4aa2f937edd661a5a3762c25d129d27085562e816e03a7063a5f43446608a730

General

Target

7d180125f28a3625c407fee1767c0df3.exe
Size

9.7MB
MD5

b48e8f6cd5f6b0785d39274d0633801d
SHA1

7fea985ab3d94abc817360c280a09c59a6b59f58
SHA256

4aa2f937edd661a5a3762c25d129d27085562e816e03a7063a5f43446608a730
SHA512

32cdb545541acd24a5b878c4c81e70cd2d63542697fce0dc363cadb317a1714bf028b4ad78dc7c1c57db08940e215150f96f6687098970f1ac54c0c7884529ec

Score

8^/10

discovery

Malware Config

Signatures

Executes dropped EXE 2 IoCs

Processes:

7d180125f28a3625c407fee1767c0df3.tmpUdioConverter.exe

pid process

1516 7d180125f28a3625c407fee1767c0df3.tmp
912 UdioConverter.exe

pid	process
1516	7d180125f28a3625c407fee1767c0df3.tmp
912	UdioConverter.exe

Loads dropped DLL 4 IoCs

Processes:

7d180125f28a3625c407fee1767c0df3.exe7d180125f28a3625c407fee1767c0df3.tmp

pid	process
1904	7d180125f28a3625c407fee1767c0df3.exe
1516	7d180125f28a3625c407fee1767c0df3.tmp
1516	7d180125f28a3625c407fee1767c0df3.tmp
1516	7d180125f28a3625c407fee1767c0df3.tmp

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Drops file in Program Files directory 184 IoCs

Processes:

7d180125f28a3625c407fee1767c0df3.tmp

description	ioc	process
File created	C:\Program Files (x86)\UdioConverter 32bit\profiles\is-0OCVG.tmp	7d180125f28a3625c407fee1767c0df3.tmp
File created	C:\Program Files (x86)\UdioConverter 32bit\profiles\is-3IJNO.tmp	7d180125f28a3625c407fee1767c0df3.tmp
File created	C:\Program Files (x86)\UdioConverter 32bit\profiles\is-Q62BN.tmp	7d180125f28a3625c407fee1767c0df3.tmp
File created	C:\Program Files (x86)\UdioConverter 32bit\Tools\fhgaacenc\is-0AGTU.tmp	7d180125f28a3625c407fee1767c0df3.tmp
File opened for modification	C:\Program Files (x86)\UdioConverter 32bit\Tools\MAC.exe	7d180125f28a3625c407fee1767c0df3.tmp
File opened for modification	C:\Program Files (x86)\UdioConverter 32bit\Tools\VorbisGain.exe	7d180125f28a3625c407fee1767c0df3.tmp
File created	C:\Program Files (x86)\UdioConverter 32bit\profiles\is-NK8TP.tmp	7d180125f28a3625c407fee1767c0df3.tmp
File created	C:\Program Files (x86)\UdioConverter 32bit\profiles\is-NMME7.tmp	7d180125f28a3625c407fee1767c0df3.tmp
File created	C:\Program Files (x86)\UdioConverter 32bit\Tools\sox\is-2B6IR.tmp	7d180125f28a3625c407fee1767c0df3.tmp
File created	C:\Program Files (x86)\UdioConverter 32bit\basslib\is-5CL1U.tmp	7d180125f28a3625c407fee1767c0df3.tmp
File created	C:\Program Files (x86)\UdioConverter 32bit\Tools\fhgaacenc\is-7DAE5.tmp	7d180125f28a3625c407fee1767c0df3.tmp
File created	C:\Program Files (x86)\UdioConverter 32bit\Tools\flaccl\is-HGVMD.tmp	7d180125f28a3625c407fee1767c0df3.tmp
File opened for modification	C:\Program Files (x86)\UdioConverter 32bit\Tools\flac.exe	7d180125f28a3625c407fee1767c0df3.tmp
File created	C:\Program Files (x86)\UdioConverter 32bit\is-09QDN.tmp	7d180125f28a3625c407fee1767c0df3.tmp
File created	C:\Program Files (x86)\UdioConverter 32bit\is-HAA2S.tmp	7d180125f28a3625c407fee1767c0df3.tmp
File created	C:\Program Files (x86)\UdioConverter 32bit\basslib\is-C80DA.tmp	7d180125f28a3625c407fee1767c0df3.tmp
File created	C:\Program Files (x86)\UdioConverter 32bit\Tools\flaccl\is-55I74.tmp	7d180125f28a3625c407fee1767c0df3.tmp
File created	C:\Program Files (x86)\UdioConverter 32bit\Tools\wavpack\is-01BJI.tmp	7d180125f28a3625c407fee1767c0df3.tmp
File created	C:\Program Files (x86)\UdioConverter 32bit\Tools\wavpack\is-TN1Q6.tmp	7d180125f28a3625c407fee1767c0df3.tmp
File created	C:\Program Files (x86)\UdioConverter 32bit\basslib\is-LI4ET.tmp	7d180125f28a3625c407fee1767c0df3.tmp
File created	C:\Program Files (x86)\UdioConverter 32bit\profiles\is-N8VQI.tmp	7d180125f28a3625c407fee1767c0df3.tmp
File created	C:\Program Files (x86)\UdioConverter 32bit\Tools\ffmpeg\is-N209N.tmp	7d180125f28a3625c407fee1767c0df3.tmp
File created	C:\Program Files (x86)\UdioConverter 32bit\Tools\fhgaacenc\src\fhgaacenc\is-HIB2F.tmp	7d180125f28a3625c407fee1767c0df3.tmp
File created	C:\Program Files (x86)\UdioConverter 32bit\basslib\is-DI1OR.tmp	7d180125f28a3625c407fee1767c0df3.tmp
File created	C:\Program Files (x86)\UdioConverter 32bit\Tools\flaccl\is-MTA6M.tmp	7d180125f28a3625c407fee1767c0df3.tmp
File created	C:\Program Files (x86)\UdioConverter 32bit\Tools\ttaenc\is-FSJD9.tmp	7d180125f28a3625c407fee1767c0df3.tmp
File opened for modification	C:\Program Files (x86)\UdioConverter 32bit\basslib\bass.dll	7d180125f28a3625c407fee1767c0df3.tmp
File opened for modification	C:\Program Files (x86)\UdioConverter 32bit\basslib\basswasapi.dll	7d180125f28a3625c407fee1767c0df3.tmp
File created	C:\Program Files (x86)\UdioConverter 32bit\is-38NGH.tmp	7d180125f28a3625c407fee1767c0df3.tmp
File created	C:\Program Files (x86)\UdioConverter 32bit\is-BHSLA.tmp	7d180125f28a3625c407fee1767c0df3.tmp
File created	C:\Program Files (x86)\UdioConverter 32bit\Tools\wavpack\is-IGC7M.tmp	7d180125f28a3625c407fee1767c0df3.tmp
File created	C:\Program Files (x86)\UdioConverter 32bit\is-DQFQC.tmp	7d180125f28a3625c407fee1767c0df3.tmp
File created	C:\Program Files (x86)\UdioConverter 32bit\profiles\is-GDU9R.tmp	7d180125f28a3625c407fee1767c0df3.tmp
File created	C:\Program Files (x86)\UdioConverter 32bit\profiles\is-5P8OA.tmp	7d180125f28a3625c407fee1767c0df3.tmp
File created	C:\Program Files (x86)\UdioConverter 32bit\profiles\is-RITPU.tmp	7d180125f28a3625c407fee1767c0df3.tmp
File opened for modification	C:\Program Files (x86)\UdioConverter 32bit\Tools\oggenc2.exe	7d180125f28a3625c407fee1767c0df3.tmp
File created	C:\Program Files (x86)\UdioConverter 32bit\basslib\is-LQCBF.tmp	7d180125f28a3625c407fee1767c0df3.tmp
File created	C:\Program Files (x86)\UdioConverter 32bit\profiles\is-R6A4H.tmp	7d180125f28a3625c407fee1767c0df3.tmp
File created	C:\Program Files (x86)\UdioConverter 32bit\Tools\fhgaacenc\src\is-9M2P5.tmp	7d180125f28a3625c407fee1767c0df3.tmp
File created	C:\Program Files (x86)\UdioConverter 32bit\Tools\wavpack\is-4C011.tmp	7d180125f28a3625c407fee1767c0df3.tmp
File opened for modification	C:\Program Files (x86)\UdioConverter 32bit\Tools\wavpack\wvunpack.exe	7d180125f28a3625c407fee1767c0df3.tmp
File created	C:\Program Files (x86)\UdioConverter 32bit\basslib\is-8RARO.tmp	7d180125f28a3625c407fee1767c0df3.tmp
File created	C:\Program Files (x86)\UdioConverter 32bit\profiles\is-T47U8.tmp	7d180125f28a3625c407fee1767c0df3.tmp
File created	C:\Program Files (x86)\UdioConverter 32bit\Tools\is-VHO2J.tmp	7d180125f28a3625c407fee1767c0df3.tmp
File created	C:\Program Files (x86)\UdioConverter 32bit\Tools\is-2O3DQ.tmp	7d180125f28a3625c407fee1767c0df3.tmp
File opened for modification	C:\Program Files (x86)\UdioConverter 32bit\Tools\wavpack\wavpack.exe	7d180125f28a3625c407fee1767c0df3.tmp
File opened for modification	C:\Program Files (x86)\UdioConverter 32bit\basslib\basswv.dll	7d180125f28a3625c407fee1767c0df3.tmp
File created	C:\Program Files (x86)\UdioConverter 32bit\profiles\is-C1K7K.tmp	7d180125f28a3625c407fee1767c0df3.tmp
File created	C:\Program Files (x86)\UdioConverter 32bit\profiles\is-VG8HN.tmp	7d180125f28a3625c407fee1767c0df3.tmp
File created	C:\Program Files (x86)\UdioConverter 32bit\Tools\sox\is-GVE2E.tmp	7d180125f28a3625c407fee1767c0df3.tmp
File opened for modification	C:\Program Files (x86)\UdioConverter 32bit\basslib\bassenc.dll	7d180125f28a3625c407fee1767c0df3.tmp
File opened for modification	C:\Program Files (x86)\UdioConverter 32bit\basslib\OptimFROG.dll	7d180125f28a3625c407fee1767c0df3.tmp
File opened for modification	C:\Program Files (x86)\UdioConverter 32bit\Tools\flaccl\CUETools.Codecs.FLACCL.dll	7d180125f28a3625c407fee1767c0df3.tmp
File created	C:\Program Files (x86)\UdioConverter 32bit\Tools\fhgaacenc\src\fhgaacenc\is-IIA3T.tmp	7d180125f28a3625c407fee1767c0df3.tmp
File opened for modification	C:\Program Files (x86)\UdioConverter 32bit\Tools\opusenc.exe	7d180125f28a3625c407fee1767c0df3.tmp
File opened for modification	C:\Program Files (x86)\UdioConverter 32bit\basslib\bassmix.dll	7d180125f28a3625c407fee1767c0df3.tmp
File created	C:\Program Files (x86)\UdioConverter 32bit\basslib\is-GGJEM.tmp	7d180125f28a3625c407fee1767c0df3.tmp
File created	C:\Program Files (x86)\UdioConverter 32bit\profiles\is-0B7RU.tmp	7d180125f28a3625c407fee1767c0df3.tmp
File created	C:\Program Files (x86)\UdioConverter 32bit\basslib\is-TFFGJ.tmp	7d180125f28a3625c407fee1767c0df3.tmp
File created	C:\Program Files (x86)\UdioConverter 32bit\basslib\is-MPBI0.tmp	7d180125f28a3625c407fee1767c0df3.tmp
File created	C:\Program Files (x86)\UdioConverter 32bit\profiles\is-IMCCF.tmp	7d180125f28a3625c407fee1767c0df3.tmp
File opened for modification	C:\Program Files (x86)\UdioConverter 32bit\basslib\bassflac.dll	7d180125f28a3625c407fee1767c0df3.tmp
File opened for modification	C:\Program Files (x86)\UdioConverter 32bit\Tools\flaccl\CUETools.Codecs.FLAKE.dll	7d180125f28a3625c407fee1767c0df3.tmp
File opened for modification	C:\Program Files (x86)\UdioConverter 32bit\Tools\flaccl\OpenCLNet.dll	7d180125f28a3625c407fee1767c0df3.tmp

Suspicious behavior: EnumeratesProcesses 3 IoCs

Processes:

7d180125f28a3625c407fee1767c0df3.tmpUdioConverter.exe

pid process

1516 7d180125f28a3625c407fee1767c0df3.tmp
1516 7d180125f28a3625c407fee1767c0df3.tmp
912 UdioConverter.exe
Suspicious use of FindShellTrayWindow 1 IoCs

Processes:

7d180125f28a3625c407fee1767c0df3.tmp

pid process

1516 7d180125f28a3625c407fee1767c0df3.tmp

pid	process
1516	7d180125f28a3625c407fee1767c0df3.tmp
1516	7d180125f28a3625c407fee1767c0df3.tmp
912	UdioConverter.exe

pid	process
1516	7d180125f28a3625c407fee1767c0df3.tmp

Suspicious use of WriteProcessMemory 11 IoCs

Processes:

7d180125f28a3625c407fee1767c0df3.exe7d180125f28a3625c407fee1767c0df3.tmp

description	pid	process	target process
PID 1904 wrote to memory of 1516	1904	7d180125f28a3625c407fee1767c0df3.exe	7d180125f28a3625c407fee1767c0df3.tmp
PID 1904 wrote to memory of 1516	1904	7d180125f28a3625c407fee1767c0df3.exe	7d180125f28a3625c407fee1767c0df3.tmp
PID 1904 wrote to memory of 1516	1904	7d180125f28a3625c407fee1767c0df3.exe	7d180125f28a3625c407fee1767c0df3.tmp
PID 1904 wrote to memory of 1516	1904	7d180125f28a3625c407fee1767c0df3.exe	7d180125f28a3625c407fee1767c0df3.tmp
PID 1904 wrote to memory of 1516	1904	7d180125f28a3625c407fee1767c0df3.exe	7d180125f28a3625c407fee1767c0df3.tmp
PID 1904 wrote to memory of 1516	1904	7d180125f28a3625c407fee1767c0df3.exe	7d180125f28a3625c407fee1767c0df3.tmp
PID 1904 wrote to memory of 1516	1904	7d180125f28a3625c407fee1767c0df3.exe	7d180125f28a3625c407fee1767c0df3.tmp
PID 1516 wrote to memory of 912	1516	7d180125f28a3625c407fee1767c0df3.tmp	UdioConverter.exe
PID 1516 wrote to memory of 912	1516	7d180125f28a3625c407fee1767c0df3.tmp	UdioConverter.exe
PID 1516 wrote to memory of 912	1516	7d180125f28a3625c407fee1767c0df3.tmp	UdioConverter.exe
PID 1516 wrote to memory of 912	1516	7d180125f28a3625c407fee1767c0df3.tmp	UdioConverter.exe

C:\Users\Admin\AppData\Local\Temp\7d180125f28a3625c407fee1767c0df3.exe
"C:\Users\Admin\AppData\Local\Temp\7d180125f28a3625c407fee1767c0df3.exe"
1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:1904

C:\Users\Admin\AppData\Local\Temp\is-3G5OI.tmp\7d180125f28a3625c407fee1767c0df3.tmp
"C:\Users\Admin\AppData\Local\Temp\is-3G5OI.tmp\7d180125f28a3625c407fee1767c0df3.tmp" /SL5="$50156,9852964,58368,C:\Users\Admin\AppData\Local\Temp\7d180125f28a3625c407fee1767c0df3.exe"
2⤵
- Executes dropped EXE
- Loads dropped DLL
- Drops file in Program Files directory
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of FindShellTrayWindow
- Suspicious use of WriteProcessMemory
PID:1516

C:\Program Files (x86)\UdioConverter 32bit\UdioConverter.exe
"C:\Program Files (x86)\UdioConverter 32bit\UdioConverter.exe" 7d180125f28a3625c407fee1767c0df3.exe
3⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
PID:912

Network

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

1

T1012

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files (x86)\UdioConverter 32bit\UdioConverter.exe
MD5
ada6ffe2d5feac62c6d71379cbca677f

SHA1
6ab66f0c0f239a2f0534ebda6ae097bf2ce6c02d

SHA256
4edb495fb84dc4ba5b2cd7896d83908c2ea0df4da8b1f601ae2ce17bc54c5096

SHA512
502dff71ca0ba0f3af47acf12a2b43aa43ce6008cfc0554d912015fc3a296a09cf95dd6890f6641ca3036e7c8b77e4521bf284903fb760dafb3223d23c2a806d

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-3G5OI.tmp\7d180125f28a3625c407fee1767c0df3.tmp
MD5
cf03b2ebd31db778f46ca4e77fe6f68b

SHA1
01804b307afd53b4f98b731595c66a2779eb5262

SHA256
98df318c044a7501d784c5771b285cdf35cefaf1b01968d5f39aee4734b0dcab

SHA512
05e2fbea6d73ff9fb284723bcde31c52bc3955c40c675e606cb2fe9ca52a49d88920e0a9bdd9f00361fc06a7562e7c3623235d4364e528f1d37297cb3e524744

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-3G5OI.tmp\7d180125f28a3625c407fee1767c0df3.tmp
MD5
cf03b2ebd31db778f46ca4e77fe6f68b

SHA1
01804b307afd53b4f98b731595c66a2779eb5262

SHA256
98df318c044a7501d784c5771b285cdf35cefaf1b01968d5f39aee4734b0dcab

SHA512
05e2fbea6d73ff9fb284723bcde31c52bc3955c40c675e606cb2fe9ca52a49d88920e0a9bdd9f00361fc06a7562e7c3623235d4364e528f1d37297cb3e524744

Download Submit
\Program Files (x86)\UdioConverter 32bit\UdioConverter.exe
MD5
ada6ffe2d5feac62c6d71379cbca677f

SHA1
6ab66f0c0f239a2f0534ebda6ae097bf2ce6c02d

SHA256
4edb495fb84dc4ba5b2cd7896d83908c2ea0df4da8b1f601ae2ce17bc54c5096

SHA512
502dff71ca0ba0f3af47acf12a2b43aa43ce6008cfc0554d912015fc3a296a09cf95dd6890f6641ca3036e7c8b77e4521bf284903fb760dafb3223d23c2a806d

Download Submit
\Program Files (x86)\UdioConverter 32bit\UdioConverter.exe
MD5
ada6ffe2d5feac62c6d71379cbca677f

SHA1
6ab66f0c0f239a2f0534ebda6ae097bf2ce6c02d

SHA256
4edb495fb84dc4ba5b2cd7896d83908c2ea0df4da8b1f601ae2ce17bc54c5096

SHA512
502dff71ca0ba0f3af47acf12a2b43aa43ce6008cfc0554d912015fc3a296a09cf95dd6890f6641ca3036e7c8b77e4521bf284903fb760dafb3223d23c2a806d

Download Submit
\Users\Admin\AppData\Local\Temp\is-3G5OI.tmp\7d180125f28a3625c407fee1767c0df3.tmp
MD5
cf03b2ebd31db778f46ca4e77fe6f68b

SHA1
01804b307afd53b4f98b731595c66a2779eb5262

SHA256
98df318c044a7501d784c5771b285cdf35cefaf1b01968d5f39aee4734b0dcab

SHA512
05e2fbea6d73ff9fb284723bcde31c52bc3955c40c675e606cb2fe9ca52a49d88920e0a9bdd9f00361fc06a7562e7c3623235d4364e528f1d37297cb3e524744

Download Submit
\Users\Admin\AppData\Local\Temp\is-GFIJR.tmp\_isetup\_iscrypt.dll
MD5
a69559718ab506675e907fe49deb71e9

SHA1
bc8f404ffdb1960b50c12ff9413c893b56f2e36f

SHA256
2f6294f9aa09f59a574b5dcd33be54e16b39377984f3d5658cda44950fa0f8fc

SHA512
e52e0aa7fe3f79e36330c455d944653d449ba05b2f9abee0914a0910c3452cfa679a40441f9ac696b3ccf9445cbb85095747e86153402fc362bb30ac08249a63

Download Submit
memory/912-7-0x0000000000000000-mapping.dmp

Download
memory/912-10-0x0000000006530000-0x0000000006541000-memory.dmp

Filesize
68KB

Download
memory/912-9-0x0000000006120000-0x0000000006131000-memory.dmp

Filesize
68KB

Download
memory/1516-1-0x0000000000000000-mapping.dmp

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix ATT&CK v6

Replay Monitor

Loading Replay Monitor...

Downloads