eed77a0d124320fbab4a58a57660065ad951a4714484957ad3edb5e9ad147fd7 | Triage

Submit
Reports

Overview

overview

Static

static

3

Melodyne.5...io.exe

windows7-x64

Melodyne.5...io.exe

windows10-2004-x64

7

Sharing

General

Target

Melodyne.5.3.1.018-Studio.exe
Size

45.7MB
Sample

231101-nfzzsafe4x
MD5

a93f14ba5bfd0dbbfdd0e40fe91f1fb3
SHA1

944cedfc9dfdd1076d61372e987070793d92ab8e
SHA256

eed77a0d124320fbab4a58a57660065ad951a4714484957ad3edb5e9ad147fd7
SHA512

ea2f4b2d1861949c8a53ea83bcd2c20031e03957f25c4f98be60767cc9fa1e7eaaa8ca7197c24d0b5e1758f4c73c521880663a5092f35a1d926801a24f3d2959
SSDEEP

786432:nKcjxZnQ9h7ECuJ26BPRQxZ61ETScGhRV3DR4t4+figspx+UIDgRA7GFD78F4IAJ:KcvQh7E9JJB+x0eQV3dr+foHWGFXxke

Score

10^/10

discovery evasion persistence trojan upx

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

Melodyne.5.3.1.018-Studio.exe

Resource

win7-20231023-en

discovery evasion persistence trojan upx

windows7-x64

26 signatures

300 seconds

Behavioral task

behavioral2

Sample

Melodyne.5.3.1.018-Studio.exe

Resource

win10v2004-20231020-en

windows10-2004-x64

2 signatures

300 seconds

Malware Config

Targets

- Target
  
  Melodyne.5.3.1.018-Studio.exe
- Size
  
  45.7MB
- MD5
  
  a93f14ba5bfd0dbbfdd0e40fe91f1fb3
- SHA1
  
  944cedfc9dfdd1076d61372e987070793d92ab8e
- SHA256
  
  eed77a0d124320fbab4a58a57660065ad951a4714484957ad3edb5e9ad147fd7
- SHA512
  
  ea2f4b2d1861949c8a53ea83bcd2c20031e03957f25c4f98be60767cc9fa1e7eaaa8ca7197c24d0b5e1758f4c73c521880663a5092f35a1d926801a24f3d2959
- SSDEEP
  
  786432:nKcjxZnQ9h7ECuJ26BPRQxZ61ETScGhRV3DR4t4+figspx+UIDgRA7GFD78F4IAJ:KcvQh7E9JJB+x0eQV3dr+foHWGFXxke
Score

10^/10

discovery evasion persistence trojan upx
- Modifies Windows Defender Real-time Protection settings
  evasion trojan
- Modifies Windows Defender notification settings
  evasion trojan
- Modifies security service
  evasion
- Downloads MZ/PE file
- Sets file execution options in registry
  persistence
- Executes dropped EXE
- Loads dropped DLL
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Windows security modification
  evasion trojan
- Adds Run key to start application
  persistence
- Blocklisted process makes network request
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Create or Modify System Process

Windows Service

Scheduled Task/Job

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Create or Modify System Process

Windows Service

Scheduled Task/Job

Defense Evasion

Impair Defenses

Disable or Modify Tools

Modify Registry

Subvert Trust Controls

Install Root Certificate

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoveryevasionpersistencetrojanupx

behavioral2

© 2018-2025

Terms | Privacy