General
-
Target
FLStudioProducerEdition20.9.2Build2963x64.exe
-
Size
925.4MB
-
Sample
230402-1bdbfaag66
-
MD5
e3648934dd4c0a9cf55c65b43589ea20
-
SHA1
a0de76b361de029e7fbe6e4e98119c2c61ae0c72
-
SHA256
1297055d140872135a9db59d7da9472c13ba8eedf7a6c2b8e8b5524deb45acff
-
SHA512
945b97f795d8544d5afefaf782d48c27b220530a0b081e5b49baef9a344c78c774cde8c4f1e8ec33c719b233e38135e11d619034ac9587499071f06fc2a14cbf
-
SSDEEP
25165824:dSvjg2/biUX4lzey/4F3XtuWXIqMgHJE1/GUWo1mF5j68kJ:dSgkFyv/4FQW4qVE1GUZ1mFE8kJ
Static task
static1
Behavioral task
behavioral1
Sample
FLStudioProducerEdition20.9.2Build2963x64.exe
Resource
win10v2004-20230220-en
Malware Config
Targets
-
-
Target
FLStudioProducerEdition20.9.2Build2963x64.exe
-
Size
925.4MB
-
MD5
e3648934dd4c0a9cf55c65b43589ea20
-
SHA1
a0de76b361de029e7fbe6e4e98119c2c61ae0c72
-
SHA256
1297055d140872135a9db59d7da9472c13ba8eedf7a6c2b8e8b5524deb45acff
-
SHA512
945b97f795d8544d5afefaf782d48c27b220530a0b081e5b49baef9a344c78c774cde8c4f1e8ec33c719b233e38135e11d619034ac9587499071f06fc2a14cbf
-
SSDEEP
25165824:dSvjg2/biUX4lzey/4F3XtuWXIqMgHJE1/GUWo1mF5j68kJ:dSgkFyv/4FQW4qVE1GUZ1mFE8kJ
Score10/10-
Modifies WinLogon for persistence
-
Adds policy Run key to start application
-
Blocklisted process makes network request
-
Downloads MZ/PE file
-
Modifies Installed Components in the registry
-
Possible privilege escalation attempt
-
Sets file execution options in registry
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Modifies file permissions
-
Registers COM server for autorun
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Drops desktop.ini file(s)
-
Checks system information in the registry
System information is often read in order to detect sandboxing environments.
-
Drops file in System32 directory
-