bd599fe01019469d0f408733761a9785c65281d5a870eec8088472e81fa0f65b

Analysis

max time kernel
149s
max time network
143s
platform
windows10-2004_x64
resource
win10v2004-20230703-en
resource tags

arch:x64arch:x86image:win10v2004-20230703-enlocale:en-usos:windows10-2004-x64system
submitted
07-08-2023 13:36

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Voice.ai-Downloader-alphaver-99d554b88e234fdfa56cfcaf5b1012bf.exe
Size

476KB
MD5

55ce9a9a56208d47a508f277af4a1f84
SHA1

353b99a87e7ba8e0c9866e9bf5bc7a56628a3cba
SHA256

bd599fe01019469d0f408733761a9785c65281d5a870eec8088472e81fa0f65b
SHA512

dd93b798c29a5b502980256f5619c97b56c43003d8ca19dfc0c916bdfaf4c09f5f0941f9be2e4ace6a71f639bf47303d08d54aa8888bb8a7b125e08cd9f8da13
SSDEEP

3072:AkBGWOsTIJgIDU5A/cto68pMABlZQ2wpFD0raM6GYDxJ0yQfxJG:A1ssjn5Mp2w7g+MbSt

Score

8^/10

Malware Config

Signatures

Downloads MZ/PE file

Executes dropped EXE 1 IoCs

pid	Process
3368	VoiceAI-Installer.exe

Loads dropped DLL 7 IoCs

pid	Process
2528	Voice.ai-Downloader-alphaver-99d554b88e234fdfa56cfcaf5b1012bf.exe
2528	Voice.ai-Downloader-alphaver-99d554b88e234fdfa56cfcaf5b1012bf.exe
2528	Voice.ai-Downloader-alphaver-99d554b88e234fdfa56cfcaf5b1012bf.exe
2528	Voice.ai-Downloader-alphaver-99d554b88e234fdfa56cfcaf5b1012bf.exe
2528	Voice.ai-Downloader-alphaver-99d554b88e234fdfa56cfcaf5b1012bf.exe
3368	VoiceAI-Installer.exe
3368	VoiceAI-Installer.exe

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Voice.ai\VoiceAILib.dll	VoiceAI-Installer.exe
File created	C:\Program Files\Voice.ai\opensource\libsamplerate.txt	VoiceAI-Installer.exe
File created	C:\Program Files\Voice.ai\locales\gu.pak	VoiceAI-Installer.exe
File created	C:\Program Files\Voice.ai\locales\zh-CN.pak	VoiceAI-Installer.exe
File created	C:\Program Files\Voice.ai\locales\en-US.pak	VoiceAI-Installer.exe
File created	C:\Program Files\Voice.ai\locales\pt-BR.pak	VoiceAI-Installer.exe
File created	C:\Program Files\Voice.ai\CefSharp.Core.Runtime.dll	VoiceAI-Installer.exe
File created	C:\Program Files\Voice.ai\locales\am.pak	VoiceAI-Installer.exe
File created	C:\Program Files\Voice.ai\locales\cs.pak	VoiceAI-Installer.exe
File created	C:\Program Files\Voice.ai\locales\nb.pak	VoiceAI-Installer.exe
File created	C:\Program Files\Voice.ai\locales\ta.pak	VoiceAI-Installer.exe
File created	C:\Program Files\Voice.ai\CefSharp.WinForms.dll	VoiceAI-Installer.exe
File created	C:\Program Files\Voice.ai\Newtonsoft.Json.dll	VoiceAI-Installer.exe
File created	C:\Program Files\Voice.ai\opensource\libgpg-error.txt	VoiceAI-Installer.exe
File created	C:\Program Files\Voice.ai\locales\el.pak	VoiceAI-Installer.exe
File created	C:\Program Files\Voice.ai\locales\et.pak	VoiceAI-Installer.exe
File created	C:\Program Files\Voice.ai\locales\sw.pak	VoiceAI-Installer.exe
File created	C:\Program Files\Voice.ai\locales\th.pak	VoiceAI-Installer.exe
File created	C:\Program Files\Voice.ai\locales\hu.pak	VoiceAI-Installer.exe
File created	C:\Program Files\Voice.ai\libmp3lame.dll	VoiceAI-Installer.exe
File created	C:\Program Files\Voice.ai\locales\fa.pak	VoiceAI-Installer.exe
File created	C:\Program Files\Voice.ai\locales\fi.pak	VoiceAI-Installer.exe
File created	C:\Program Files\Voice.ai\hostpolicy.dll	VoiceAI-Installer.exe
File created	C:\Program Files\Voice.ai\locales\ml.pak	VoiceAI-Installer.exe
File created	C:\Program Files\Voice.ai\locales\sl.pak	VoiceAI-Installer.exe
File created	C:\Program Files\Voice.ai\locales\sv.pak	VoiceAI-Installer.exe
File created	C:\Program Files\Voice.ai\DriverManager.dll	VoiceAI-Installer.exe
File created	C:\Program Files\Voice.ai\hostfxr.dll	VoiceAI-Installer.exe
File created	C:\Program Files\Voice.ai\libsamplerate-0.dll	VoiceAI-Installer.exe
File created	C:\Program Files\Voice.ai\version	VoiceAI-Installer.exe
File created	C:\Program Files\Voice.ai\opensource\newtonsoft.json.txt	VoiceAI-Installer.exe
File created	C:\Program Files\Voice.ai\locales\zh-TW.pak	VoiceAI-Installer.exe
File created	C:\Program Files\Voice.ai\NAudio.dll	VoiceAI-Installer.exe
File created	C:\Program Files\Voice.ai\opensource\onnxruntime.txt	VoiceAI-Installer.exe
File created	C:\Program Files\Voice.ai\locales\ca.pak	VoiceAI-Installer.exe
File created	C:\Program Files\Voice.ai\locales\lv.pak	VoiceAI-Installer.exe
File created	C:\Program Files\Voice.ai\libcef.dll	VoiceAI-Installer.exe
File created	C:\Program Files\Voice.ai\locales\uk.pak	VoiceAI-Installer.exe
File created	C:\Program Files\Voice.ai\locales\mr.pak	VoiceAI-Installer.exe
File created	C:\Program Files\Voice.ai\locales\da.pak	VoiceAI-Installer.exe
File created	C:\Program Files\Voice.ai\locales\hr.pak	VoiceAI-Installer.exe
File created	C:\Program Files\Voice.ai\locales\pl.pak	VoiceAI-Installer.exe
File created	C:\Program Files\Voice.ai\opensource\devcon.txt	VoiceAI-Installer.exe
File created	C:\Program Files\Voice.ai\opensource\cefsharp.txt	VoiceAI-Installer.exe
File created	C:\Program Files\Voice.ai\v8_context_snapshot.bin	VoiceAI-Installer.exe
File created	C:\Program Files\Voice.ai\DirectML.dll	VoiceAI-Installer.exe
File created	C:\Program Files\Voice.ai\opensource\libsndfile.txt	VoiceAI-Installer.exe
File created	C:\Program Files\Voice.ai\opensource\naudio.txt	VoiceAI-Installer.exe
File created	C:\Program Files\Voice.ai\locales\bn.pak	VoiceAI-Installer.exe
File created	C:\Program Files\Voice.ai\locales\id.pak	VoiceAI-Installer.exe
File created	C:\Program Files\Voice.ai\locales\lt.pak	VoiceAI-Installer.exe
File created	C:\Program Files\Voice.ai\AudioPX.dll	VoiceAI-Installer.exe
File created	C:\Program Files\Voice.ai\onnxruntime_providers_shared.dll	VoiceAI-Installer.exe
File created	C:\Program Files\Voice.ai\discord_game_sdk.dll	VoiceAI-Installer.exe
File created	C:\Program Files\Voice.ai\opensource\swipe.txt	VoiceAI-Installer.exe
File created	C:\Program Files\Voice.ai\locales\ru.pak	VoiceAI-Installer.exe
File created	C:\Program Files\Voice.ai\locales\vi.pak	VoiceAI-Installer.exe
File created	C:\Program Files\Voice.ai\gcrypt.dll	VoiceAI-Installer.exe
File created	C:\Program Files\Voice.ai\locales\sr.pak	VoiceAI-Installer.exe
File created	C:\Program Files\Voice.ai\dbgshim.dll	VoiceAI-Installer.exe
File created	C:\Program Files\Voice.ai\locales\kn.pak	VoiceAI-Installer.exe
File created	C:\Program Files\Voice.ai\VoiceAI-Installer.exe	Voice.ai-Downloader-alphaver-99d554b88e234fdfa56cfcaf5b1012bf.exe
File created	C:\Program Files\Voice.ai\BugSplatRc.dll	VoiceAI-Installer.exe
File created	C:\Program Files\Voice.ai\libEGL.dll	VoiceAI-Installer.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

NSIS installer 4 IoCs

installer

resource	yara_rule
behavioral2/files/0x00060000000231db-166.dat	nsis_installer_1
behavioral2/files/0x00060000000231db-166.dat	nsis_installer_2
behavioral2/files/0x00060000000231db-167.dat	nsis_installer_1
behavioral2/files/0x00060000000231db-167.dat	nsis_installer_2

Suspicious behavior: EnumeratesProcesses 12 IoCs

pid	Process
2528	Voice.ai-Downloader-alphaver-99d554b88e234fdfa56cfcaf5b1012bf.exe
2528	Voice.ai-Downloader-alphaver-99d554b88e234fdfa56cfcaf5b1012bf.exe
2528	Voice.ai-Downloader-alphaver-99d554b88e234fdfa56cfcaf5b1012bf.exe
2528	Voice.ai-Downloader-alphaver-99d554b88e234fdfa56cfcaf5b1012bf.exe
2528	Voice.ai-Downloader-alphaver-99d554b88e234fdfa56cfcaf5b1012bf.exe
2528	Voice.ai-Downloader-alphaver-99d554b88e234fdfa56cfcaf5b1012bf.exe
2528	Voice.ai-Downloader-alphaver-99d554b88e234fdfa56cfcaf5b1012bf.exe
2528	Voice.ai-Downloader-alphaver-99d554b88e234fdfa56cfcaf5b1012bf.exe
2528	Voice.ai-Downloader-alphaver-99d554b88e234fdfa56cfcaf5b1012bf.exe
2528	Voice.ai-Downloader-alphaver-99d554b88e234fdfa56cfcaf5b1012bf.exe
2528	Voice.ai-Downloader-alphaver-99d554b88e234fdfa56cfcaf5b1012bf.exe
2528	Voice.ai-Downloader-alphaver-99d554b88e234fdfa56cfcaf5b1012bf.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2528 wrote to memory of 3368	2528	Voice.ai-Downloader-alphaver-99d554b88e234fdfa56cfcaf5b1012bf.exe	91
PID 2528 wrote to memory of 3368	2528	Voice.ai-Downloader-alphaver-99d554b88e234fdfa56cfcaf5b1012bf.exe	91
PID 2528 wrote to memory of 3368	2528	Voice.ai-Downloader-alphaver-99d554b88e234fdfa56cfcaf5b1012bf.exe	91

C:\Users\Admin\AppData\Local\Temp\Voice.ai-Downloader-alphaver-99d554b88e234fdfa56cfcaf5b1012bf.exe
"C:\Users\Admin\AppData\Local\Temp\Voice.ai-Downloader-alphaver-99d554b88e234fdfa56cfcaf5b1012bf.exe"
1⤵
- Loads dropped DLL
- Drops file in Program Files directory
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:2528
- C:\Program Files\Voice.ai\VoiceAI-Installer.exe
  "C:\Program Files\Voice.ai\VoiceAI-Installer.exe" /path "C:\Program Files\Voice.ai"
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Drops file in Program Files directory
  PID:3368

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\Voice.ai\VoiceAI-Installer.exe

Filesize
463.8MB

MD5
2333b85dceb453aa5d75e6446f08fa71

SHA1
ed312e5e9ae59f092c0ce81398e0c5518410b158

SHA256
2c341a160299718162a670fd9c167d47802e6defc1c68dafea37c22c9fd60700

SHA512
6cbec67241d61e357d7bb49eb2361206c0363f5424639e1805dfdbf7864fd4ba4b9f2a246d69783352a9aa254c6a43a10085b428c9646c2ae51ffc114c1c7078

Download Submit
C:\Program Files\Voice.ai\VoiceAI-Installer.exe

Filesize
458.1MB

MD5
fdb94a7e93d45dcb0c00caac60f70c75

SHA1
08e7ee76b3e7215d58acd3f2044d64fc69aeef9c

SHA256
725fb8a1b6a796def03ff694e2cab2606c66f06d4089b95965046d0c131f23d0

SHA512
f9e06e7588708b47f82e166893e5e8ac11e2b257cd9ac07ecd69a2f0bcc28ba9aeeece1d9755493b26992be5b85704f1dc9f43fd72f34919b001abbabda6a75a

Download Submit
C:\Program Files\Voice.ai\meta

Filesize
65B

MD5
fc930b4218f438c9cd3fc2ec3c1fff6c

SHA1
aeb643d571546c226def0e784414e3ca9db9f986

SHA256
dbec607d945b604b12c22af1fa8a6511e6b4103c341445134690af04a839d2f3

SHA512
9a6e09f191fa3955c7d6113021d3da985f1b823cc092820c2540121145af0243ed07eea56ed59fa22fac75b60d140117e8b9f6a18f34da8c96d3723323e53843

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

Filesize
1KB

MD5
f80541dc364db162b71f1e10258a1eb7

SHA1
c3af695c7ee7d56a8c2b338a2e0c6b673a0f4673

SHA256
3e48f77217f74f77eecc99e6d63f772916ac154d606487f26cdf5c38653422e3

SHA512
40307c6cede8db77a3a9bceb9d067b00434dc796c0d1d139b6ec7c98133f389655829fd55194d312555926b62e08e69a15b2a827130199d6155711059d166baa

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\CAF4703619713E3F18D8A9D5D88D6288_F2DAF19C1F776537105D08FC8D978464

Filesize
724B

MD5
cfbc16e33dcbef6f773f0f79af528f45

SHA1
ecb8d5e8107bc671dd57fb2a137c00bffa419f1f

SHA256
f0937890fb1053069baac97b7992c6d22cb74cae20317fc05d51070d96950ffa

SHA512
59ac2ead1eb84edffb06867850beb1e63f72c5b5415abd2fd4e7c2a1922c368f612d2a0288c00e32d5da47c4a77968ffbe72660a8d1f577f44fb20df9c11a4af

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

Filesize
410B

MD5
d3aa6be60362b9be1cef74fe9514eacc

SHA1
fc0cce887c9fd9073f2ca92601de75a65ebf0011

SHA256
831ce29e53cd211fcb7cc0f8cb78831fe314a33a0b75a6f90daeeb709db1a770

SHA512
dbb74d09c2cf6fd020003c19be8ba92914639c5446c71af556b7d10476b6a5a109520a38e22064dd1371f160a601270ea819dd93d8aaba141244403750e39bac

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\CAF4703619713E3F18D8A9D5D88D6288_F2DAF19C1F776537105D08FC8D978464

Filesize
392B

MD5
ba6ce45708b4169777fefb7131cd6f15

SHA1
ca018f8459157f3d201ff53f264a8c671acb24fb

SHA256
d00679e830f45b4de5e247ee12a854745f8e132a13e2eb9131ec7a9c91b8ccc9

SHA512
7e9971baec9f4bdc71f50c4814f1dab02261469dc47d84d538a5f33be7689c607e2fa1e069534c58af5ce15baba6172194aacb7fde1bf33e5cf97791a479a4e5

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsqECB3.tmp\INetC.dll

Filesize
21KB

MD5
2b342079303895c50af8040a91f30f71

SHA1
b11335e1cb8356d9c337cb89fe81d669a69de17e

SHA256
2d5d89025911e2e273f90f393624be4819641dbee1606de792362e442e54612f

SHA512
550452dadc86ecd205f40668894116790a456fe46e9985d68093d36cf32abf00edecb5c56ff0287464a0e819db7b3cc53926037a116de6c651332a7cc8035d47

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsqECB3.tmp\INetC.dll

Filesize
21KB

MD5
2b342079303895c50af8040a91f30f71

SHA1
b11335e1cb8356d9c337cb89fe81d669a69de17e

SHA256
2d5d89025911e2e273f90f393624be4819641dbee1606de792362e442e54612f

SHA512
550452dadc86ecd205f40668894116790a456fe46e9985d68093d36cf32abf00edecb5c56ff0287464a0e819db7b3cc53926037a116de6c651332a7cc8035d47

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsqECB3.tmp\INetC.dll

Filesize
21KB

MD5
2b342079303895c50af8040a91f30f71

SHA1
b11335e1cb8356d9c337cb89fe81d669a69de17e

SHA256
2d5d89025911e2e273f90f393624be4819641dbee1606de792362e442e54612f

SHA512
550452dadc86ecd205f40668894116790a456fe46e9985d68093d36cf32abf00edecb5c56ff0287464a0e819db7b3cc53926037a116de6c651332a7cc8035d47

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsqECB3.tmp\INetC.dll

Filesize
21KB

MD5
2b342079303895c50af8040a91f30f71

SHA1
b11335e1cb8356d9c337cb89fe81d669a69de17e

SHA256
2d5d89025911e2e273f90f393624be4819641dbee1606de792362e442e54612f

SHA512
550452dadc86ecd205f40668894116790a456fe46e9985d68093d36cf32abf00edecb5c56ff0287464a0e819db7b3cc53926037a116de6c651332a7cc8035d47

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsqECB3.tmp\System.dll

Filesize
12KB

MD5
792b6f86e296d3904285b2bf67ccd7e0

SHA1
966b16f84697552747e0ddd19a4ba8ab5083af31

SHA256
c7a20bcaa0197aedddc8e4797bbb33fdf70d980f5e83c203d148121c2106d917

SHA512
97edc3410b88ca31abc0af0324258d2b59127047810947d0fb5e7e12957db34d206ffd70a0456add3a26b0546643ff0234124b08423c2c9ffe9bdec6eb210f2c

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsqECB3.tmp\nsProcess.dll

Filesize
4KB

MD5
05450face243b3a7472407b999b03a72

SHA1
ffd88af2e338ae606c444390f7eaaf5f4aef2cd9

SHA256
95fe9d92512ff2318cc2520311ef9145b2cee01209ab0e1b6e45c7ce1d4d0e89

SHA512
f4cbe30166aff20a226a7150d93a876873ba699d80d7e9f46f32a9b4753fa7966c3113a3124340b39ca67a13205463a413e740e541e742903e3f89af5a53ad3b

Download Submit
C:\Users\Admin\AppData\Local\Temp\nss9487.tmp\INetC.dll

Filesize
21KB

MD5
2b342079303895c50af8040a91f30f71

SHA1
b11335e1cb8356d9c337cb89fe81d669a69de17e

SHA256
2d5d89025911e2e273f90f393624be4819641dbee1606de792362e442e54612f

SHA512
550452dadc86ecd205f40668894116790a456fe46e9985d68093d36cf32abf00edecb5c56ff0287464a0e819db7b3cc53926037a116de6c651332a7cc8035d47

Download Submit
C:\Users\Admin\AppData\Local\Temp\nss9487.tmp\System.dll

Filesize
12KB

MD5
792b6f86e296d3904285b2bf67ccd7e0

SHA1
966b16f84697552747e0ddd19a4ba8ab5083af31

SHA256
c7a20bcaa0197aedddc8e4797bbb33fdf70d980f5e83c203d148121c2106d917

SHA512
97edc3410b88ca31abc0af0324258d2b59127047810947d0fb5e7e12957db34d206ffd70a0456add3a26b0546643ff0234124b08423c2c9ffe9bdec6eb210f2c

Download Submit
C:\Users\Admin\AppData\Local\Temp\nss9487.tmp\System.dll

Filesize
12KB

MD5
792b6f86e296d3904285b2bf67ccd7e0

SHA1
966b16f84697552747e0ddd19a4ba8ab5083af31

SHA256
c7a20bcaa0197aedddc8e4797bbb33fdf70d980f5e83c203d148121c2106d917

SHA512
97edc3410b88ca31abc0af0324258d2b59127047810947d0fb5e7e12957db34d206ffd70a0456add3a26b0546643ff0234124b08423c2c9ffe9bdec6eb210f2c

Download Submit