f7695730f1e5eaeaace310617f7c4174f63af6651fcce1de6572e19340df93d9

Resubmissions

28-11-2023 22:01

231128-1xdt4ach93 10

28-11-2023 21:22

231128-z763yscg9v 10

Analysis

max time kernel
115s
max time network
26s
platform
windows7_x64
resource
win7-20231020-en
resource tags

arch:x64arch:x86image:win7-20231020-enlocale:en-usos:windows7-x64system
submitted
28-11-2023 21:22

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Setup Audiolens v1.2.0.exe
Size

393.0MB
MD5

352aab786d3b494caab56cccef691058
SHA1

f091676fb82583eb779f9c9d11d3ab97aa64b509
SHA256

f7695730f1e5eaeaace310617f7c4174f63af6651fcce1de6572e19340df93d9
SHA512

55ac7b48dee59fb6d7b91060f7eee72bef3a5d246297fe04b172aa49dcefd0a7b18ede77361bbcc8899428b796cd87577f611517becc99bcdab72a1f5dc7ebc8
SSDEEP

12582912:5k0n3GZbJ9CkdaR/+znK/g8EVk6qSHMHvvw1zRcKMeeHkVshmWubL:KuYbJ97aMTK/gNVTqCMnyuP7HkV3tL

Score

7^/10

discovery

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
1588	Setup Audiolens v1.2.0.tmp

Loads dropped DLL 11 IoCs

pid	Process
1776	Setup Audiolens v1.2.0.exe
1588	Setup Audiolens v1.2.0.tmp
1588	Setup Audiolens v1.2.0.tmp
1588	Setup Audiolens v1.2.0.tmp
1588	Setup Audiolens v1.2.0.tmp
1588	Setup Audiolens v1.2.0.tmp
1588	Setup Audiolens v1.2.0.tmp
1264	Process not Found
1264	Process not Found
1264	Process not Found
1264	Process not Found

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Drops file in Program Files directory 6 IoCs

description	ioc	Process
File opened for modification	C:\Program Files\iZotope\Audiolens\unins000.dat	Setup Audiolens v1.2.0.tmp
File opened for modification	C:\Program Files\iZotope\Audiolens\win64\iZotope Audiolens.exe	Setup Audiolens v1.2.0.tmp
File created	C:\Program Files\iZotope\Audiolens\unins000.dat	Setup Audiolens v1.2.0.tmp
File created	C:\Program Files\iZotope\Audiolens\is-I1C5Q.tmp	Setup Audiolens v1.2.0.tmp
File created	C:\Program Files\iZotope\Audiolens\is-MNHGE.tmp	Setup Audiolens v1.2.0.tmp
File created	C:\Program Files\iZotope\Audiolens\win64\is-1CIRS.tmp	Setup Audiolens v1.2.0.tmp

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
1588	Setup Audiolens v1.2.0.tmp
1588	Setup Audiolens v1.2.0.tmp

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
1588	Setup Audiolens v1.2.0.tmp

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
1588	Setup Audiolens v1.2.0.tmp

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1776 wrote to memory of 1588	1776	Setup Audiolens v1.2.0.exe	28
PID 1776 wrote to memory of 1588	1776	Setup Audiolens v1.2.0.exe	28
PID 1776 wrote to memory of 1588	1776	Setup Audiolens v1.2.0.exe	28
PID 1776 wrote to memory of 1588	1776	Setup Audiolens v1.2.0.exe	28
PID 1776 wrote to memory of 1588	1776	Setup Audiolens v1.2.0.exe	28
PID 1776 wrote to memory of 1588	1776	Setup Audiolens v1.2.0.exe	28
PID 1776 wrote to memory of 1588	1776	Setup Audiolens v1.2.0.exe	28

C:\Users\Admin\AppData\Local\Temp\Setup Audiolens v1.2.0.exe
"C:\Users\Admin\AppData\Local\Temp\Setup Audiolens v1.2.0.exe"
1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:1776
- C:\Users\Admin\AppData\Local\Temp\is-N6T53.tmp\Setup Audiolens v1.2.0.tmp
  "C:\Users\Admin\AppData\Local\Temp\is-N6T53.tmp\Setup Audiolens v1.2.0.tmp" /SL5="$120150,411638018,121344,C:\Users\Admin\AppData\Local\Temp\Setup Audiolens v1.2.0.exe"
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Drops file in Program Files directory
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SetWindowsHookEx
  PID:1588

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\iZotope\Audiolens\win64\iZotope Audiolens.exe

Filesize
52.6MB

MD5
fd2e39e9a3f96c8f14dfad04a5305662

SHA1
4633965765660d40cdb18941b1efa367c2cae136

SHA256
f39ae3d0e1d14efac537a421d949e13815ee5d2ac2abb408ce1f576f6807b4ec

SHA512
d2dd9a0e790f971f01b3a97813dd596c85f6622ac6352995998b4b49f45d8bac174a985461ad93c4b361c0c9643585d5509a4cbc1317607f2782e46f66475ca0

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-N6T53.tmp\Setup Audiolens v1.2.0.tmp

Filesize
1.1MB

MD5
34acc2bdb45a9c436181426828c4cb49

SHA1
5adaa1ac822e6128b8d4b59a54d19901880452ae

SHA256
9c81817acd4982632d8c7f1df3898fca1477577738184265d735f49fc5480f07

SHA512
134ff4022571efd46f7a62e99b857ebe834e9916c786345908010f9e1fb90be226b740ddee16ae9290fe45c86be7238c4555e422abe66a461d11545e19734beb

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-N6T53.tmp\Setup Audiolens v1.2.0.tmp

Filesize
1.1MB

MD5
34acc2bdb45a9c436181426828c4cb49

SHA1
5adaa1ac822e6128b8d4b59a54d19901880452ae

SHA256
9c81817acd4982632d8c7f1df3898fca1477577738184265d735f49fc5480f07

SHA512
134ff4022571efd46f7a62e99b857ebe834e9916c786345908010f9e1fb90be226b740ddee16ae9290fe45c86be7238c4555e422abe66a461d11545e19734beb

Download Submit
\Program Files\iZotope\Audiolens\unins000.exe

Filesize
1.2MB

MD5
497ac9f4ac3c9cd160441bcc116ccd2f

SHA1
3bacb9522b2c6bb125b7f49121e90367b8bff0b3

SHA256
a372248c9f39f2c6ec456f582702a8b9f2af629b74cd7c220621b0a631762e7c

SHA512
82cd25f063361e18fd5fce6fef5b7645ad0a592745cf66da72a30672313382b0ff5185aef33c674016c70442b1c46e98e427743257e40033ee586a14f77d1f59

Download Submit
\Program Files\iZotope\Audiolens\win64\iZotope Audiolens.exe

Filesize
54.3MB

MD5
d640a9467fa97b64387369104206114f

SHA1
6e32ba4b4bead3e24d1bef8ade3b2723d8ef268a

SHA256
394ab0be90220adec1ccded17e44198b5ba4d20bbe149317526660b4e6713a92

SHA512
b1dbe5e7a14c986a22bee9e79f4e5e2bea8ac1db56b533456f3fd5791eea1a92dd985b8c2c255645d1245633b31ee4ec6118d7df65837b0cd36a0b25311c4c6b

Download Submit
\Program Files\iZotope\Audiolens\win64\iZotope Audiolens.exe

Filesize
53.7MB

MD5
495fee171ebcd42a49f4ee0b1bcfa882

SHA1
bc477f81a8ebd9fe16409cb7634cf3a572c87d68

SHA256
8f51f5b4196a5394d5df518d96a5ee02671372320f16b1175363b8da0aaba963

SHA512
4a6623d7b5bb330b01a80c0e96dbb301de0082bc0366c34b9835dba819716d1e6415703ac3a22928014d75f966384b62bda084264e6cde075f2c0f7f6bfdf669

Download Submit
\Program Files\iZotope\Audiolens\win64\iZotope Audiolens.exe

Filesize
25.5MB

MD5
0b1519977eecde62bd58f1067e5ea97b

SHA1
1c255b3f84e95480d24328a21470c4013af1788e

SHA256
ebe96e4b1c6bbad3cc99af9941e09ad334504d0b220c37f3fd488a8570f9756a

SHA512
908a89b5a8d09a5c1b219e8dcbb5718c2a4a81762c8311f85c3951386917685500448540c68530922259333b30595f9df575db12af15222cb4ef1e4dd34a44af

Download Submit
\Program Files\iZotope\Audiolens\win64\iZotope Audiolens.exe

Filesize
25.3MB

MD5
a2baa37aa92cdfc935dffcf7653a4877

SHA1
931ea2828ae7327111aa8d97d4e801786140c1d8

SHA256
134ce0af3cd4885f1f9b369b268234864d149c89f21b8c70f5be1d3854db0225

SHA512
652a2e98f3c916a0da30df125e9596c62f8cb87d7c08fad50fe2aba12ccb1c417cbdbb3657f39f15e6e4aea74e9accff12a3a30b8499a8ac25ac59f810a01e0b

Download Submit
\Program Files\iZotope\Audiolens\win64\iZotope Audiolens.exe

Filesize
25.2MB

MD5
783f5b5056066d13f4453a21186d02f6

SHA1
8a358bb6d421df4c5ec298f669e278310bc82fd9

SHA256
61a34d6a5074bfd4cdf067b1f5ac532c3de0dfa785c05979b035f9ebd03be5f3

SHA512
88880171002b0a5e1ffaf04d3bf4d13382f569f935f1e301b1b648f272418059606d9fc1fdb0922e1524d3230940e052e91cb78dbc0921f5e9b2ce45ec8e6971

Download Submit
\Program Files\iZotope\Audiolens\win64\iZotope Audiolens.exe

Filesize
25.2MB

MD5
fc40bf3e99d5470f110952652fdbe589

SHA1
838b3ded4b3e6c6af870e15373bdf942fb78b2db

SHA256
47c8403282956cedc6d2b74c1f9e30f29f61fa587653f7796037ba74c1272273

SHA512
a808d0b11bab6abd6c9b293199bcebfdd8f824af346acd0b11574bb013070e9e8610cb83be24ce6115395cf0926e524df165709fe4cf2c688ba06d13214f21df

Download Submit
\Users\Admin\AppData\Local\Temp\is-L00QA.tmp\ISSKINU.DLL

Filesize
357KB

MD5
f30afccd6fafc1cad4567ada824c9358

SHA1
60a65b72f208563f90fba0da6af013a36707caa9

SHA256
e28d16fad16bca8198c47d7dd44acfd362dd6ba1654f700add8aaf2c0732622d

SHA512
59b199085ed4b59ef2b385a09d0901ff2efde7b344db1e900684a425fc2df8e2010ca73d2f2bffa547040cb1dd4c8938b175c463ccc5e39a840a19f9aa301a6c

Download Submit
\Users\Admin\AppData\Local\Temp\is-L00QA.tmp\R2RINNO.dll

Filesize
4KB

MD5
5df8ada84a16f5dfc24096ef90a5ce3a

SHA1
5e7e9c68119c3a0a1afc92c60674bc8714492823

SHA256
48a9c8c332fde541b571d9d522d0e37834b452f55af8cbdc341b12222e78fb5b

SHA512
661b5219c74dd6e3a8e899a1b1a3002689d148e337d7323a174519366c9548c284ee76e2faa2f9600cd483db21093ee62399f0d7403c39523c654266760191c2

Download Submit
\Users\Admin\AppData\Local\Temp\is-L00QA.tmp\SKIN.CJSTYLES

Filesize
813KB

MD5
5f87caf3f7cf63dde8e6af53bdf31289

SHA1
a2c3cc3d9d831acd797155b667db59a32000d7a8

SHA256
4731982b02b067d3f5a5a7518279a9265a49fb0f7b3f8dc3d61b82a5359d4940

SHA512
4875298d82037ef1fff1ee3c58a9059d8480274326c862729fcc56664ecb49e2692c3838948c66dc8336e4050469d831cbf1fbd79b66565ab673d2a67765109d

Download Submit
\Users\Admin\AppData\Local\Temp\is-N6T53.tmp\Setup Audiolens v1.2.0.tmp

Filesize
1.1MB

MD5
34acc2bdb45a9c436181426828c4cb49

SHA1
5adaa1ac822e6128b8d4b59a54d19901880452ae

SHA256
9c81817acd4982632d8c7f1df3898fca1477577738184265d735f49fc5480f07

SHA512
134ff4022571efd46f7a62e99b857ebe834e9916c786345908010f9e1fb90be226b740ddee16ae9290fe45c86be7238c4555e422abe66a461d11545e19734beb

Download Submit
memory/1588-56-0x00000000754B0000-0x000000007554D000-memory.dmp

Filesize
628KB

Download
memory/1588-63-0x00000000767A0000-0x0000000076823000-memory.dmp

Filesize
524KB

Download
memory/1588-29-0x0000000075820000-0x000000007584A000-memory.dmp

Filesize
168KB

Download
memory/1588-30-0x0000000074E70000-0x0000000074EA2000-memory.dmp

Filesize
200KB

Download
memory/1588-31-0x0000000074AE0000-0x0000000074BD5000-memory.dmp

Filesize
980KB

Download
memory/1588-32-0x0000000077480000-0x000000007761D000-memory.dmp

Filesize
1.6MB

Download
memory/1588-34-0x00000000764C0000-0x000000007654F000-memory.dmp

Filesize
572KB

Download
memory/1588-35-0x0000000076360000-0x00000000764BC000-memory.dmp

Filesize
1.4MB

Download
memory/1588-36-0x0000000076220000-0x00000000762C0000-memory.dmp

Filesize
640KB

Download
memory/1588-33-0x0000000010000000-0x0000000010061000-memory.dmp

Filesize
388KB

Download
memory/1588-37-0x00000000750C0000-0x00000000750C9000-memory.dmp

Filesize
36KB

Download
memory/1588-38-0x00000000751D0000-0x000000007536E000-memory.dmp

Filesize
1.6MB

Download
memory/1588-39-0x0000000075DD0000-0x0000000075E27000-memory.dmp

Filesize
348KB

Download
memory/1588-40-0x0000000076830000-0x000000007747A000-memory.dmp

Filesize
12.3MB

Download
memory/1588-41-0x0000000075700000-0x000000007577B000-memory.dmp

Filesize
492KB

Download
memory/1588-44-0x00000000767A0000-0x0000000076823000-memory.dmp

Filesize
524KB

Download
memory/1588-45-0x0000000074F20000-0x0000000074F58000-memory.dmp

Filesize
224KB

Download
memory/1588-46-0x0000000074F00000-0x0000000074F17000-memory.dmp

Filesize
92KB

Download
memory/1588-47-0x0000000074CF0000-0x0000000074E0F000-memory.dmp

Filesize
1.1MB

Download
memory/1588-48-0x0000000074E70000-0x0000000074EA2000-memory.dmp

Filesize
200KB

Download
memory/1588-49-0x0000000074BE0000-0x0000000074C19000-memory.dmp

Filesize
228KB

Download
memory/1588-50-0x0000000074AE0000-0x0000000074BD5000-memory.dmp

Filesize
980KB

Download
memory/1588-51-0x0000000077480000-0x000000007761D000-memory.dmp

Filesize
1.6MB

Download
memory/1588-52-0x0000000074A70000-0x0000000074AA6000-memory.dmp

Filesize
216KB

Download
memory/1588-54-0x00000000764C0000-0x000000007654F000-memory.dmp

Filesize
572KB

Download
memory/1588-55-0x0000000076220000-0x00000000762C0000-memory.dmp

Filesize
640KB

Download
memory/1588-27-0x0000000074CF0000-0x0000000074E0F000-memory.dmp

Filesize
1.1MB

Download
memory/1588-53-0x0000000010000000-0x0000000010061000-memory.dmp

Filesize
388KB

Download
memory/1588-57-0x00000000750A0000-0x00000000750B2000-memory.dmp

Filesize
72KB

Download
memory/1588-58-0x00000000751D0000-0x000000007536E000-memory.dmp

Filesize
1.6MB

Download
memory/1588-60-0x0000000075700000-0x000000007577B000-memory.dmp

Filesize
492KB

Download
memory/1588-62-0x0000000075130000-0x0000000075143000-memory.dmp

Filesize
76KB

Download
memory/1588-59-0x0000000075DD0000-0x0000000075E27000-memory.dmp

Filesize
348KB

Download
memory/1588-28-0x0000000074C60000-0x0000000074CEC000-memory.dmp

Filesize
560KB

Download
memory/1588-65-0x0000000074E70000-0x0000000074EA2000-memory.dmp

Filesize
200KB

Download
memory/1588-66-0x0000000074BE0000-0x0000000074C19000-memory.dmp

Filesize
228KB

Download
memory/1588-64-0x0000000074C60000-0x0000000074CEC000-memory.dmp

Filesize
560KB

Download
memory/1588-67-0x0000000074AE0000-0x0000000074BD5000-memory.dmp

Filesize
980KB

Download
memory/1588-68-0x0000000077480000-0x000000007761D000-memory.dmp

Filesize
1.6MB

Download
memory/1588-69-0x0000000076060000-0x0000000076087000-memory.dmp

Filesize
156KB

Download
memory/1588-70-0x0000000010000000-0x0000000010061000-memory.dmp

Filesize
388KB

Download
memory/1588-71-0x0000000076220000-0x00000000762C0000-memory.dmp

Filesize
640KB

Download
memory/1588-73-0x00000000750A0000-0x00000000750B2000-memory.dmp

Filesize
72KB

Download
memory/1588-74-0x00000000751D0000-0x000000007536E000-memory.dmp

Filesize
1.6MB

Download
memory/1588-75-0x0000000075DD0000-0x0000000075E27000-memory.dmp

Filesize
348KB

Download
memory/1588-78-0x0000000074C60000-0x0000000074CEC000-memory.dmp

Filesize
560KB

Download
memory/1588-77-0x00000000767A0000-0x0000000076823000-memory.dmp

Filesize
524KB

Download
memory/1588-72-0x00000000750C0000-0x00000000750C9000-memory.dmp

Filesize
36KB

Download
memory/1588-79-0x0000000074E70000-0x0000000074EA2000-memory.dmp

Filesize
200KB

Download
memory/1588-80-0x0000000074BE0000-0x0000000074C19000-memory.dmp

Filesize
228KB

Download
memory/1588-81-0x0000000074AE0000-0x0000000074BD5000-memory.dmp

Filesize
980KB

Download
memory/1588-83-0x0000000074A70000-0x0000000074AA6000-memory.dmp

Filesize
216KB

Download
memory/1588-82-0x0000000077480000-0x000000007761D000-memory.dmp

Filesize
1.6MB

Download
memory/1588-84-0x0000000010000000-0x0000000010061000-memory.dmp

Filesize
388KB

Download
memory/1588-8-0x0000000000240000-0x0000000000241000-memory.dmp

Filesize
4KB

Download
memory/1588-16-0x0000000010000000-0x0000000010061000-memory.dmp

Filesize
388KB

Download
memory/1588-280-0x0000000000240000-0x0000000000241000-memory.dmp

Filesize
4KB

Download
memory/1588-26-0x0000000074F20000-0x0000000074F58000-memory.dmp

Filesize
224KB

Download
memory/1588-25-0x0000000076830000-0x000000007747A000-memory.dmp

Filesize
12.3MB

Download
memory/1588-24-0x0000000075DD0000-0x0000000075E27000-memory.dmp

Filesize
348KB

Download
memory/1588-23-0x00000000754B0000-0x000000007554D000-memory.dmp

Filesize
628KB

Download
memory/1588-22-0x0000000076220000-0x00000000762C0000-memory.dmp

Filesize
640KB

Download
memory/1588-21-0x0000000076360000-0x00000000764BC000-memory.dmp

Filesize
1.4MB

Download
memory/1588-20-0x00000000764C0000-0x000000007654F000-memory.dmp

Filesize
572KB

Download
memory/1776-279-0x0000000000400000-0x0000000000428000-memory.dmp

Filesize
160KB

Download
memory/1776-1-0x0000000000400000-0x0000000000428000-memory.dmp

Filesize
160KB

Download