8670c3cb8474111050640ba692497fba5dbf8a91e9a2d926e7df11eeb8478820

Resubmissions

22/08/2023, 00:32

230822-avny6sah2t 7

22/08/2023, 00:26

230822-arn5rsag8t 7

22/08/2023, 00:22

230822-any6kahb57 7

Analysis

max time kernel
53s
max time network
18s
platform
windows7_x64
resource
win7-20230712-en
resource tags

arch:x64arch:x86image:win7-20230712-enlocale:en-usos:windows7-x64system
submitted
22/08/2023, 00:32

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Audiveris_Setup-5.3.1-windows-x86_64.exe
Size

38.8MB
MD5

fd5c856d579c74c8fc8b115a5ee8fd98
SHA1

fa36b2ddd27e4cad3ad8515e421e6bc61cfb5996
SHA256

8670c3cb8474111050640ba692497fba5dbf8a91e9a2d926e7df11eeb8478820
SHA512

717ade51b5cba72eefd70644d5bdd23121fa5cd797cc88634eb8bac680790bc0a631674ff7887da5ea908a384c878fb9d1355512d41b48c7a3f7f39487048b6a
SSDEEP

786432:BvSfGk7v5NK8OEdGucpO/6i0IPUcc01Vo0jF/ymBWdoicmfu:VSfF7K8OEdtc67PPc0DoMdymAZG

Score

7^/10

Malware Config

Signatures

Loads dropped DLL 2 IoCs

pid	Process
2792	Audiveris_Setup-5.3.1-windows-x86_64.exe
2792	Audiveris_Setup-5.3.1-windows-x86_64.exe

Drops file in Program Files directory 63 IoCs

description	ioc	Process
File created	C:\Program Files (x86)\tesseract-ocr\tessdata\deu-frak.traineddata	Audiveris_Setup-5.3.1-windows-x86_64.exe
File created	C:\Program Files\Audiveris\bin\icon-256.ico	Audiveris_Setup-5.3.1-windows-x86_64.exe
File created	C:\Program Files\Audiveris\lib\github-api-1.301.jar	Audiveris_Setup-5.3.1-windows-x86_64.exe
File created	C:\Program Files\Audiveris\lib\jPodRenderer-5.6.jar	Audiveris_Setup-5.3.1-windows-x86_64.exe
File created	C:\Program Files\Audiveris\lib\jai-imageio-core-1.4.0.jar	Audiveris_Setup-5.3.1-windows-x86_64.exe
File created	C:\Program Files\Audiveris\lib\jaxb-core-2.3.0.1.jar	Audiveris_Setup-5.3.1-windows-x86_64.exe
File created	C:\Program Files\Audiveris\lib\proxymusic-4.0.2.jar	Audiveris_Setup-5.3.1-windows-x86_64.exe
File created	C:\Program Files\Audiveris\lib\iscwt-5.6.jar	Audiveris_Setup-5.3.1-windows-x86_64.exe
File created	C:\Program Files\Audiveris\lib\jPod-5.6.jar	Audiveris_Setup-5.3.1-windows-x86_64.exe
File created	C:\Program Files\Audiveris\lib\jheaps-0.13.jar	Audiveris_Setup-5.3.1-windows-x86_64.exe
File created	C:\Program Files\Audiveris\lib\commons-lang3-3.9.jar	Audiveris_Setup-5.3.1-windows-x86_64.exe
File created	C:\Program Files\Audiveris\lib\jama-1.0.3.jar	Audiveris_Setup-5.3.1-windows-x86_64.exe
File created	C:\Program Files\Audiveris\lib\jsr305-3.0.2.jar	Audiveris_Setup-5.3.1-windows-x86_64.exe
File created	C:\Program Files\Audiveris\lib\args4j-2.33.jar	Audiveris_Setup-5.3.1-windows-x86_64.exe
File created	C:\Program Files\Audiveris\lib\jai-core-1.1.3.jar	Audiveris_Setup-5.3.1-windows-x86_64.exe
File created	C:\Program Files\Audiveris\lib\jakarta.activation-1.2.2.jar	Audiveris_Setup-5.3.1-windows-x86_64.exe
File created	C:\Program Files\Audiveris\lib\jgoodies-looks-2.7.0.jar	Audiveris_Setup-5.3.1-windows-x86_64.exe
File created	C:\Program Files\Audiveris\lib\logback-core-1.2.10.jar	Audiveris_Setup-5.3.1-windows-x86_64.exe
File opened for modification	C:\Program Files\Audiveris\Audiveris.url	Audiveris_Setup-5.3.1-windows-x86_64.exe
File created	C:\Program Files\Audiveris\lib\itextpdf-5.5.13.2.jar	Audiveris_Setup-5.3.1-windows-x86_64.exe
File created	C:\Program Files\Audiveris\lib\javacpp-1.5.9.jar	Audiveris_Setup-5.3.1-windows-x86_64.exe
File created	C:\Program Files\Audiveris\lib\jaxb-impl-2.3.1.jar	Audiveris_Setup-5.3.1-windows-x86_64.exe
File created	C:\Program Files\Audiveris\lib\jaxb-runtime-2.3.3.jar	Audiveris_Setup-5.3.1-windows-x86_64.exe
File created	C:\Program Files\Audiveris\lib\jgoodies-forms-1.9.0.jar	Audiveris_Setup-5.3.1-windows-x86_64.exe
File created	C:\Program Files (x86)\tesseract-ocr\tessdata\slk-frak.traineddata	Audiveris_Setup-5.3.1-windows-x86_64.exe
File created	C:\Program Files\Audiveris\lib\bsaf-1.9.2.jar	Audiveris_Setup-5.3.1-windows-x86_64.exe
File created	C:\Program Files\Audiveris\lib\jackson-databind-2.13.0.jar	Audiveris_Setup-5.3.1-windows-x86_64.exe
File created	C:\Program Files\Audiveris\lib\leptonica-1.83.0-1.5.9-windows-x86_64.jar	Audiveris_Setup-5.3.1-windows-x86_64.exe
File created	C:\Program Files\Audiveris\bin\Audiveris.bat	Audiveris_Setup-5.3.1-windows-x86_64.exe
File created	C:\Program Files\Audiveris\lib\com.springsource.javax.media.jai.codec-1.1.3.jar	Audiveris_Setup-5.3.1-windows-x86_64.exe
File created	C:\Program Files\Audiveris\lib\com.springsource.javax.media.jai.core-1.1.3.jar	Audiveris_Setup-5.3.1-windows-x86_64.exe
File created	C:\Program Files\Audiveris\lib\jakarta.xml.bind-api-2.3.3.jar	Audiveris_Setup-5.3.1-windows-x86_64.exe
File created	C:\Program Files\Audiveris\lib\commons-io-2.8.0.jar	Audiveris_Setup-5.3.1-windows-x86_64.exe
File created	C:\Program Files\Audiveris\lib\isrt-4.11.jar	Audiveris_Setup-5.3.1-windows-x86_64.exe
File created	C:\Program Files\Audiveris\lib\javax.activation-api-1.2.0.jar	Audiveris_Setup-5.3.1-windows-x86_64.exe
File created	C:\Program Files\Audiveris\lib\org.apache.commons.io-2.4.jar	Audiveris_Setup-5.3.1-windows-x86_64.exe
File created	C:\Program Files\Audiveris\lib\tesseract-5.3.1-1.5.9-windows-x86_64.jar	Audiveris_Setup-5.3.1-windows-x86_64.exe
File created	C:\Program Files (x86)\tesseract-ocr\tessdata\dan-frak.traineddata	Audiveris_Setup-5.3.1-windows-x86_64.exe
File created	C:\Program Files\Audiveris\lib\jPodFonts-5.5.jar	Audiveris_Setup-5.3.1-windows-x86_64.exe
File created	C:\Program Files\Audiveris\lib\jackson-core-2.13.0.jar	Audiveris_Setup-5.3.1-windows-x86_64.exe
File created	C:\Program Files\Audiveris\lib\javassist-3.28.0-GA.jar	Audiveris_Setup-5.3.1-windows-x86_64.exe
File created	C:\Program Files\Audiveris\lib\jfreechart-1.5.3.jar	Audiveris_Setup-5.3.1-windows-x86_64.exe
File created	C:\Program Files\Audiveris\lib\txw2-2.3.3.jar	Audiveris_Setup-5.3.1-windows-x86_64.exe
File created	C:\Program Files\Audiveris\uninst.exe	Audiveris_Setup-5.3.1-windows-x86_64.exe
File created	C:\Program Files\Audiveris\lib\istack-commons-runtime-3.0.11.jar	Audiveris_Setup-5.3.1-windows-x86_64.exe
File created	C:\Program Files\Audiveris\lib\jackson-annotations-2.13.0.jar	Audiveris_Setup-5.3.1-windows-x86_64.exe
File created	C:\Program Files\Audiveris\lib\jaxb-api-2.3.1.jar	Audiveris_Setup-5.3.1-windows-x86_64.exe
File created	C:\Program Files\Audiveris\lib\leptonica-1.83.0-1.5.9.jar	Audiveris_Setup-5.3.1-windows-x86_64.exe
File created	C:\Program Files\Audiveris\lib\logback-classic-1.2.10.jar	Audiveris_Setup-5.3.1-windows-x86_64.exe
File created	C:\Program Files\Audiveris\lib\reflections-0.10.2.jar	Audiveris_Setup-5.3.1-windows-x86_64.exe
File created	C:\Program Files\Audiveris\lib\eventbus-1.4.jar	Audiveris_Setup-5.3.1-windows-x86_64.exe
File created	C:\Program Files\Audiveris\lib\jbig2-5.5.1.jar	Audiveris_Setup-5.3.1-windows-x86_64.exe
File created	C:\Program Files\Audiveris\lib\jgoodies-common-1.8.1.jar	Audiveris_Setup-5.3.1-windows-x86_64.exe
File created	C:\Program Files\Audiveris\lib\jgrapht-core-1.5.1.jar	Audiveris_Setup-5.3.1-windows-x86_64.exe
File created	C:\Program Files\Audiveris\lib\slf4j-api-1.7.35.jar	Audiveris_Setup-5.3.1-windows-x86_64.exe
File created	C:\Program Files\Audiveris\lib\jna-3.2.7.jar	Audiveris_Setup-5.3.1-windows-x86_64.exe
File created	C:\Program Files\Audiveris\lib\tesseract-5.3.1-1.5.9.jar	Audiveris_Setup-5.3.1-windows-x86_64.exe
File created	C:\Program Files\Audiveris\bin\Audiveris	Audiveris_Setup-5.3.1-windows-x86_64.exe
File created	C:\Program Files\Audiveris\lib\audiveris.jar	Audiveris_Setup-5.3.1-windows-x86_64.exe
File created	C:\Program Files\Audiveris\lib\ij-1.53j.jar	Audiveris_Setup-5.3.1-windows-x86_64.exe
File created	C:\Program Files\Audiveris\lib\isfreetype-5.6.jar	Audiveris_Setup-5.3.1-windows-x86_64.exe
File created	C:\Program Files\Audiveris\lib\isnativec-5.6.jar	Audiveris_Setup-5.3.1-windows-x86_64.exe
File created	C:\Program Files\Audiveris\lib\jcip-annotations-1.0.jar	Audiveris_Setup-5.3.1-windows-x86_64.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Modifies registry class 15 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.omr	Audiveris_Setup-5.3.1-windows-x86_64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.omr\ = "OpticalMusicRecognition_File"	Audiveris_Setup-5.3.1-windows-x86_64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\OpticalMusicRecognition_File\shell\ = "open"	Audiveris_Setup-5.3.1-windows-x86_64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\OpticalMusicRecognition_File\shell\open\command	Audiveris_Setup-5.3.1-windows-x86_64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\OpticalMusicRecognition_File\shell\open	Audiveris_Setup-5.3.1-windows-x86_64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\OpticalMusicRecognition_File	Audiveris_Setup-5.3.1-windows-x86_64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\OpticalMusicRecognition_File\DefaultIcon\ = "C:\\Program Files\\Audiveris\\bin\\icon-256.ico"	Audiveris_Setup-5.3.1-windows-x86_64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\OpticalMusicRecognition_File\shell\open\command\ = "\"C:\\Program Files\\Audiveris\\bin\\Audiveris.bat\" \"%1\""	Audiveris_Setup-5.3.1-windows-x86_64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\OpticalMusicRecognition_File\shell\edit	Audiveris_Setup-5.3.1-windows-x86_64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\OpticalMusicRecognition_File\shell\edit\ = "Edit OpticalMusicRecognition_File"	Audiveris_Setup-5.3.1-windows-x86_64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\OpticalMusicRecognition_File\ = "OpticalMusicRecognition_File"	Audiveris_Setup-5.3.1-windows-x86_64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\OpticalMusicRecognition_File\shell	Audiveris_Setup-5.3.1-windows-x86_64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\OpticalMusicRecognition_File\DefaultIcon	Audiveris_Setup-5.3.1-windows-x86_64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\OpticalMusicRecognition_File\shell\edit\command	Audiveris_Setup-5.3.1-windows-x86_64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\OpticalMusicRecognition_File\shell\edit\command\ = "\"C:\\Program Files\\Audiveris\\bin\\Audiveris.bat\" \"%1\""	Audiveris_Setup-5.3.1-windows-x86_64.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2792 wrote to memory of 1220	2792	Audiveris_Setup-5.3.1-windows-x86_64.exe	30
PID 2792 wrote to memory of 1220	2792	Audiveris_Setup-5.3.1-windows-x86_64.exe	30
PID 2792 wrote to memory of 1220	2792	Audiveris_Setup-5.3.1-windows-x86_64.exe	30
PID 2792 wrote to memory of 1220	2792	Audiveris_Setup-5.3.1-windows-x86_64.exe	30

C:\Users\Admin\AppData\Local\Temp\Audiveris_Setup-5.3.1-windows-x86_64.exe
"C:\Users\Admin\AppData\Local\Temp\Audiveris_Setup-5.3.1-windows-x86_64.exe"
1⤵
- Loads dropped DLL
- Drops file in Program Files directory
- Modifies registry class
- Suspicious use of WriteProcessMemory
PID:2792
- C:\Windows\SysWOW64\cmd.exe
  cmd /c ""C:\Program Files\Audiveris\bin\Audiveris.bat""
  2⤵
  PID:1220

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\Audiveris\bin\Audiveris.bat

Filesize
4KB

MD5
5fd93c26998fb295f9e46d90987acd96

SHA1
ba27971ef92b1badb3991acd663fd93919090a4a

SHA256
7a81a8614c96a3d4483bdc7a2b36d61e19909c300a9ab6d72ae5c27d23ebf646

SHA512
fb141848101951cef9aa97c4c5b77f0d1759ed6d6f74f1bc4d84314de65f665fd7c53211b5a16052dc7dccbf84fab3cdb795ed2499631bedb6fdcc33b971c851

Download Submit
C:\Program Files\Audiveris\bin\Audiveris.bat

Filesize
4KB

MD5
5fd93c26998fb295f9e46d90987acd96

SHA1
ba27971ef92b1badb3991acd663fd93919090a4a

SHA256
7a81a8614c96a3d4483bdc7a2b36d61e19909c300a9ab6d72ae5c27d23ebf646

SHA512
fb141848101951cef9aa97c4c5b77f0d1759ed6d6f74f1bc4d84314de65f665fd7c53211b5a16052dc7dccbf84fab3cdb795ed2499631bedb6fdcc33b971c851

Download Submit
C:\Users\Admin\AppData\Local\Temp\nso7EA3.tmp\InstallOptions.dll

Filesize
14KB

MD5
8d5a5529462a9ba1ac068ee0502578c7

SHA1
875e651e302ce0bfc8893f341cf19171fee25ea5

SHA256
e625dcd0188594b1289891b64debddeb5159aca182b83a12675427b320bf7790

SHA512
101da2c33f47bd85b8934318e0f0b72f820afc928a2a21e2c7823875e3a0e830f7c67f42b4c2f30596eaa073617790c89700c0d95b7949ec617e52800b61d462

Download Submit
C:\Users\Admin\AppData\Local\Temp\nso7EA3.tmp\StartMenu.dll

Filesize
7KB

MD5
c275bc6ee70d85aebc2328c06515a2a2

SHA1
0f12e4736eff8f1a1a4c467e2f52eba2dac4e7e6

SHA256
30336c7b09582de438d6c3f561f55366dd7094faf24f34e12df44acf19be9242

SHA512
aeff89ebf093555aeaaa15f86e519523266b08e814578540430b3f2b67c6ad92a8e0072716f8ab80e6afc9a160a7bbaab0800b372107613d78793a9fd0fb9240

Download Submit
C:\Users\Admin\AppData\Local\Temp\nso7EA3.tmp\ioSpecial.ini

Filesize
654B

MD5
6c2e67e3e492c8a6a1266916fe0c82ce

SHA1
269205496a51a0f3ba388db0b236c59f39d42706

SHA256
99509a1ea39911e89f02a5f6d87f6188404ca5d71f0562f0c20b2ccfecbc6573

SHA512
f076fa3328eadaaee3667a9b8ea316d3e1080e8ef94b46ab6697526416d1cda519c91622d92469a9fef54b3abf58eb1d5727958f2574b495eed20d7f3d5f4b3c

Download Submit
C:\Users\Admin\AppData\Local\Temp\nso7EA3.tmp\ioSpecial.ini

Filesize
681B

MD5
29eca719ddb324944d99d0752b8a8e7e

SHA1
d87bbc3e1e32ad6edb9befe3b4b7a9c744bbc0b5

SHA256
401b8a66ef4d4cda2f8baebeddd73fb243e3e8019db79e7dc94d79f7350cc4dd

SHA512
79ee0f09c8ac6ff2baff3d229e6a378d8067d1f7112e3f3ab9b1a1b66795c0ad0439dd981fccab8134e4d9c7540c91a7807c8cca37e1397e8b196d38fb85c40a

Download Submit
\Users\Admin\AppData\Local\Temp\nso7EA3.tmp\InstallOptions.dll

Filesize
14KB

MD5
8d5a5529462a9ba1ac068ee0502578c7

SHA1
875e651e302ce0bfc8893f341cf19171fee25ea5

SHA256
e625dcd0188594b1289891b64debddeb5159aca182b83a12675427b320bf7790

SHA512
101da2c33f47bd85b8934318e0f0b72f820afc928a2a21e2c7823875e3a0e830f7c67f42b4c2f30596eaa073617790c89700c0d95b7949ec617e52800b61d462

Download Submit
\Users\Admin\AppData\Local\Temp\nso7EA3.tmp\StartMenu.dll

Filesize
7KB

MD5
c275bc6ee70d85aebc2328c06515a2a2

SHA1
0f12e4736eff8f1a1a4c467e2f52eba2dac4e7e6

SHA256
30336c7b09582de438d6c3f561f55366dd7094faf24f34e12df44acf19be9242

SHA512
aeff89ebf093555aeaaa15f86e519523266b08e814578540430b3f2b67c6ad92a8e0072716f8ab80e6afc9a160a7bbaab0800b372107613d78793a9fd0fb9240

Download Submit