f7695730f1e5eaeaace310617f7c4174f63af6651fcce1de6572e19340df93d9

Resubmissions

28/11/2023, 22:01

231128-1xdt4ach93 10

28/11/2023, 21:22

231128-z763yscg9v 10

Analysis

max time kernel
93s
max time network
34s
platform
windows7_x64
resource
win7-20231023-en
resource tags

arch:x64arch:x86image:win7-20231023-enlocale:en-usos:windows7-x64system
submitted
28/11/2023, 22:01

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Setup Audiolens v1.2.0.exe
Size

393.0MB
MD5

352aab786d3b494caab56cccef691058
SHA1

f091676fb82583eb779f9c9d11d3ab97aa64b509
SHA256

f7695730f1e5eaeaace310617f7c4174f63af6651fcce1de6572e19340df93d9
SHA512

55ac7b48dee59fb6d7b91060f7eee72bef3a5d246297fe04b172aa49dcefd0a7b18ede77361bbcc8899428b796cd87577f611517becc99bcdab72a1f5dc7ebc8
SSDEEP

12582912:5k0n3GZbJ9CkdaR/+znK/g8EVk6qSHMHvvw1zRcKMeeHkVshmWubL:KuYbJ97aMTK/gNVTqCMnyuP7HkV3tL

Score

7^/10

discovery

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
2612	Setup Audiolens v1.2.0.tmp

Loads dropped DLL 11 IoCs

pid	Process
2772	Setup Audiolens v1.2.0.exe
2612	Setup Audiolens v1.2.0.tmp
2612	Setup Audiolens v1.2.0.tmp
2612	Setup Audiolens v1.2.0.tmp
2612	Setup Audiolens v1.2.0.tmp
2612	Setup Audiolens v1.2.0.tmp
2612	Setup Audiolens v1.2.0.tmp
1208	Process not Found
1208	Process not Found
1208	Process not Found
1208	Process not Found

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Drops file in Program Files directory 6 IoCs

description	ioc	Process
File opened for modification	C:\Program Files\iZotope\Audiolens\win64\iZotope Audiolens.exe	Setup Audiolens v1.2.0.tmp
File created	C:\Program Files\iZotope\Audiolens\unins000.dat	Setup Audiolens v1.2.0.tmp
File created	C:\Program Files\iZotope\Audiolens\is-HQ9LK.tmp	Setup Audiolens v1.2.0.tmp
File created	C:\Program Files\iZotope\Audiolens\is-2B084.tmp	Setup Audiolens v1.2.0.tmp
File created	C:\Program Files\iZotope\Audiolens\win64\is-6OKSP.tmp	Setup Audiolens v1.2.0.tmp
File opened for modification	C:\Program Files\iZotope\Audiolens\unins000.dat	Setup Audiolens v1.2.0.tmp

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
2612	Setup Audiolens v1.2.0.tmp
2612	Setup Audiolens v1.2.0.tmp

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2612	Setup Audiolens v1.2.0.tmp

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
2612	Setup Audiolens v1.2.0.tmp

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2772 wrote to memory of 2612	2772	Setup Audiolens v1.2.0.exe	30
PID 2772 wrote to memory of 2612	2772	Setup Audiolens v1.2.0.exe	30
PID 2772 wrote to memory of 2612	2772	Setup Audiolens v1.2.0.exe	30
PID 2772 wrote to memory of 2612	2772	Setup Audiolens v1.2.0.exe	30
PID 2772 wrote to memory of 2612	2772	Setup Audiolens v1.2.0.exe	30
PID 2772 wrote to memory of 2612	2772	Setup Audiolens v1.2.0.exe	30
PID 2772 wrote to memory of 2612	2772	Setup Audiolens v1.2.0.exe	30

C:\Users\Admin\AppData\Local\Temp\Setup Audiolens v1.2.0.exe
"C:\Users\Admin\AppData\Local\Temp\Setup Audiolens v1.2.0.exe"
1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:2772
- C:\Users\Admin\AppData\Local\Temp\is-OO0JT.tmp\Setup Audiolens v1.2.0.tmp
  "C:\Users\Admin\AppData\Local\Temp\is-OO0JT.tmp\Setup Audiolens v1.2.0.tmp" /SL5="$70122,411638018,121344,C:\Users\Admin\AppData\Local\Temp\Setup Audiolens v1.2.0.exe"
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Drops file in Program Files directory
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SetWindowsHookEx
  PID:2612

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\iZotope\Audiolens\win64\iZotope Audiolens.exe

Filesize
181.7MB

MD5
d25cc104dc5046c67adb86339c461e28

SHA1
5ac0137835f3bb563741c353396c710c2b31b870

SHA256
c15d4a8c97bf532c1d1ac5c52119d358de2d86ac385da8b42f55facfe0217665

SHA512
0a3f22a772745fd0d540be4f4bbbe48d7d6abe15fafbaa24d0652af2944ab906f618fa75455b91715599200ebd45740513cca3ebf6b35d00af2f21c0945f70d4

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-OO0JT.tmp\Setup Audiolens v1.2.0.tmp

Filesize
1.1MB

MD5
34acc2bdb45a9c436181426828c4cb49

SHA1
5adaa1ac822e6128b8d4b59a54d19901880452ae

SHA256
9c81817acd4982632d8c7f1df3898fca1477577738184265d735f49fc5480f07

SHA512
134ff4022571efd46f7a62e99b857ebe834e9916c786345908010f9e1fb90be226b740ddee16ae9290fe45c86be7238c4555e422abe66a461d11545e19734beb

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-OO0JT.tmp\Setup Audiolens v1.2.0.tmp

Filesize
1.1MB

MD5
34acc2bdb45a9c436181426828c4cb49

SHA1
5adaa1ac822e6128b8d4b59a54d19901880452ae

SHA256
9c81817acd4982632d8c7f1df3898fca1477577738184265d735f49fc5480f07

SHA512
134ff4022571efd46f7a62e99b857ebe834e9916c786345908010f9e1fb90be226b740ddee16ae9290fe45c86be7238c4555e422abe66a461d11545e19734beb

Download Submit
\Program Files\iZotope\Audiolens\unins000.exe

Filesize
1.2MB

MD5
497ac9f4ac3c9cd160441bcc116ccd2f

SHA1
3bacb9522b2c6bb125b7f49121e90367b8bff0b3

SHA256
a372248c9f39f2c6ec456f582702a8b9f2af629b74cd7c220621b0a631762e7c

SHA512
82cd25f063361e18fd5fce6fef5b7645ad0a592745cf66da72a30672313382b0ff5185aef33c674016c70442b1c46e98e427743257e40033ee586a14f77d1f59

Download Submit
\Program Files\iZotope\Audiolens\win64\iZotope Audiolens.exe

Filesize
201.9MB

MD5
2e682d268f1a21a0023d0eb8e445baa3

SHA1
0f218a80b267a8ad0dd2d94b39506f6391069683

SHA256
d02ff3983269455f78869004b0df331aaf1c7ac1a8d4749e010a113634286332

SHA512
9e0099928d0f42388a6048c726e1f37553a4b69c62427c014cc60360bf0d4fa8bb345d1ea005ac9f333be46a0f8bc17f2d2acc2bfbcdd51b8639a92bad01f760

Download Submit
\Program Files\iZotope\Audiolens\win64\iZotope Audiolens.exe

Filesize
212.8MB

MD5
6d570a17255afc052dba8c71650e064b

SHA1
92be959ddd74e63b27548e9e92e0d17e9a339e4c

SHA256
ed203b5f2b93f3e13ea0ab23f1c28baf0738dd1fb9c77067903ec66e39052be9

SHA512
d3f34a24aba464c4013fe672f6425e0eb23d35392431ee87995de821f2460409cb6811de88efe7d8737fe409189c2d622021d7ea0d612b6693a6c87559d6a339

Download Submit
\Program Files\iZotope\Audiolens\win64\iZotope Audiolens.exe

Filesize
179.8MB

MD5
930c9184e9aa0ea113d8428736a1cc95

SHA1
1fe77b9a4cdeede9a60be43728ff3d417a02d884

SHA256
cbed872c64c347c425cef867d85d3ce2ae04c6a7e4e37fdb08ba24ac901c6c76

SHA512
38bcad71f8aa441be63f06cf086368cacd2b0a9c65368e59697f4a0f52776f794acdabb46fa3a691f6cf8a6909919a1a60b68b24639ccb14a7705dc18c558a34

Download Submit
\Program Files\iZotope\Audiolens\win64\iZotope Audiolens.exe

Filesize
175.4MB

MD5
bc97b9e481159952fd0a98926f62dd9a

SHA1
dff540065092813912fff98342a24904ea260a42

SHA256
e49993b168727eb461cfceaba005dbe5e404365b8d60cfc5715560259b2808a9

SHA512
c6086e6d0a5023ef99e6e5f75040bff488fb868a5bd9033cd72964e9ff4c198cb287976de98e772b47bea0fcd60e2e1d774426aaa540fef02a7391343ffab7fd

Download Submit
\Program Files\iZotope\Audiolens\win64\iZotope Audiolens.exe

Filesize
181.3MB

MD5
60600b2eb05d222d5408799583304ae0

SHA1
bd3bfec8e38109866f63b7b4757c5c942bd576b5

SHA256
bf1765f143dc4d1718151b0fba016549281338a72343f7b09bcaee5d820bbbfc

SHA512
98bc0f1b0a5e6aa6ff8529485cd8ec14e7aa43df4f2a31ba7c7645c799b1f9984331d893db3dbca7cb4ca15c16d3f0896eedafa0dadb339a5ce7c28d5a64e1ff

Download Submit
\Program Files\iZotope\Audiolens\win64\iZotope Audiolens.exe

Filesize
178.9MB

MD5
9ee17c6bbf54facd038e3a10bfabaaec

SHA1
f6f4bb4aaf46cf9c2cb4f66f72eaf55cc35b4568

SHA256
65e39227d205bb48dafec4cdcb4df0a939ba89e96ad2ea4be5e22347f861ea85

SHA512
d05a68d362a356ee9ba0a925334910861bd8a891b19e61d7de67f08c65a67c67875269a9c596a29955bed2c6539c79f0e93361a102ea8e6179565f6ae5e2d4e2

Download Submit
\Users\Admin\AppData\Local\Temp\is-6R2DP.tmp\ISSKINU.DLL

Filesize
357KB

MD5
f30afccd6fafc1cad4567ada824c9358

SHA1
60a65b72f208563f90fba0da6af013a36707caa9

SHA256
e28d16fad16bca8198c47d7dd44acfd362dd6ba1654f700add8aaf2c0732622d

SHA512
59b199085ed4b59ef2b385a09d0901ff2efde7b344db1e900684a425fc2df8e2010ca73d2f2bffa547040cb1dd4c8938b175c463ccc5e39a840a19f9aa301a6c

Download Submit
\Users\Admin\AppData\Local\Temp\is-6R2DP.tmp\R2RINNO.dll

Filesize
4KB

MD5
5df8ada84a16f5dfc24096ef90a5ce3a

SHA1
5e7e9c68119c3a0a1afc92c60674bc8714492823

SHA256
48a9c8c332fde541b571d9d522d0e37834b452f55af8cbdc341b12222e78fb5b

SHA512
661b5219c74dd6e3a8e899a1b1a3002689d148e337d7323a174519366c9548c284ee76e2faa2f9600cd483db21093ee62399f0d7403c39523c654266760191c2

Download Submit
\Users\Admin\AppData\Local\Temp\is-6R2DP.tmp\SKIN.CJSTYLES

Filesize
813KB

MD5
5f87caf3f7cf63dde8e6af53bdf31289

SHA1
a2c3cc3d9d831acd797155b667db59a32000d7a8

SHA256
4731982b02b067d3f5a5a7518279a9265a49fb0f7b3f8dc3d61b82a5359d4940

SHA512
4875298d82037ef1fff1ee3c58a9059d8480274326c862729fcc56664ecb49e2692c3838948c66dc8336e4050469d831cbf1fbd79b66565ab673d2a67765109d

Download Submit
\Users\Admin\AppData\Local\Temp\is-OO0JT.tmp\Setup Audiolens v1.2.0.tmp

Filesize
1.1MB

MD5
34acc2bdb45a9c436181426828c4cb49

SHA1
5adaa1ac822e6128b8d4b59a54d19901880452ae

SHA256
9c81817acd4982632d8c7f1df3898fca1477577738184265d735f49fc5480f07

SHA512
134ff4022571efd46f7a62e99b857ebe834e9916c786345908010f9e1fb90be226b740ddee16ae9290fe45c86be7238c4555e422abe66a461d11545e19734beb

Download Submit
memory/2612-55-0x00000000752C0000-0x0000000075360000-memory.dmp

Filesize
640KB

Download
memory/2612-63-0x0000000076510000-0x0000000076593000-memory.dmp

Filesize
524KB

Download
memory/2612-29-0x00000000762C0000-0x00000000762EA000-memory.dmp

Filesize
168KB

Download
memory/2612-30-0x00000000742B0000-0x00000000742E2000-memory.dmp

Filesize
200KB

Download
memory/2612-31-0x0000000074130000-0x0000000074225000-memory.dmp

Filesize
980KB

Download
memory/2612-32-0x00000000767B0000-0x000000007694D000-memory.dmp

Filesize
1.6MB

Download
memory/2612-34-0x0000000074E60000-0x0000000074EEF000-memory.dmp

Filesize
572KB

Download
memory/2612-33-0x0000000010000000-0x0000000010061000-memory.dmp

Filesize
388KB

Download
memory/2612-35-0x0000000074AC0000-0x0000000074C1C000-memory.dmp

Filesize
1.4MB

Download
memory/2612-36-0x00000000752C0000-0x0000000075360000-memory.dmp

Filesize
640KB

Download
memory/2612-37-0x00000000749C0000-0x00000000749C9000-memory.dmp

Filesize
36KB

Download
memory/2612-38-0x0000000074770000-0x000000007490E000-memory.dmp

Filesize
1.6MB

Download
memory/2612-39-0x0000000074EF0000-0x0000000074F47000-memory.dmp

Filesize
348KB

Download
memory/2612-41-0x0000000076700000-0x000000007677B000-memory.dmp

Filesize
492KB

Download
memory/2612-40-0x0000000075360000-0x0000000075FAA000-memory.dmp

Filesize
12.3MB

Download
memory/2612-44-0x0000000076510000-0x0000000076593000-memory.dmp

Filesize
524KB

Download
memory/2612-45-0x0000000074510000-0x0000000074548000-memory.dmp

Filesize
224KB

Download
memory/2612-46-0x00000000744F0000-0x0000000074507000-memory.dmp

Filesize
92KB

Download
memory/2612-47-0x0000000074380000-0x000000007449F000-memory.dmp

Filesize
1.1MB

Download
memory/2612-49-0x0000000074230000-0x0000000074269000-memory.dmp

Filesize
228KB

Download
memory/2612-48-0x00000000742B0000-0x00000000742E2000-memory.dmp

Filesize
200KB

Download
memory/2612-50-0x0000000074130000-0x0000000074225000-memory.dmp

Filesize
980KB

Download
memory/2612-51-0x00000000767B0000-0x000000007694D000-memory.dmp

Filesize
1.6MB

Download
memory/2612-52-0x00000000740A0000-0x00000000740D6000-memory.dmp

Filesize
216KB

Download
memory/2612-53-0x0000000010000000-0x0000000010061000-memory.dmp

Filesize
388KB

Download
memory/2612-54-0x0000000074E60000-0x0000000074EEF000-memory.dmp

Filesize
572KB

Download
memory/2612-27-0x0000000074380000-0x000000007449F000-memory.dmp

Filesize
1.1MB

Download
memory/2612-56-0x00000000750F0000-0x000000007518D000-memory.dmp

Filesize
628KB

Download
memory/2612-57-0x0000000074750000-0x0000000074762000-memory.dmp

Filesize
72KB

Download
memory/2612-58-0x0000000074770000-0x000000007490E000-memory.dmp

Filesize
1.6MB

Download
memory/2612-59-0x0000000074EF0000-0x0000000074F47000-memory.dmp

Filesize
348KB

Download
memory/2612-60-0x0000000076700000-0x000000007677B000-memory.dmp

Filesize
492KB

Download
memory/2612-62-0x00000000749D0000-0x00000000749E3000-memory.dmp

Filesize
76KB

Download
memory/2612-28-0x00000000742F0000-0x000000007437C000-memory.dmp

Filesize
560KB

Download
memory/2612-64-0x00000000742F0000-0x000000007437C000-memory.dmp

Filesize
560KB

Download
memory/2612-65-0x00000000742B0000-0x00000000742E2000-memory.dmp

Filesize
200KB

Download
memory/2612-66-0x0000000074230000-0x0000000074269000-memory.dmp

Filesize
228KB

Download
memory/2612-67-0x0000000074130000-0x0000000074225000-memory.dmp

Filesize
980KB

Download
memory/2612-69-0x0000000076780000-0x00000000767A7000-memory.dmp

Filesize
156KB

Download
memory/2612-70-0x0000000010000000-0x0000000010061000-memory.dmp

Filesize
388KB

Download
memory/2612-68-0x00000000767B0000-0x000000007694D000-memory.dmp

Filesize
1.6MB

Download
memory/2612-71-0x00000000752C0000-0x0000000075360000-memory.dmp

Filesize
640KB

Download
memory/2612-72-0x00000000749C0000-0x00000000749C9000-memory.dmp

Filesize
36KB

Download
memory/2612-73-0x0000000074750000-0x0000000074762000-memory.dmp

Filesize
72KB

Download
memory/2612-77-0x0000000076510000-0x0000000076593000-memory.dmp

Filesize
524KB

Download
memory/2612-79-0x00000000742B0000-0x00000000742E2000-memory.dmp

Filesize
200KB

Download
memory/2612-80-0x0000000074230000-0x0000000074269000-memory.dmp

Filesize
228KB

Download
memory/2612-78-0x00000000742F0000-0x000000007437C000-memory.dmp

Filesize
560KB

Download
memory/2612-81-0x0000000074130000-0x0000000074225000-memory.dmp

Filesize
980KB

Download
memory/2612-82-0x00000000767B0000-0x000000007694D000-memory.dmp

Filesize
1.6MB

Download
memory/2612-75-0x0000000074EF0000-0x0000000074F47000-memory.dmp

Filesize
348KB

Download
memory/2612-83-0x00000000740A0000-0x00000000740D6000-memory.dmp

Filesize
216KB

Download
memory/2612-74-0x0000000074770000-0x000000007490E000-memory.dmp

Filesize
1.6MB

Download
memory/2612-84-0x0000000010000000-0x0000000010061000-memory.dmp

Filesize
388KB

Download
memory/2612-8-0x0000000000250000-0x0000000000251000-memory.dmp

Filesize
4KB

Download
memory/2612-16-0x0000000010000000-0x0000000010061000-memory.dmp

Filesize
388KB

Download
memory/2612-280-0x0000000000250000-0x0000000000251000-memory.dmp

Filesize
4KB

Download
memory/2612-25-0x0000000075360000-0x0000000075FAA000-memory.dmp

Filesize
12.3MB

Download
memory/2612-26-0x0000000074510000-0x0000000074548000-memory.dmp

Filesize
224KB

Download
memory/2612-24-0x0000000074EF0000-0x0000000074F47000-memory.dmp

Filesize
348KB

Download
memory/2612-23-0x00000000750F0000-0x000000007518D000-memory.dmp

Filesize
628KB

Download
memory/2612-22-0x00000000752C0000-0x0000000075360000-memory.dmp

Filesize
640KB

Download
memory/2612-21-0x0000000074AC0000-0x0000000074C1C000-memory.dmp

Filesize
1.4MB

Download
memory/2612-20-0x0000000074E60000-0x0000000074EEF000-memory.dmp

Filesize
572KB

Download
memory/2772-279-0x0000000000400000-0x0000000000428000-memory.dmp

Filesize
160KB

Download
memory/2772-1-0x0000000000400000-0x0000000000428000-memory.dmp

Filesize
160KB

Download
memory/2772-578-0x0000000000400000-0x0000000000428000-memory.dmp

Filesize
160KB

Download