9520d8db7ed585a6a68711aa26b9ca565c0c09a3274ea39168cf8f7732fa31c0

Resubmissions

03/03/2023, 06:07

230303-gvgy7afh5x 9

03/03/2023, 06:03

230303-gsfcksgd64 1

03/03/2023, 05:58

230303-gpdpksfh4v 7

03/03/2023, 05:55

230303-gmxpnsgd56 7

Analysis

max time kernel
128s
max time network
152s
platform
windows10-2004_x64
resource
win10v2004-20230220-en
resource tags

arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system
submitted
03/03/2023, 05:58

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

RadioBOSS_6.2.4.2/radioboss_setup_6.2.4.2_x64.exe
Size

35.8MB
MD5

f1a71910d9f05e56f21e5c4e5321ea02
SHA1

be4ac8e874614e4ffd4aafc7f2e9b35b6f1bfb28
SHA256

f66722f101920c6de52bc9b20cd5f3fe14db00e4e8007edf418678bf8197afda
SHA512

bd5aee9ddb2eed2d85ef8ef22f169f58c7f445766eeb60996bb9e9fe882ecd4eb83052ce597501ebbf6a14e40775c109aeb3ccda5296207a983b66228a5c8224
SSDEEP

786432:lOHIhav4EctmtB39Owwwqnn8sN7N3uXGmg8tra:lOHIhav4p8HNOp88ZeXG6tra

Score

7^/10

discovery

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
2924	radioboss_setup_6.2.4.2_x64.tmp

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\RadioBOSS\Style\Black\is-8RFT6.tmp	radioboss_setup_6.2.4.2_x64.tmp
File created	C:\Program Files\RadioBOSS\Style\Center\2x\is-P3DGU.tmp	radioboss_setup_6.2.4.2_x64.tmp
File created	C:\Program Files\RadioBOSS\Style\Set 1\is-L59DJ.tmp	radioboss_setup_6.2.4.2_x64.tmp
File created	C:\Program Files\RadioBOSS\Style\Set 2\is-HP088.tmp	radioboss_setup_6.2.4.2_x64.tmp
File created	C:\Program Files\RadioBOSS\is-R0JA1.tmp	radioboss_setup_6.2.4.2_x64.tmp
File created	C:\Program Files\RadioBOSS\Lang\Br\is-A6I7S.tmp	radioboss_setup_6.2.4.2_x64.tmp
File created	C:\Program Files\RadioBOSS\Lang\No\is-Q3T6L.tmp	radioboss_setup_6.2.4.2_x64.tmp
File created	C:\Program Files\RadioBOSS\Lang\Tr\is-18MF4.tmp	radioboss_setup_6.2.4.2_x64.tmp
File created	C:\Program Files\RadioBOSS\Style\Minimal\is-9K434.tmp	radioboss_setup_6.2.4.2_x64.tmp
File created	C:\Program Files\RadioBOSS\Style\Black\is-BUKDI.tmp	radioboss_setup_6.2.4.2_x64.tmp
File created	C:\Program Files\RadioBOSS\Style\Center\2x\is-02JE4.tmp	radioboss_setup_6.2.4.2_x64.tmp
File created	C:\Program Files\RadioBOSS\Style\Flat Color\is-JDN19.tmp	radioboss_setup_6.2.4.2_x64.tmp
File created	C:\Program Files\RadioBOSS\Style\Flat Color\is-GD4S0.tmp	radioboss_setup_6.2.4.2_x64.tmp
File created	C:\Program Files\RadioBOSS\Lang\Fr\is-EQM4G.tmp	radioboss_setup_6.2.4.2_x64.tmp
File created	C:\Program Files\RadioBOSS\Style\Minimal\2x\is-I6QVN.tmp	radioboss_setup_6.2.4.2_x64.tmp
File created	C:\Program Files\RadioBOSS\Style\Center\is-UTQFL.tmp	radioboss_setup_6.2.4.2_x64.tmp
File created	C:\Program Files\RadioBOSS\Style\Flat Color\is-3PVRA.tmp	radioboss_setup_6.2.4.2_x64.tmp
File created	C:\Program Files\RadioBOSS\Style\Minimal\is-3A4LB.tmp	radioboss_setup_6.2.4.2_x64.tmp
File created	C:\Program Files\RadioBOSS\Style\Set 3\is-VRM5T.tmp	radioboss_setup_6.2.4.2_x64.tmp
File created	C:\Program Files\RadioBOSS\Style\Center\is-MFCR7.tmp	radioboss_setup_6.2.4.2_x64.tmp
File created	C:\Program Files\RadioBOSS\Style\Center\2x\is-EJ2E1.tmp	radioboss_setup_6.2.4.2_x64.tmp
File created	C:\Program Files\RadioBOSS\Style\Minimal\is-HBOQD.tmp	radioboss_setup_6.2.4.2_x64.tmp
File created	C:\Program Files\RadioBOSS\Style\Minimal\2x\is-P5OAV.tmp	radioboss_setup_6.2.4.2_x64.tmp
File created	C:\Program Files\RadioBOSS\Presets\Equalizer\is-94DFI.tmp	radioboss_setup_6.2.4.2_x64.tmp
File created	C:\Program Files\RadioBOSS\Redist\VB-CABLE\is-FSM1V.tmp	radioboss_setup_6.2.4.2_x64.tmp
File opened for modification	C:\Program Files\RadioBOSS\u_feedback.dll	radioboss_setup_6.2.4.2_x64.tmp
File opened for modification	C:\Program Files\RadioBOSS\Lang\Gr\help.chm	radioboss_setup_6.2.4.2_x64.tmp
File created	C:\Program Files\RadioBOSS\Lang\Fr\is-T0TNC.tmp	radioboss_setup_6.2.4.2_x64.tmp
File created	C:\Program Files\RadioBOSS\Presets\AutoAmp\is-8HPGC.tmp	radioboss_setup_6.2.4.2_x64.tmp
File opened for modification	C:\Program Files\RadioBOSS\Lang\Ro\help.chm	radioboss_setup_6.2.4.2_x64.tmp
File created	C:\Program Files\RadioBOSS\Style\Center\2x\is-0HT3T.tmp	radioboss_setup_6.2.4.2_x64.tmp
File created	C:\Program Files\RadioBOSS\Style\Minimal\is-1FSRJ.tmp	radioboss_setup_6.2.4.2_x64.tmp
File created	C:\Program Files\RadioBOSS\Style\Black\is-GSPP9.tmp	radioboss_setup_6.2.4.2_x64.tmp
File created	C:\Program Files\RadioBOSS\Style\Black\is-C5VVN.tmp	radioboss_setup_6.2.4.2_x64.tmp
File opened for modification	C:\Program Files\RadioBOSS\Plugins\basscd.dll	radioboss_setup_6.2.4.2_x64.tmp
File created	C:\Program Files\RadioBOSS\Lang\Ru\is-NP6HU.tmp	radioboss_setup_6.2.4.2_x64.tmp
File created	C:\Program Files\RadioBOSS\Presets\Jingles\is-IU6V2.tmp	radioboss_setup_6.2.4.2_x64.tmp
File created	C:\Program Files\RadioBOSS\Redist\VB-CABLE\is-R6HVD.tmp	radioboss_setup_6.2.4.2_x64.tmp
File opened for modification	C:\Program Files\RadioBOSS\Lang\Nl\help.chm	radioboss_setup_6.2.4.2_x64.tmp
File created	C:\Program Files\RadioBOSS\Plugins\is-C3C9H.tmp	radioboss_setup_6.2.4.2_x64.tmp
File created	C:\Program Files\RadioBOSS\Style\Minimal\2x\is-7O80G.tmp	radioboss_setup_6.2.4.2_x64.tmp
File created	C:\Program Files\RadioBOSS\Style\Center\2x\is-HTSUK.tmp	radioboss_setup_6.2.4.2_x64.tmp
File created	C:\Program Files\RadioBOSS\Style\Legacy\is-7D705.tmp	radioboss_setup_6.2.4.2_x64.tmp
File created	C:\Program Files\RadioBOSS\Style\Minimal\2x\is-SBLPP.tmp	radioboss_setup_6.2.4.2_x64.tmp
File created	C:\Program Files\RadioBOSS\Style\Set 2\is-MKVPS.tmp	radioboss_setup_6.2.4.2_x64.tmp
File opened for modification	C:\Program Files\RadioBOSS\7za.exe	radioboss_setup_6.2.4.2_x64.tmp
File created	C:\Program Files\RadioBOSS\Lang\Bg\is-4FP0Q.tmp	radioboss_setup_6.2.4.2_x64.tmp
File created	C:\Program Files\RadioBOSS\Lang\Ca\is-DE5SP.tmp	radioboss_setup_6.2.4.2_x64.tmp
File created	C:\Program Files\RadioBOSS\Lang\Gr\is-4LDEC.tmp	radioboss_setup_6.2.4.2_x64.tmp
File created	C:\Program Files\RadioBOSS\Style\Set 2\is-FQ55I.tmp	radioboss_setup_6.2.4.2_x64.tmp
File opened for modification	C:\Program Files\RadioBOSS\SoundTouch.dll	radioboss_setup_6.2.4.2_x64.tmp
File created	C:\Program Files\RadioBOSS\Lang\Br\is-HT4H2.tmp	radioboss_setup_6.2.4.2_x64.tmp
File created	C:\Program Files\RadioBOSS\Lang\Gr\is-PSEMB.tmp	radioboss_setup_6.2.4.2_x64.tmp
File created	C:\Program Files\RadioBOSS\Style\Flat Gray\is-QSDSF.tmp	radioboss_setup_6.2.4.2_x64.tmp
File created	C:\Program Files\RadioBOSS\Style\Set 1\is-JPC2R.tmp	radioboss_setup_6.2.4.2_x64.tmp
File opened for modification	C:\Program Files\RadioBOSS\unins000.dat	radioboss_setup_6.2.4.2_x64.tmp
File opened for modification	C:\Program Files\RadioBOSS\Plugins\basshls.dll	radioboss_setup_6.2.4.2_x64.tmp
File created	C:\Program Files\RadioBOSS\Style\Center\is-7OQ2L.tmp	radioboss_setup_6.2.4.2_x64.tmp
File created	C:\Program Files\RadioBOSS\Style\Legacy\is-BTKU5.tmp	radioboss_setup_6.2.4.2_x64.tmp
File created	C:\Program Files\RadioBOSS\Style\Minimal\is-VARN8.tmp	radioboss_setup_6.2.4.2_x64.tmp
File created	C:\Program Files\RadioBOSS\Style\Flat Color\is-305A2.tmp	radioboss_setup_6.2.4.2_x64.tmp
File created	C:\Program Files\RadioBOSS\Style\Minimal\2x\is-T0PF8.tmp	radioboss_setup_6.2.4.2_x64.tmp
File created	C:\Program Files\RadioBOSS\Style\Minimal\2x\is-3VOGQ.tmp	radioboss_setup_6.2.4.2_x64.tmp
File created	C:\Program Files\RadioBOSS\is-TIEPD.tmp	radioboss_setup_6.2.4.2_x64.tmp

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

System Information Discovery
T1082

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
2924	radioboss_setup_6.2.4.2_x64.tmp
2924	radioboss_setup_6.2.4.2_x64.tmp

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2924	radioboss_setup_6.2.4.2_x64.tmp

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1100 wrote to memory of 2924	1100	radioboss_setup_6.2.4.2_x64.exe	86
PID 1100 wrote to memory of 2924	1100	radioboss_setup_6.2.4.2_x64.exe	86
PID 1100 wrote to memory of 2924	1100	radioboss_setup_6.2.4.2_x64.exe	86

C:\Users\Admin\AppData\Local\Temp\RadioBOSS_6.2.4.2\radioboss_setup_6.2.4.2_x64.exe
"C:\Users\Admin\AppData\Local\Temp\RadioBOSS_6.2.4.2\radioboss_setup_6.2.4.2_x64.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1100
- C:\Users\Admin\AppData\Local\Temp\is-BS405.tmp\radioboss_setup_6.2.4.2_x64.tmp
  "C:\Users\Admin\AppData\Local\Temp\is-BS405.tmp\radioboss_setup_6.2.4.2_x64.tmp" /SL5="$D0054,36566931,1069568,C:\Users\Admin\AppData\Local\Temp\RadioBOSS_6.2.4.2\radioboss_setup_6.2.4.2_x64.exe"
  2⤵
  - Executes dropped EXE
  - Drops file in Program Files directory
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of FindShellTrayWindow
  PID:2924

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:548

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalService -p -s fdPHost
1⤵
PID:1344

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\RadioBOSS\Lang\Br\is-A6I7S.tmp

Filesize
3.9MB

MD5
b236ad1728627e91cff6a81030aa2549

SHA1
2598b4c6eb86cdbcf2b6f93211c49caf68db1a9d

SHA256
e8094b0e81b3c167b2b5078def8599c915286838244f04af27f03ce09d6c08b6

SHA512
1fccde9dc4ea8ead138db581272e373d3687f5cfb0e6836ee39f7f851153ef9092ae2346cf2a676c0bac4816ca916f16ce51e30a6c6e17af970182ed3b635471

Download Submit
C:\Program Files\RadioBOSS\Style\Set 1\is-KNG74.tmp

Filesize
40B

MD5
20ffe6db2ae36f6b2cb0572abd04584b

SHA1
a8f7599314d1fa0b587760ec128e4ba63455849d

SHA256
5814fb99d2616ba5beb5de695617ea4100f7b6208515b55995544ed19d6e985e

SHA512
87ebd2ce53a0ba7cd2fa57659e6d57a7d190ff28299cc8001e6d8ee5ef5c5075121cecb1df957549ba5ea16c0d1305e9e9efaa0df4030e94e0538f233f1d4e4b

Download Submit
C:\Program Files\RadioBOSS\radioboss_launcher.exe

Filesize
592KB

MD5
807c54ce9e32a0f6065b4d806864a5e0

SHA1
5da66595a352dd94a1bb54ac8f19dd38e7a0c3d3

SHA256
c04879c8d8f88142da5176d0792efcb1d9f453017f905fcb6b35588a01f1a9f4

SHA512
e70ac993ac6258b02e9b8e4e51dd3a11c15e55152902e195ac9c883761aacfeb9b6490fd8dc9bd70484081b72c7ea9abf36ffa734c6aa63b941e4c9930fb70b3

Download Submit
C:\Program Files\RadioBOSS\u_feedback.dll

Filesize
1.5MB

MD5
f2feac1449145c88f6639b50795c7aae

SHA1
e003f3b759d7907931703670fc69db766c72d775

SHA256
330480ac09844dc6a4f2c87d2fad0a7972617599bb057e7979dd6d7f22710ef1

SHA512
404fd22daf71b797603fb8ad0a85fff42831df5548bbd37682702703b833645d3132669c0fc2b6c7cfdd7bdeadd4d49360e7efa522bb4eb537a31b8cfb410412

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-BS405.tmp\radioboss_setup_6.2.4.2_x64.tmp

Filesize
3.3MB

MD5
830e93873039294d7480b2901cb7ae55

SHA1
732b6d59af42388fd456da9a81aa83b6cd17053e

SHA256
ff268aecd5b7d29f3f87067ba65edc8a9ac98fc0580c2a071ddcf8d5c5d90621

SHA512
695869a980ede17ad045cb60ab70109d779be7fbfe6299017ed67199c894a937ef7bc3a35aab3e0afefc38885887f2630470c1ac37be0d2898f96efd1c58affe

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-BS405.tmp\radioboss_setup_6.2.4.2_x64.tmp

Filesize
3.3MB

MD5
830e93873039294d7480b2901cb7ae55

SHA1
732b6d59af42388fd456da9a81aa83b6cd17053e

SHA256
ff268aecd5b7d29f3f87067ba65edc8a9ac98fc0580c2a071ddcf8d5c5d90621

SHA512
695869a980ede17ad045cb60ab70109d779be7fbfe6299017ed67199c894a937ef7bc3a35aab3e0afefc38885887f2630470c1ac37be0d2898f96efd1c58affe

Download Submit
memory/1100-1381-0x0000000000400000-0x0000000000512000-memory.dmp

Filesize
1.1MB

Download
memory/1100-139-0x0000000000400000-0x0000000000512000-memory.dmp

Filesize
1.1MB

Download
memory/1100-133-0x0000000000400000-0x0000000000512000-memory.dmp

Filesize
1.1MB

Download
memory/1100-142-0x0000000000400000-0x0000000000512000-memory.dmp

Filesize
1.1MB

Download
memory/2924-140-0x0000000000400000-0x000000000074D000-memory.dmp

Filesize
3.3MB

Download
memory/2924-190-0x0000000000400000-0x000000000074D000-memory.dmp

Filesize
3.3MB

Download
memory/2924-143-0x0000000000400000-0x000000000074D000-memory.dmp

Filesize
3.3MB

Download
memory/2924-1378-0x0000000000400000-0x000000000074D000-memory.dmp

Filesize
3.3MB

Download
memory/2924-1380-0x0000000000400000-0x000000000074D000-memory.dmp

Filesize
3.3MB

Download
memory/2924-138-0x0000000002820000-0x0000000002821000-memory.dmp

Filesize
4KB

Download