e646e4c479f3853cf334daea1e93c147b4162e54e75a331d69c39e36096666cf

Analysis

max time kernel
369s
max time network
1821s
platform
windows10-1703_x64
resource
win10-20230915-en
resource tags

arch:x64arch:x86image:win10-20230915-enlocale:en-usos:windows10-1703-x64system
submitted
18/09/2023, 23:13

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

FL Studio Producer Edition 12.4.2 + Keygen - Crackingpatching.com/Setup.exe
Size

665.2MB
MD5

5abd31b7dd5f8a4ae3256b2f7213ba79
SHA1

480a2b42eb2853c98bea98d7fa1f3b3fe5001bef
SHA256

44714b38f203b1f68a58ab845cef2001fa3e4a547fc7795e08f6a858ba236351
SHA512

281b8c99e905ac5ba1b6276c7fdbd34d67d792e2e22d7b1664b440f665c05533c7f072062b94d1d4153153451279487513d7346eaa10d2ff35f28bf8d70c515d
SSDEEP

12582912:WzcpUZPxP2Zw1OpFCIxMsQBOh65yzqwtXc1lxF9OBZhBuC/aa4oJW/VKa5VBy8:0c2ZpPK1h2ymwts1l3KLaa4oJe

Score

7^/10

Malware Config

Signatures

Loads dropped DLL 13 IoCs

pid	Process
4864	Setup.exe
4864	Setup.exe
4864	Setup.exe
4864	Setup.exe
4864	Setup.exe
4864	Setup.exe
4864	Setup.exe
4864	Setup.exe
4864	Setup.exe
4864	Setup.exe
4864	Setup.exe
4864	Setup.exe
4864	Setup.exe

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files (x86)\Image-Line\Shared\Artwork\Fonts\FrancoisOne.ttf	Setup.exe
File created	C:\Program Files (x86)\Image-Line\Shared\Artwork\Fonts\Khand-Light.ttf	Setup.exe
File created	C:\Program Files (x86)\Image-Line\Shared\Artwork\Fonts\OpenSans-Regular.ttf	Setup.exe
File created	C:\Program Files (x86)\Image-Line\Shared\Artwork\Fonts\Ubuntu-R.ttf	Setup.exe
File created	C:\Program Files (x86)\Image-Line\Shared\DirectWaveCtEngine.dll	Setup.exe
File created	C:\Program Files (x86)\Image-Line\Shared\ILRemoteServer_x64.dll	Setup.exe
File created	C:\Program Files (x86)\Image-Line\Shared\ILRemoteServer.dll	Setup.exe
File created	C:\Program Files (x86)\Image-Line\Shared\Artwork\Fonts\JosefinSans-SemiBold.ttf	Setup.exe
File created	C:\Program Files (x86)\Image-Line\Shared\Artwork\Fonts\Share-Regular.ttf	Setup.exe
File created	C:\Program Files (x86)\Image-Line\Shared\Artwork\Fonts\Ubuntu_Condensed\UFL.txt	Setup.exe
File created	C:\Program Files (x86)\Image-Line\Shared\DelZip64.dll	Setup.exe
File created	C:\Program Files (x86)\Image-Line\Shared\DirectWaveCtEngine_x64.dll	Setup.exe
File created	C:\Program Files (x86)\Image-Line\Shared\Artwork\Fonts\Revalia\OFL.txt	Setup.exe
File created	C:\Program Files (x86)\Image-Line\Shared\Artwork\Fonts\Roboto_Condensed\LICENSE.txt	Setup.exe
File created	C:\Program Files (x86)\Image-Line\Shared\Elastique.dll	Setup.exe
File created	C:\Program Files (x86)\Image-Line\Shared\wavpackdll_x64.dll	Setup.exe
File created	C:\Program Files (x86)\Image-Line\Shared\sveng32.dll	Setup.exe
File created	C:\Program Files (x86)\Image-Line\Shared\Reverb_x64.dll	Setup.exe
File created	C:\Program Files (x86)\Image-Line\Shared\oggio.dll	Setup.exe
File created	C:\Program Files (x86)\Image-Line\Shared\ILMinihostBridge32.exe	Setup.exe
File created	C:\Program Files (x86)\Image-Line\Shared\Artwork\Fonts\UbuntuCondensed-Regular.ttf	Setup.exe
File created	C:\Program Files (x86)\Image-Line\Shared\REX Shared Library_x64.dll	Setup.exe
File created	C:\Program Files (x86)\Image-Line\Shared\Artwork\Fonts\Khand\OFL.txt	Setup.exe
File created	C:\Program Files (x86)\Image-Line\Shared\Artwork\Fonts\PT Sans\OFL.txt	Setup.exe
File created	C:\Program Files (x86)\Image-Line\Shared\DelZip190.dll	Setup.exe
File created	C:\Program Files (x86)\Image-Line\Shared\QuickFontCache_x64.dll	Setup.exe
File created	C:\Program Files (x86)\Image-Line\Shared\Artwork\Fonts\Italianno\OFL.txt	Setup.exe
File created	C:\Program Files (x86)\Image-Line\Shared\Artwork\Fonts\Josefin_Sans\OFL.txt	Setup.exe
File created	C:\Program Files (x86)\Image-Line\Shared\REX Shared Library.dll	Setup.exe
File created	C:\Program Files (x86)\Image-Line\Shared\Artwork\Fonts\RobotoCondensed-Regular.ttf	Setup.exe
File created	C:\Program Files (x86)\Image-Line\Shared\Artwork\Fonts\WebSymbols-Regular.otf	Setup.exe
File created	C:\Program Files (x86)\Image-Line\Shared\Artwork\Fonts\Cuprum\OFL.txt	Setup.exe
File created	C:\Program Files (x86)\Image-Line\Shared\Artwork\Fonts\WebSymbols-Regular\SIL Open Font License.txt	Setup.exe
File created	C:\Program Files (x86)\Image-Line\Shared\Artwork\Fonts\OpenSans-CondBold.ttf	Setup.exe
File created	C:\Program Files (x86)\Image-Line\Shared\Artwork\Fonts\OpenSans-Light.ttf	Setup.exe
File created	C:\Program Files (x86)\Image-Line\Shared\wavpackdll.dll	Setup.exe
File created	C:\Program Files (x86)\Image-Line\Shared\Artwork\Fonts\OpenSans-CondLight.ttf	Setup.exe
File created	C:\Program Files (x86)\Image-Line\Shared\Artwork\Fonts\PT_Sans-Web-Regular.ttf	Setup.exe
File created	C:\Program Files (x86)\Image-Line\Shared\dsp_ippv2_x64.dll	Setup.exe
File created	C:\Program Files (x86)\Image-Line\Shared\elastique_x64.dll	Setup.exe
File created	C:\Program Files (x86)\Image-Line\Shared\svctl64.dll	Setup.exe
File created	C:\Program Files (x86)\Image-Line\Shared\freetype_x64.dll	Setup.exe
File created	C:\Program Files (x86)\Image-Line\Shared\Artwork\Fonts\Oswald-Light.ttf	Setup.exe
File created	C:\Program Files (x86)\Image-Line\Shared\Artwork\Fonts\PT_Sans-Narrow-Web-Regular.ttf	Setup.exe
File created	C:\Program Files (x86)\Image-Line\Shared\Artwork\Fonts\Francois One\OFL.txt	Setup.exe
File created	C:\Program Files (x86)\Image-Line\Shared\uninstall.exe	Setup.exe
File created	C:\Program Files (x86)\Image-Line\Shared\LAMEenc_x64.dll	Setup.exe
File created	C:\Program Files (x86)\Image-Line\Shared\Reverb.dll	Setup.exe
File created	C:\Program Files (x86)\Image-Line\Shared\Artwork\Fonts\ILGlyphsEx.ilfont	Setup.exe
File created	C:\Program Files (x86)\Image-Line\Shared\ILPluginScanner64.exe	Setup.exe
File created	C:\Program Files (x86)\Image-Line\Shared\Artwork\Fonts\Cuprum.ttf	Setup.exe
File created	C:\Program Files (x86)\Image-Line\Shared\steam_api64.dll	Setup.exe
File created	C:\Program Files (x86)\Image-Line\Shared\svctl32.dll	Setup.exe
File created	C:\Program Files (x86)\Image-Line\Shared\Artwork\Fonts\Italianno-Regular.ttf	Setup.exe
File created	C:\Program Files (x86)\Image-Line\Shared\Artwork\Fonts\Share\OFL.txt	Setup.exe
File created	C:\Program Files (x86)\Image-Line\Shared\ILMinihostBridge64.exe	Setup.exe
File created	C:\Program Files (x86)\Image-Line\Shared\SG_x64.dll	Setup.exe
File created	C:\Program Files (x86)\Image-Line\Shared\Artwork\Fonts\ILLogos.ilfont	Setup.exe
File created	C:\Program Files (x86)\Image-Line\Shared\Artwork\Fonts\RobotoCondensed-Light.ttf	Setup.exe
File created	C:\Program Files (x86)\Image-Line\Shared\Artwork\Fonts\Oswald\OFL.txt	Setup.exe
File created	C:\Program Files (x86)\Image-Line\Shared\oggio_x64.dll	Setup.exe
File created	C:\Program Files (x86)\Image-Line\Shared\Artwork\Fonts\ILCursors.ilfont	Setup.exe
File created	C:\Program Files (x86)\Image-Line\Shared\SG.dll	Setup.exe
File created	C:\Program Files (x86)\Image-Line\Shared\dsp_ippv2.dll	Setup.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

C:\Users\Admin\AppData\Local\Temp\FL Studio Producer Edition 12.4.2 + Keygen - Crackingpatching.com\Setup.exe
"C:\Users\Admin\AppData\Local\Temp\FL Studio Producer Edition 12.4.2 + Keygen - Crackingpatching.com\Setup.exe"
1⤵
- Loads dropped DLL
- Drops file in Program Files directory
PID:4864

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\nsb1663.tmp\ILInstallUtil.dll

Filesize
758KB

MD5
1ba19bce77d24f92634c212242270bcb

SHA1
700c28de0f362a0f94de097a6df63c0b0f174928

SHA256
04bae79d6064552541d54bf83065c2bd28e535f11a16a798fc24e83b6834c1a7

SHA512
da5b05fb73f3075009cf57658192d2279a568619390071c69c2a98135f81f7f24b39e67b3a9e3d608893ce8004371e17a5395121002e876972e209bd7bd012db

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsb1663.tmp\InstallOptions.dll

Filesize
14KB

MD5
325b008aec81e5aaa57096f05d4212b5

SHA1
27a2d89747a20305b6518438eff5b9f57f7df5c3

SHA256
c9cd5c9609e70005926ae5171726a4142ffbcccc771d307efcd195dafc1e6b4b

SHA512
18362b3aee529a27e85cc087627ecf6e2d21196d725f499c4a185cb3a380999f43ff1833a8ebec3f5ba1d3a113ef83185770e663854121f2d8b885790115afdf

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsb1663.tmp\System.dll

Filesize
11KB

MD5
c17103ae9072a06da581dec998343fc1

SHA1
b72148c6bdfaada8b8c3f950e610ee7cf1da1f8d

SHA256
dc58d8ad81cacb0c1ed72e33bff8f23ea40b5252b5bb55d393a0903e6819ae2f

SHA512
d32a71aaef18e993f28096d536e41c4d016850721b31171513ce28bbd805a54fd290b7c3e9d935f72e676a1acfb4f0dcc89d95040a0dd29f2b6975855c18986f

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsb1663.tmp\UserMgr.dll

Filesize
55KB

MD5
74813d238f84d5c0f5328bd7ba79537a

SHA1
5aeecd94f0902bad1572fd2cceada9ad44af6725

SHA256
54a9ab4ac127d950ad293a71f5a496af3ab09b70aa73839fd0f1c9cbaf35f70e

SHA512
ac7fb85c6375bc3e0e76b535550b604cbad31e69696030314f34e41d3bb5c04411ec826c89885c30556649961d45061f501db6a37a23bb419e4f1e7cea34deff

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsb1663.tmp\ioSpecial.ini

Filesize
692B

MD5
bc32d753c723b4d166cbf11517b2de01

SHA1
6a69772daa76480320e6c3bf63ef185076c79534

SHA256
c0bf581cb9494eeeb1e1eab3714962ea2efa1d65b861b7d38aa3383a2299385c

SHA512
1ff42567415427dbe4ef1937e8d3da06f2e76cf5ca5b144405c3f7f5322a10b29c8edde2be5650a9d3dc149fbebf73a9ff529936c99e4147790828266a8cf274

Download Submit
\Users\Admin\AppData\Local\Temp\nsb1663.tmp\ILInstallUtil.dll

Filesize
758KB

MD5
1ba19bce77d24f92634c212242270bcb

SHA1
700c28de0f362a0f94de097a6df63c0b0f174928

SHA256
04bae79d6064552541d54bf83065c2bd28e535f11a16a798fc24e83b6834c1a7

SHA512
da5b05fb73f3075009cf57658192d2279a568619390071c69c2a98135f81f7f24b39e67b3a9e3d608893ce8004371e17a5395121002e876972e209bd7bd012db

Download Submit
\Users\Admin\AppData\Local\Temp\nsb1663.tmp\ILInstallUtil.dll

Filesize
758KB

MD5
1ba19bce77d24f92634c212242270bcb

SHA1
700c28de0f362a0f94de097a6df63c0b0f174928

SHA256
04bae79d6064552541d54bf83065c2bd28e535f11a16a798fc24e83b6834c1a7

SHA512
da5b05fb73f3075009cf57658192d2279a568619390071c69c2a98135f81f7f24b39e67b3a9e3d608893ce8004371e17a5395121002e876972e209bd7bd012db

Download Submit
\Users\Admin\AppData\Local\Temp\nsb1663.tmp\ILInstallUtil.dll

Filesize
758KB

MD5
1ba19bce77d24f92634c212242270bcb

SHA1
700c28de0f362a0f94de097a6df63c0b0f174928

SHA256
04bae79d6064552541d54bf83065c2bd28e535f11a16a798fc24e83b6834c1a7

SHA512
da5b05fb73f3075009cf57658192d2279a568619390071c69c2a98135f81f7f24b39e67b3a9e3d608893ce8004371e17a5395121002e876972e209bd7bd012db

Download Submit
\Users\Admin\AppData\Local\Temp\nsb1663.tmp\ILInstallUtil.dll

Filesize
758KB

MD5
1ba19bce77d24f92634c212242270bcb

SHA1
700c28de0f362a0f94de097a6df63c0b0f174928

SHA256
04bae79d6064552541d54bf83065c2bd28e535f11a16a798fc24e83b6834c1a7

SHA512
da5b05fb73f3075009cf57658192d2279a568619390071c69c2a98135f81f7f24b39e67b3a9e3d608893ce8004371e17a5395121002e876972e209bd7bd012db

Download Submit
\Users\Admin\AppData\Local\Temp\nsb1663.tmp\ILInstallUtil.dll

Filesize
758KB

MD5
1ba19bce77d24f92634c212242270bcb

SHA1
700c28de0f362a0f94de097a6df63c0b0f174928

SHA256
04bae79d6064552541d54bf83065c2bd28e535f11a16a798fc24e83b6834c1a7

SHA512
da5b05fb73f3075009cf57658192d2279a568619390071c69c2a98135f81f7f24b39e67b3a9e3d608893ce8004371e17a5395121002e876972e209bd7bd012db

Download Submit
\Users\Admin\AppData\Local\Temp\nsb1663.tmp\ILInstallUtil.dll

Filesize
758KB

MD5
1ba19bce77d24f92634c212242270bcb

SHA1
700c28de0f362a0f94de097a6df63c0b0f174928

SHA256
04bae79d6064552541d54bf83065c2bd28e535f11a16a798fc24e83b6834c1a7

SHA512
da5b05fb73f3075009cf57658192d2279a568619390071c69c2a98135f81f7f24b39e67b3a9e3d608893ce8004371e17a5395121002e876972e209bd7bd012db

Download Submit
\Users\Admin\AppData\Local\Temp\nsb1663.tmp\InstallOptions.dll

Filesize
14KB

MD5
325b008aec81e5aaa57096f05d4212b5

SHA1
27a2d89747a20305b6518438eff5b9f57f7df5c3

SHA256
c9cd5c9609e70005926ae5171726a4142ffbcccc771d307efcd195dafc1e6b4b

SHA512
18362b3aee529a27e85cc087627ecf6e2d21196d725f499c4a185cb3a380999f43ff1833a8ebec3f5ba1d3a113ef83185770e663854121f2d8b885790115afdf

Download Submit
\Users\Admin\AppData\Local\Temp\nsb1663.tmp\InstallOptions.dll

Filesize
14KB

MD5
325b008aec81e5aaa57096f05d4212b5

SHA1
27a2d89747a20305b6518438eff5b9f57f7df5c3

SHA256
c9cd5c9609e70005926ae5171726a4142ffbcccc771d307efcd195dafc1e6b4b

SHA512
18362b3aee529a27e85cc087627ecf6e2d21196d725f499c4a185cb3a380999f43ff1833a8ebec3f5ba1d3a113ef83185770e663854121f2d8b885790115afdf

Download Submit
\Users\Admin\AppData\Local\Temp\nsb1663.tmp\System.dll

Filesize
11KB

MD5
c17103ae9072a06da581dec998343fc1

SHA1
b72148c6bdfaada8b8c3f950e610ee7cf1da1f8d

SHA256
dc58d8ad81cacb0c1ed72e33bff8f23ea40b5252b5bb55d393a0903e6819ae2f

SHA512
d32a71aaef18e993f28096d536e41c4d016850721b31171513ce28bbd805a54fd290b7c3e9d935f72e676a1acfb4f0dcc89d95040a0dd29f2b6975855c18986f

Download Submit
\Users\Admin\AppData\Local\Temp\nsb1663.tmp\System.dll

Filesize
11KB

MD5
c17103ae9072a06da581dec998343fc1

SHA1
b72148c6bdfaada8b8c3f950e610ee7cf1da1f8d

SHA256
dc58d8ad81cacb0c1ed72e33bff8f23ea40b5252b5bb55d393a0903e6819ae2f

SHA512
d32a71aaef18e993f28096d536e41c4d016850721b31171513ce28bbd805a54fd290b7c3e9d935f72e676a1acfb4f0dcc89d95040a0dd29f2b6975855c18986f

Download Submit
\Users\Admin\AppData\Local\Temp\nsb1663.tmp\UAC.dll

Filesize
13KB

MD5
431e5b960aa15af5d153bae6ba6b7e87

SHA1
e090c90be02e0bafe5f3d884c0525d8f87b3db40

SHA256
a6d956f28c32e8aa2ab2df13ef52637e23113fab41225031e7a3d47390a6cf13

SHA512
f1526c7e4d0fce8ab378e43e89aafb1d7e9d57ef5324501e804091e99331dd2544912181d6d4a07d30416fe17c892867c593aee623834935e11c7bb385c6a0a8

Download Submit
\Users\Admin\AppData\Local\Temp\nsb1663.tmp\UserMgr.dll

Filesize
55KB

MD5
74813d238f84d5c0f5328bd7ba79537a

SHA1
5aeecd94f0902bad1572fd2cceada9ad44af6725

SHA256
54a9ab4ac127d950ad293a71f5a496af3ab09b70aa73839fd0f1c9cbaf35f70e

SHA512
ac7fb85c6375bc3e0e76b535550b604cbad31e69696030314f34e41d3bb5c04411ec826c89885c30556649961d45061f501db6a37a23bb419e4f1e7cea34deff

Download Submit
\Users\Admin\AppData\Local\Temp\nsb1663.tmp\UserMgr.dll

Filesize
55KB

MD5
74813d238f84d5c0f5328bd7ba79537a

SHA1
5aeecd94f0902bad1572fd2cceada9ad44af6725

SHA256
54a9ab4ac127d950ad293a71f5a496af3ab09b70aa73839fd0f1c9cbaf35f70e

SHA512
ac7fb85c6375bc3e0e76b535550b604cbad31e69696030314f34e41d3bb5c04411ec826c89885c30556649961d45061f501db6a37a23bb419e4f1e7cea34deff

Download Submit
memory/4864-97-0x0000000005170000-0x000000000518E000-memory.dmp

Filesize
120KB

Download
memory/4864-119-0x00000000051B0000-0x000000000527A000-memory.dmp

Filesize
808KB

Download
memory/4864-82-0x0000000005170000-0x000000000523A000-memory.dmp

Filesize
808KB

Download