Overview

overview

7

Static

static

3

FL Studio ...om.zip

windows10-1703-x64

7

FL Studio ...om.url

windows10-1703-x64

1

FL Studio ...ll.txt

windows10-1703-x64

1

FL Studio ...up.exe

windows10-1703-x64

7

FL Studio ...ey.reg

windows10-1703-x64

1

FL Studio ...en.exe

windows10-1703-x64

7

Analysis

  • max time kernel
    906s
  • max time network
    1819s
  • platform
    windows10-1703_x64
  • resource
    win10-20230915-en
  • resource tags

    arch:x64arch:x86image:win10-20230915-enlocale:en-usos:windows10-1703-x64system
  • submitted
    18/09/2023, 23:13

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    FL Studio Producer Edition 12.4.2 + Keygen - Crackingpatching.com/keygen/ImageLine_Keygen.exe

  • Size

    450KB

  • MD5

    55d60d8b7ce85238e6c44e3e7c5c08f7

  • SHA1

    d6817e516242da2c0846b0805e61a6efe7994c9c

  • SHA256

    5a857cb79032f902826103c0ea0e9a3fb8151909834c91b87f0fe55c2118bc99

  • SHA512

    76cf33b5272a9535dbaacde0656e01eb450089285ec032fbbdee6078cfee6cbb07fd2da63e80aa44005af606a604fbed9672e92349aafc892d278ead8b1459ee

  • SSDEEP

    6144:bs92nA8P9tlASRzKW38d3R2IRoczuWxE2R9FxhoEGoYHclMuZdFvgS+vyOTuZQ/M:4c9t2Sll4XeguWWAvGoY8yS+vX/zqn

Score
7/10
upx

Malware Config

Signatures

  • ACProtect 1.3x - 1.4x DLL software 3 IoCs

    Detects file using ACProtect software.

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 3 IoCs
  • UPX packed file 9 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies registry class 58 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 2 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\FL Studio Producer Edition 12.4.2 + Keygen - Crackingpatching.com\keygen\ImageLine_Keygen.exe
    "C:\Users\Admin\AppData\Local\Temp\FL Studio Producer Edition 12.4.2 + Keygen - Crackingpatching.com\keygen\ImageLine_Keygen.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:4744
    • C:\Users\Admin\AppData\Local\Temp\keygen.exe
      C:\Users\Admin\AppData\Local\Temp\keygen.exe
      2⤵
      • Executes dropped EXE
      • Loads dropped DLL
      • Modifies registry class
      • Suspicious behavior: GetForegroundWindowSpam
      • Suspicious use of SetWindowsHookEx
      PID:4132
  • C:\Windows\system32\AUDIODG.EXE
    C:\Windows\system32\AUDIODG.EXE 0x3c8
    1⤵
    • Suspicious use of AdjustPrivilegeToken
    PID:1052

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\BASSMOD.DLL
    Filesize

    33KB

    MD5

    e4ec57e8508c5c4040383ebe6d367928

    SHA1

    b22bcce36d9fdeae8ab7a7ecc0b01c8176648d06

    SHA256

    8ad9e47693e292f381da42ddc13724a3063040e51c26f4ca8e1f8e2f1ddd547f

    SHA512

    77d5cf66caf06e192e668fae2b2594e60a498e8e0ccef5b09b9710721a4cdb0c852d00c446fd32c5b5c85e739de2e73cb1f1f6044879fe7d237341bbb6f27822

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\JoyCrypt.dll
    Filesize

    31KB

    MD5

    3d59d68ea2f767fe8a5d3f82a7ad7e9a

    SHA1

    d414dabdfc930624b06d99ae5e68938ded5f0e5a

    SHA256

    3dec22b2a636f161a9e2a077e24150dc5a7c44cbbafef075e8a77fa1b363ad56

    SHA512

    0e3b9e7a28d255ecc5e23368f2123bff3a732301bf734c1d604ba1ced326cc83dbac7f52439bfd717ffe2ae2c4d7be27fbab0d545c71fdd11f45f1a266dfe5d3

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\bgm.xm
    Filesize

    43KB

    MD5

    627442543cdad32f402a563f68957f88

    SHA1

    8487c02bf9e094dcfd8e0d89fe1db063f87553b6

    SHA256

    1795d545cc19effa090ecf5a001515cb2e00bc84e127d9bac7b53de7dc3f3049

    SHA512

    bd8f55f875fbb5a55009790df0cb11fb0018cb8279c61b5586fc0da0353e5dfbf3125328fecb1dad181d950a734f0f05021b862666a213b9b8e17a547fbacbb5

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\keygen.exe
    Filesize

    417KB

    MD5

    937593d2a40690b8bda3cae0b4e1b08b

    SHA1

    65d6a72bd5e5162c43b1efc22314fd927787fcc0

    SHA256

    8bf83eec55b49701e03cd5e0b4eb9681e77732f036f8a854f31ea6de6b27378c

    SHA512

    aaabdb77c3ff8e684b096f003d1d334ae18d9feecfec153d508b3c7fe147d49fd66c8de3939ac76cd7a7cc0a9df03770261aca39f33780e31645a985d4e7380a

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\keygen.exe
    Filesize

    417KB

    MD5

    937593d2a40690b8bda3cae0b4e1b08b

    SHA1

    65d6a72bd5e5162c43b1efc22314fd927787fcc0

    SHA256

    8bf83eec55b49701e03cd5e0b4eb9681e77732f036f8a854f31ea6de6b27378c

    SHA512

    aaabdb77c3ff8e684b096f003d1d334ae18d9feecfec153d508b3c7fe147d49fd66c8de3939ac76cd7a7cc0a9df03770261aca39f33780e31645a985d4e7380a

    Download Submit

  • \Users\Admin\AppData\Local\Temp\BASSMOD.dll
    Filesize

    33KB

    MD5

    e4ec57e8508c5c4040383ebe6d367928

    SHA1

    b22bcce36d9fdeae8ab7a7ecc0b01c8176648d06

    SHA256

    8ad9e47693e292f381da42ddc13724a3063040e51c26f4ca8e1f8e2f1ddd547f

    SHA512

    77d5cf66caf06e192e668fae2b2594e60a498e8e0ccef5b09b9710721a4cdb0c852d00c446fd32c5b5c85e739de2e73cb1f1f6044879fe7d237341bbb6f27822

    Download Submit

  • \Users\Admin\AppData\Local\Temp\JoyCrypt.dll
    Filesize

    31KB

    MD5

    3d59d68ea2f767fe8a5d3f82a7ad7e9a

    SHA1

    d414dabdfc930624b06d99ae5e68938ded5f0e5a

    SHA256

    3dec22b2a636f161a9e2a077e24150dc5a7c44cbbafef075e8a77fa1b363ad56

    SHA512

    0e3b9e7a28d255ecc5e23368f2123bff3a732301bf734c1d604ba1ced326cc83dbac7f52439bfd717ffe2ae2c4d7be27fbab0d545c71fdd11f45f1a266dfe5d3

    Download Submit

  • \Users\Admin\AppData\Local\Temp\JoyCrypt.dll
    Filesize

    31KB

    MD5

    3d59d68ea2f767fe8a5d3f82a7ad7e9a

    SHA1

    d414dabdfc930624b06d99ae5e68938ded5f0e5a

    SHA256

    3dec22b2a636f161a9e2a077e24150dc5a7c44cbbafef075e8a77fa1b363ad56

    SHA512

    0e3b9e7a28d255ecc5e23368f2123bff3a732301bf734c1d604ba1ced326cc83dbac7f52439bfd717ffe2ae2c4d7be27fbab0d545c71fdd11f45f1a266dfe5d3

    Download Submit

  • memory/4132-30-0x0000000010000000-0x0000000010013000-memory.dmp

    Filesize

    76KB

    Download

  • memory/4132-45-0x0000000010000000-0x0000000010013000-memory.dmp

    Filesize

    76KB

    Download

  • memory/4132-11-0x0000000010000000-0x0000000010013000-memory.dmp

    Filesize

    76KB

    Download

  • memory/4132-18-0x0000000000400000-0x000000000043C000-memory.dmp

    Filesize

    240KB

    Download

  • memory/4132-19-0x0000000010000000-0x0000000010013000-memory.dmp

    Filesize

    76KB

    Download

  • memory/4132-21-0x0000000010000000-0x0000000010013000-memory.dmp

    Filesize

    76KB

    Download

  • memory/4132-24-0x0000000010000000-0x0000000010013000-memory.dmp

    Filesize

    76KB

    Download

  • memory/4132-27-0x0000000010000000-0x0000000010013000-memory.dmp

    Filesize

    76KB

    Download

  • memory/4132-6-0x0000000000400000-0x000000000043C000-memory.dmp

    Filesize

    240KB

    Download

  • memory/4132-33-0x0000000010000000-0x0000000010013000-memory.dmp

    Filesize

    76KB

    Download

  • memory/4132-36-0x0000000010000000-0x0000000010013000-memory.dmp

    Filesize

    76KB

    Download

  • memory/4132-39-0x0000000010000000-0x0000000010013000-memory.dmp

    Filesize

    76KB

    Download

  • memory/4132-42-0x0000000010000000-0x0000000010013000-memory.dmp

    Filesize

    76KB

    Download

  • memory/4132-14-0x0000000000490000-0x00000000004AD000-memory.dmp

    Filesize

    116KB

    Download

  • memory/4132-48-0x0000000010000000-0x0000000010013000-memory.dmp

    Filesize

    76KB

    Download

  • memory/4132-51-0x0000000010000000-0x0000000010013000-memory.dmp

    Filesize

    76KB

    Download

  • memory/4132-54-0x0000000010000000-0x0000000010013000-memory.dmp

    Filesize

    76KB

    Download

  • memory/4132-57-0x0000000010000000-0x0000000010013000-memory.dmp

    Filesize

    76KB

    Download

  • memory/4132-60-0x0000000010000000-0x0000000010013000-memory.dmp

    Filesize

    76KB

    Download

  • memory/4132-63-0x0000000010000000-0x0000000010013000-memory.dmp

    Filesize

    76KB

    Download

  • memory/4132-66-0x0000000010000000-0x0000000010013000-memory.dmp

    Filesize

    76KB

    Download

  • memory/4132-69-0x0000000010000000-0x0000000010013000-memory.dmp

    Filesize

    76KB

    Download

  • memory/4132-72-0x0000000010000000-0x0000000010013000-memory.dmp

    Filesize

    76KB

    Download

  • memory/4132-75-0x0000000010000000-0x0000000010013000-memory.dmp

    Filesize

    76KB

    Download

  • memory/4132-78-0x0000000010000000-0x0000000010013000-memory.dmp

    Filesize

    76KB

    Download

  • memory/4132-81-0x0000000010000000-0x0000000010013000-memory.dmp

    Filesize

    76KB

    Download

  • memory/4132-202-0x0000000000400000-0x000000000043C000-memory.dmp

    Filesize

    240KB

    Download