	C:\Program Files\PreSonus\Studio One 5\Presets\PreSonus\Phaser\Guitar\is-TCGBE.tmp	Setup Studio One 5 v5.1.0.tmp
File created	C:\Program Files\PreSonus\Studio One 5\Presets\PreSonus\Pro EQ\Instruments\is-3RSGP.tmp	Setup Studio One 5 v5.1.0.tmp
File created	C:\Program Files\PreSonus\Studio One 5\devices\PreSonus\FaderPort 8+16\skin\images\is-NDGN7.tmp	Setup Studio One 5 v5.1.0.tmp
File created	C:\Program Files\PreSonus\Studio One 5\Presets\PreSonus\Mai Tai\Poly\is-KKJ41.tmp	Setup Studio One 5 v5.1.0.tmp
File created	C:\Program Files\PreSonus\Studio One 5\devices\Mackie\Control\skin\is-J0S35.tmp	Setup Studio One 5 v5.1.0.tmp
File created	C:\Program Files\PreSonus\Studio One 5\Presets\PreSonus\FX Chains\Guitar\is-T9P0B.tmp	Setup Studio One 5 v5.1.0.tmp
File created	C:\Program Files\PreSonus\Studio One 5\Presets\PreSonus\Multi Instrument\Layer\is-1H9IG.tmp	Setup Studio One 5 v5.1.0.tmp
File created	C:\Program Files\PreSonus\Studio One 5\Presets\PreSonus\Multiband Dynamics\Master\is-1B712.tmp	Setup Studio One 5 v5.1.0.tmp
File created	C:\Program Files\PreSonus\Studio One 5\Presets\PreSonus\Multiband Dynamics\Tool\is-9BCV5.tmp	Setup Studio One 5 v5.1.0.tmp
File created	C:\Program Files\PreSonus\Studio One 5\Presets\PreSonus\Mai Tai\Bass\is-N0TPA.tmp	Setup Studio One 5 v5.1.0.tmp
File created	C:\Program Files\PreSonus\Studio One 5\Plugins\is-41H5R.tmp	Setup Studio One 5 v5.1.0.tmp
File created	C:\Program Files\PreSonus\Studio One 5\Presets\PreSonus\Autofilter\is-IA08B.tmp	Setup Studio One 5 v5.1.0.tmp
File created	C:\Program Files\PreSonus\Studio One 5\Presets\PreSonus\Channel Strip\Drums\is-Q80IS.tmp	Setup Studio One 5 v5.1.0.tmp
File created	C:\Program Files\PreSonus\Studio One 5\Presets\PreSonus\Fat Channel\Guitar\is-H7BUF.tmp	Setup Studio One 5 v5.1.0.tmp
File opened for modification	C:\Program Files\PreSonus\Studio One 5\3rd party\gwlangsv.dll	Setup Studio One 5 v5.1.0.tmp
File created	C:\Program Files\PreSonus\Studio One 5\devices\Mackie\Control\skin\is-4U46U.tmp	Setup Studio One 5 v5.1.0.tmp
File created	C:\Program Files\PreSonus\Studio One 5\devices\PreSonus\ATOM\ATOM SQ\skin\images\is-2LVSK.tmp	Setup Studio One 5 v5.1.0.tmp
File created	C:\Program Files\PreSonus\Studio One 5\devices\PreSonus\FaderPort (2018)\is-GL9SV.tmp	Setup Studio One 5 v5.1.0.tmp
File created	C:\Program Files\PreSonus\Studio One 5\Presets\PreSonus\FX Chains\Mastering\is-B38CR.tmp	Setup Studio One 5 v5.1.0.tmp
File created	C:\Program Files\PreSonus\Studio One 5\Presets\PreSonus\Groove Delay\is-5VT1U.tmp	Setup Studio One 5 v5.1.0.tmp
File created	C:\Program Files\PreSonus\Studio One 5\Presets\PreSonus\Mai Tai\Drum\is-BKQVI.tmp	Setup Studio One 5 v5.1.0.tmp
File created	C:\Program Files\PreSonus\Studio One 5\devices\PreSonus\ATOM\ATOM SQ\skin\images\is-A6TPI.tmp	Setup Studio One 5 v5.1.0.tmp
File created	C:\Program Files\PreSonus\Studio One 5\Presets\PreSonus\Multiband Dynamics\Mix\is-V1FNU.tmp	Setup Studio One 5 v5.1.0.tmp
File created	C:\Program Files\PreSonus\Studio One 5\Presets\PreSonus\RedlightDist\is-7U837.tmp	Setup Studio One 5 v5.1.0.tmp
File created	C:\Program Files\PreSonus\Studio One 5\devices\Evolution\eKeys37\is-LRV02.tmp	Setup Studio One 5 v5.1.0.tmp
File created	C:\Program Files\PreSonus\Studio One 5\Presets\PreSonus\FX Chains\Vocals\is-V6HS4.tmp	Setup Studio One 5 v5.1.0.tmp
File created	C:\Program Files\PreSonus\Studio One 5\Presets\PreSonus\Mai Tai\Strings\is-07LVF.tmp	Setup Studio One 5 v5.1.0.tmp
File created	C:\Program Files\PreSonus\Studio One 5\devices\M-Audio\Axiom\is-6P1E5.tmp	Setup Studio One 5 v5.1.0.tmp
File created	C:\Program Files\PreSonus\Studio One 5\Presets\PreSonus\Arpeggiator\is-BCGDV.tmp	Setup Studio One 5 v5.1.0.tmp
File created	C:\Program Files\PreSonus\Studio One 5\Presets\PreSonus\Channel Strip\Vocals\is-SGUTP.tmp	Setup Studio One 5 v5.1.0.tmp
File created	C:\Program Files\PreSonus\Studio One 5\Presets\PreSonus\Expander\General Use\is-DDDH2.tmp	Setup Studio One 5 v5.1.0.tmp
File created	C:\Program Files\PreSonus\Studio One 5\Presets\PreSonus\Multiband Dynamics\Mix\is-43135.tmp	Setup Studio One 5 v5.1.0.tmp
File created	C:\Program Files\PreSonus\Studio One 5\Presets\PreSonus\Phaser\Guitar\is-MKE1P.tmp	Setup Studio One 5 v5.1.0.tmp
File opened for modification	C:\Program Files\PreSonus\Studio One 5\Plugins\hybrideffects.dll	Setup Studio One 5 v5.1.0.tmp
File created	C:\Program Files\PreSonus\Studio One 5\devices\Edirol\PCR-300\is-CQC15.tmp	Setup Studio One 5 v5.1.0.tmp
File created	C:\Program Files\PreSonus\Studio One 5\Presets\PreSonus\FX Chains\Drums\is-4QNVT.tmp	Setup Studio One 5 v5.1.0.tmp
File created	C:\Program Files\PreSonus\Studio One 5\Presets\PreSonus\Gate\Instruments\is-T6597.tmp	Setup Studio One 5 v5.1.0.tmp
File created	C:\Program Files\PreSonus\Studio One 5\Presets\PreSonus\Compressor\Drums\is-S1AB7.tmp	Setup Studio One 5 v5.1.0.tmp
File opened for modification	C:\Program Files\PreSonus\Studio One 5\Plugins\synth.dll	Setup Studio One 5 v5.1.0.tmp
File created	C:\Program Files\PreSonus\Studio One 5\devices\M-Audio\Oxygen\is-CBE7O.tmp	Setup Studio One 5 v5.1.0.tmp

Suspicious behavior: EnumeratesProcesses 2 IoCs

Processes:

Setup Studio One 5 v5.1.0.tmp

pid process

3892 Setup Studio One 5 v5.1.0.tmp
3892 Setup Studio One 5 v5.1.0.tmp
Suspicious use of FindShellTrayWindow 1 IoCs

Processes:

Setup Studio One 5 v5.1.0.tmp

pid process

3892 Setup Studio One 5 v5.1.0.tmp
Suspicious use of SetWindowsHookEx 1 IoCs

Processes:

Setup Studio One 5 v5.1.0.tmp

pid process

3892 Setup Studio One 5 v5.1.0.tmp

Suspicious use of WriteProcessMemory 3 IoCs

Processes:

Setup Studio One 5 v5.1.0.exe

description	pid	process	target process
PID 1144 wrote to memory of 3892	1144	Setup Studio One 5 v5.1.0.exe	Setup Studio One 5 v5.1.0.tmp
PID 1144 wrote to memory of 3892	1144	Setup Studio One 5 v5.1.0.exe	Setup Studio One 5 v5.1.0.tmp
PID 1144 wrote to memory of 3892	1144	Setup Studio One 5 v5.1.0.exe	Setup Studio One 5 v5.1.0.tmp

C:\Users\Admin\AppData\Local\Temp\Setup Studio One 5 v5.1.0.exe
"C:\Users\Admin\AppData\Local\Temp\Setup Studio One 5 v5.1.0.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1144

C:\Users\Admin\AppData\Local\Temp\is-1DDQ2.tmp\Setup Studio One 5 v5.1.0.tmp
"C:\Users\Admin\AppData\Local\Temp\is-1DDQ2.tmp\Setup Studio One 5 v5.1.0.tmp" /SL5="$20120,135223530,401920,C:\Users\Admin\AppData\Local\Temp\Setup Studio One 5 v5.1.0.exe"
2⤵
- Executes dropped EXE
- Loads dropped DLL
- Drops file in Program Files directory
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
PID:3892

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\is-1DDQ2.tmp\Setup Studio One 5 v5.1.0.tmp
MD5
fc809e529045b95f153064607f4490a5

SHA1
79e6edab31167500db7ec34f206f8560ad9b528e

SHA256
9cedc0126ddf43441ad80ea65a5dcef5c99e33ef30cfd9fff626e6f30fc7a668

SHA512
35c853853b0aff4ae556a8bf73be5fca5508310c9d61bba5c1d637a2a403a51a8b01c576812f263f715b11f55ed5c226ea8eeed3cb4f0eca623be9595d9b663d

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-1DDQ2.tmp\Setup Studio One 5 v5.1.0.tmp
MD5
fc809e529045b95f153064607f4490a5

SHA1
79e6edab31167500db7ec34f206f8560ad9b528e

SHA256
9cedc0126ddf43441ad80ea65a5dcef5c99e33ef30cfd9fff626e6f30fc7a668

SHA512
35c853853b0aff4ae556a8bf73be5fca5508310c9d61bba5c1d637a2a403a51a8b01c576812f263f715b11f55ed5c226ea8eeed3cb4f0eca623be9595d9b663d

Download Submit
\Users\Admin\AppData\Local\Temp\is-BS7T8.tmp\ISSKINU.DLL
MD5
f30afccd6fafc1cad4567ada824c9358

SHA1
60a65b72f208563f90fba0da6af013a36707caa9

SHA256
e28d16fad16bca8198c47d7dd44acfd362dd6ba1654f700add8aaf2c0732622d

SHA512
59b199085ed4b59ef2b385a09d0901ff2efde7b344db1e900684a425fc2df8e2010ca73d2f2bffa547040cb1dd4c8938b175c463ccc5e39a840a19f9aa301a6c

Download Submit
\Users\Admin\AppData\Local\Temp\is-BS7T8.tmp\ISSKINU.DLL
MD5
f30afccd6fafc1cad4567ada824c9358

SHA1
60a65b72f208563f90fba0da6af013a36707caa9

SHA256
e28d16fad16bca8198c47d7dd44acfd362dd6ba1654f700add8aaf2c0732622d

SHA512
59b199085ed4b59ef2b385a09d0901ff2efde7b344db1e900684a425fc2df8e2010ca73d2f2bffa547040cb1dd4c8938b175c463ccc5e39a840a19f9aa301a6c

Download Submit
\Users\Admin\AppData\Local\Temp\is-BS7T8.tmp\R2RINNO.dll
MD5
0f8bbab51c5f70093b7ed7dd825d68e8

SHA1
a96809560b3e9001124083937a339cf2453a94c8

SHA256
7fc4fa7f5cea34df0a6733527081886cfb1c49b369df2db454de87cc4e70bdb5

SHA512
7b824ad5d7ec786535106d98bc80c9350f35ac2b76d7ee20163e90becf076dfeaca4732c0ecbe2d3d84a2efef337c380d5548ca0123e69e66e30bb396f0b9b81

Download Submit
\Users\Admin\AppData\Local\Temp\is-BS7T8.tmp\SKIN.CJSTYLES
MD5
5f87caf3f7cf63dde8e6af53bdf31289

SHA1
a2c3cc3d9d831acd797155b667db59a32000d7a8

SHA256
4731982b02b067d3f5a5a7518279a9265a49fb0f7b3f8dc3d61b82a5359d4940

SHA512
4875298d82037ef1fff1ee3c58a9059d8480274326c862729fcc56664ecb49e2692c3838948c66dc8336e4050469d831cbf1fbd79b66565ab673d2a67765109d

Download Submit
\Users\Admin\AppData\Local\Temp\is-BS7T8.tmp\SKIN.CJSTYLES
MD5
5f87caf3f7cf63dde8e6af53bdf31289

SHA1
a2c3cc3d9d831acd797155b667db59a32000d7a8

SHA256
4731982b02b067d3f5a5a7518279a9265a49fb0f7b3f8dc3d61b82a5359d4940

SHA512
4875298d82037ef1fff1ee3c58a9059d8480274326c862729fcc56664ecb49e2692c3838948c66dc8336e4050469d831cbf1fbd79b66565ab673d2a67765109d

Download Submit
memory/3892-0-0x0000000000000000-mapping.dmp

Download

Resubmissions

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads