1654f1f78d746fc87a6f6d078a8f928ea61c7b49997b1f2c07dfc870f8fa6c10

Analysis

max time kernel
23s
max time network
19s
platform
windows10-1703_x64
resource
win10-20230220-en
resource tags

arch:x64arch:x86image:win10-20230220-enlocale:en-usos:windows10-1703-x64system
submitted
01/04/2023, 17:24

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

reaplugs236_x64-install.exe
Size

1.1MB
MD5

5035be3cb0843c4e4267da0294ca6c22
SHA1

aff349dddb84833e4be2146de83507cf09633100
SHA256

1654f1f78d746fc87a6f6d078a8f928ea61c7b49997b1f2c07dfc870f8fa6c10
SHA512

633f4480be58db63553e96a38ae73252faef958d3d00bace408ee13a816ca0d1e4f606e6ecb965b2cb41d85d44cce7ca718d378bbb1cd79692bb1ae67b8c2d6c
SSDEEP

24576:aeD6G2yeNBACnrL+ZVa2ajmYKS7mJQbm7ZHK3Y:8G2yCACnN5jmZS7mJQS7ZHGY

Score

6^/10

discovery

Malware Config

Signatures

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\VSTPlugins\ReaPlugs\JS\Effects\midi\sequencer_megababy	reaplugs236_x64-install.exe
File created	C:\Program Files\VSTPlugins\ReaPlugs\JS\Effects\sstillwell\badbussmojo_aa	reaplugs236_x64-install.exe
File created	C:\Program Files\VSTPlugins\ReaPlugs\JS\Effects\sstillwell\rbj1073	reaplugs236_x64-install.exe
File created	C:\Program Files\VSTPlugins\ReaPlugs\JS\Data\ix_scales\Melodic Minor.txt	reaplugs236_x64-install.exe
File created	C:\Program Files\VSTPlugins\ReaPlugs\JS\Effects\guitar\phaser	reaplugs236_x64-install.exe
File created	C:\Program Files\VSTPlugins\ReaPlugs\JS\Effects\loopsamplers\loopsampler-granul	reaplugs236_x64-install.exe
File created	C:\Program Files\VSTPlugins\ReaPlugs\JS\Effects\loser\SP1LimiterJS	reaplugs236_x64-install.exe
File created	C:\Program Files\VSTPlugins\ReaPlugs\JS\Effects\loser\amplitudeModulator	reaplugs236_x64-install.exe
File created	C:\Program Files\VSTPlugins\ReaPlugs\JS\Data\seqbaby_data\_Default Kit.txt	reaplugs236_x64-install.exe
File created	C:\Program Files\VSTPlugins\ReaPlugs\JS\Effects\Liteon\vumetergfxsum	reaplugs236_x64-install.exe
File created	C:\Program Files\VSTPlugins\ReaPlugs\JS\Effects\ix\MIDI_Velocifier II	reaplugs236_x64-install.exe
File created	C:\Program Files\VSTPlugins\ReaPlugs\JS\Effects\sstillwell\eventhorizon2	reaplugs236_x64-install.exe
File created	C:\Program Files\VSTPlugins\ReaPlugs\JS\Data\ix_sequences\2 - Accent on 1.txt	reaplugs236_x64-install.exe
File created	C:\Program Files\VSTPlugins\ReaPlugs\cockos_hslider.bmp	reaplugs236_x64-install.exe
File created	C:\Program Files\VSTPlugins\ReaPlugs\JS\Effects\guitar\wah	reaplugs236_x64-install.exe
File created	C:\Program Files\VSTPlugins\ReaPlugs\JS\Effects\synthesis\sine_sweep	reaplugs236_x64-install.exe
File created	C:\Program Files\VSTPlugins\ReaPlugs\JS\Data\ix_scales\Pentatonic Major.txt	reaplugs236_x64-install.exe
File created	C:\Program Files\VSTPlugins\ReaPlugs\JS\Effects\utility\chanmix2	reaplugs236_x64-install.exe
File created	C:\Program Files\VSTPlugins\ReaPlugs\JS\Effects\Teej\rbj4eq-teej	reaplugs236_x64-install.exe
File created	C:\Program Files\VSTPlugins\ReaPlugs\JS\Effects\Till\Transient-driven Auto-Pan v1.0 (Master)	reaplugs236_x64-install.exe
File created	C:\Program Files\VSTPlugins\ReaPlugs\JS\Effects\sstillwell\chorus_stereo	reaplugs236_x64-install.exe
File created	C:\Program Files\VSTPlugins\ReaPlugs\JS\Effects\sstillwell\stereowidth	reaplugs236_x64-install.exe
File created	C:\Program Files\VSTPlugins\ReaPlugs\JS\Effects\Liteon\vumetergfx	reaplugs236_x64-install.exe
File created	C:\Program Files\VSTPlugins\ReaPlugs\JS\Effects\midi\midi_arp	reaplugs236_x64-install.exe
File created	C:\Program Files\VSTPlugins\ReaPlugs\JS\Effects\remaincalm_org\paranoia_mangler	reaplugs236_x64-install.exe
File created	C:\Program Files\VSTPlugins\ReaPlugs\JS\Data\amp_models\Fender Deluxe - Marshall Stock 70.wav	reaplugs236_x64-install.exe
File created	C:\Program Files\VSTPlugins\ReaPlugs\JS\Effects\ix\MIDI_Wobulator	reaplugs236_x64-install.exe
File created	C:\Program Files\VSTPlugins\ReaPlugs\JS\Data\ix_scales\Pentatonic Minor.txt	reaplugs236_x64-install.exe
File created	C:\Program Files\VSTPlugins\ReaPlugs\JS\Effects\Teej\rbj4notch-teej	reaplugs236_x64-install.exe
File created	C:\Program Files\VSTPlugins\ReaPlugs\JS\Effects\guitar\chorus	reaplugs236_x64-install.exe
File created	C:\Program Files\VSTPlugins\ReaPlugs\JS\Effects\ix\MIDI_Tool	reaplugs236_x64-install.exe
File created	C:\Program Files\VSTPlugins\ReaPlugs\JS\Effects\ix\MIDI_Variant	reaplugs236_x64-install.exe
File created	C:\Program Files\VSTPlugins\ReaPlugs\JS\Data\ix_sequences\3 - Accent on 3.txt	reaplugs236_x64-install.exe
File created	C:\Program Files\VSTPlugins\ReaPlugs\JS\Data\amp_models\Dumble Overdrive Special - Tweed Deluxe.wav	reaplugs236_x64-install.exe
File created	C:\Program Files\VSTPlugins\ReaPlugs\reacomp-standalone.dll	reaplugs236_x64-install.exe
File created	C:\Program Files\VSTPlugins\ReaPlugs\JS\Effects\analysis\gfxscope	reaplugs236_x64-install.exe
File created	C:\Program Files\VSTPlugins\ReaPlugs\JS\Effects\filters\mdct-filter	reaplugs236_x64-install.exe
File created	C:\Program Files\VSTPlugins\ReaPlugs\JS\Effects\sstillwell\3x3_6dbSlope	reaplugs236_x64-install.exe
File created	C:\Program Files\VSTPlugins\ReaPlugs\JS\Effects\sstillwell\rbj7eq	reaplugs236_x64-install.exe
File created	C:\Program Files\VSTPlugins\ReaPlugs\JS\Data\amp_models\Fender Bassman - Tweed Champ.wav	reaplugs236_x64-install.exe
File created	C:\Program Files\VSTPlugins\ReaPlugs\reaxcomp-standalone.dll	reaplugs236_x64-install.exe
File created	C:\Program Files\VSTPlugins\ReaPlugs\JS\Effects\loser\gfxGoniometer	reaplugs236_x64-install.exe
File created	C:\Program Files\VSTPlugins\ReaPlugs\JS\Effects\loser\phaseMeter	reaplugs236_x64-install.exe
File created	C:\Program Files\VSTPlugins\ReaPlugs\JS\Effects\sstillwell\expressbus	reaplugs236_x64-install.exe
File created	C:\Program Files\VSTPlugins\ReaPlugs\JS\Effects\midi\drumtrigger	reaplugs236_x64-install.exe
File created	C:\Program Files\VSTPlugins\ReaPlugs\JS\Effects\midi\midi_transpose	reaplugs236_x64-install.exe
File created	C:\Program Files\VSTPlugins\ReaPlugs\JS\Effects\remaincalm_org\tonegate	reaplugs236_x64-install.exe
File created	C:\Program Files\VSTPlugins\ReaPlugs\JS\Effects\sstillwell\chorus	reaplugs236_x64-install.exe
File created	C:\Program Files\VSTPlugins\ReaPlugs\Data\GM.reabank	reaplugs236_x64-install.exe
File created	C:\Program Files\VSTPlugins\ReaPlugs\JS\Effects\Liteon\rbjstereofilter12db	reaplugs236_x64-install.exe
File created	C:\Program Files\VSTPlugins\ReaPlugs\JS\Effects\delay\delay_chfun	reaplugs236_x64-install.exe
File created	C:\Program Files\VSTPlugins\ReaPlugs\JS\Effects\guitar\distortion	reaplugs236_x64-install.exe
File created	C:\Program Files\VSTPlugins\ReaPlugs\JS\Effects\sstillwell\louderizer	reaplugs236_x64-install.exe
File created	C:\Program Files\VSTPlugins\ReaPlugs\JS\Effects\utility\volume_pan	reaplugs236_x64-install.exe
File created	C:\Program Files\VSTPlugins\ReaPlugs\JS\Data\ix_scales\Whole Tone.txt	reaplugs236_x64-install.exe
File created	C:\Program Files\VSTPlugins\ReaPlugs\reajs_info.txt	reaplugs236_x64-install.exe
File created	C:\Program Files\VSTPlugins\ReaPlugs\JS\Effects\Till\Transient-driven Auto-Pan v1.1 (Slave)	reaplugs236_x64-install.exe
File created	C:\Program Files\VSTPlugins\ReaPlugs\JS\Effects\Liteon\applefilter12db	reaplugs236_x64-install.exe
File created	C:\Program Files\VSTPlugins\ReaPlugs\JS\Effects\midi\sequencer_baby_v2	reaplugs236_x64-install.exe
File created	C:\Program Files\VSTPlugins\ReaPlugs\reacontrolmidi-standalone.dll	reaplugs236_x64-install.exe
File created	C:\Program Files\VSTPlugins\ReaPlugs\JS\Effects\schwa\fft_splitter	reaplugs236_x64-install.exe
File created	C:\Program Files\VSTPlugins\ReaPlugs\JS\Data\ix_scales\Major.txt	reaplugs236_x64-install.exe
File created	C:\Program Files\VSTPlugins\ReaPlugs\JS\Effects\utility\phase_adjust	reaplugs236_x64-install.exe
File created	C:\Program Files\VSTPlugins\ReaPlugs\JS\Effects\Liteon\tilteq	reaplugs236_x64-install.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

System Information Discovery
T1082

C:\Users\Admin\AppData\Local\Temp\reaplugs236_x64-install.exe
"C:\Users\Admin\AppData\Local\Temp\reaplugs236_x64-install.exe"
1⤵
- Drops file in Program Files directory
PID:4024

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Windows 7 deprecation

Loading Replay Monitor...