f7695730f1e5eaeaace310617f7c4174f63af6651fcce1de6572e19340df93d9

Resubmissions

28-11-2023 22:01

231128-1xdt4ach93 10

28-11-2023 21:22

231128-z763yscg9v 10

Analysis

max time kernel
121s
max time network
133s
platform
windows10-2004_x64
resource
win10v2004-20231127-en
resource tags

arch:x64arch:x86image:win10v2004-20231127-enlocale:en-usos:windows10-2004-x64system
submitted
28-11-2023 21:22

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Setup Audiolens v1.2.0.exe
Size

393.0MB
MD5

352aab786d3b494caab56cccef691058
SHA1

f091676fb82583eb779f9c9d11d3ab97aa64b509
SHA256

f7695730f1e5eaeaace310617f7c4174f63af6651fcce1de6572e19340df93d9
SHA512

55ac7b48dee59fb6d7b91060f7eee72bef3a5d246297fe04b172aa49dcefd0a7b18ede77361bbcc8899428b796cd87577f611517becc99bcdab72a1f5dc7ebc8
SSDEEP

12582912:5k0n3GZbJ9CkdaR/+znK/g8EVk6qSHMHvvw1zRcKMeeHkVshmWubL:KuYbJ97aMTK/gNVTqCMnyuP7HkV3tL

Score

7^/10

discovery

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
4984	Setup Audiolens v1.2.0.tmp

Loads dropped DLL 4 IoCs

pid	Process
4984	Setup Audiolens v1.2.0.tmp
4984	Setup Audiolens v1.2.0.tmp
4984	Setup Audiolens v1.2.0.tmp
4984	Setup Audiolens v1.2.0.tmp

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Drops file in Program Files directory 6 IoCs

description	ioc	Process
File created	C:\Program Files\iZotope\Audiolens\is-FPMCE.tmp	Setup Audiolens v1.2.0.tmp
File created	C:\Program Files\iZotope\Audiolens\win64\is-IHJSK.tmp	Setup Audiolens v1.2.0.tmp
File opened for modification	C:\Program Files\iZotope\Audiolens\unins000.dat	Setup Audiolens v1.2.0.tmp
File opened for modification	C:\Program Files\iZotope\Audiolens\win64\iZotope Audiolens.exe	Setup Audiolens v1.2.0.tmp
File created	C:\Program Files\iZotope\Audiolens\unins000.dat	Setup Audiolens v1.2.0.tmp
File created	C:\Program Files\iZotope\Audiolens\is-OEDOL.tmp	Setup Audiolens v1.2.0.tmp

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
4984	Setup Audiolens v1.2.0.tmp
4984	Setup Audiolens v1.2.0.tmp

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
4984	Setup Audiolens v1.2.0.tmp

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
4984	Setup Audiolens v1.2.0.tmp

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 3932 wrote to memory of 4984	3932	Setup Audiolens v1.2.0.exe	91
PID 3932 wrote to memory of 4984	3932	Setup Audiolens v1.2.0.exe	91
PID 3932 wrote to memory of 4984	3932	Setup Audiolens v1.2.0.exe	91

C:\Users\Admin\AppData\Local\Temp\Setup Audiolens v1.2.0.exe
"C:\Users\Admin\AppData\Local\Temp\Setup Audiolens v1.2.0.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:3932
- C:\Users\Admin\AppData\Local\Temp\is-LEVKT.tmp\Setup Audiolens v1.2.0.tmp
  "C:\Users\Admin\AppData\Local\Temp\is-LEVKT.tmp\Setup Audiolens v1.2.0.tmp" /SL5="$B0204,411638018,121344,C:\Users\Admin\AppData\Local\Temp\Setup Audiolens v1.2.0.exe"
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Drops file in Program Files directory
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SetWindowsHookEx
  PID:4984

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\iZotope\Audiolens\win64\iZotope Audiolens.exe

Filesize
114.5MB

MD5
cf64f4aebc961afb56aa65d01efe9d54

SHA1
cc404ca892b8d3ad65f54c8714312a5a5aaeec9b

SHA256
8115e031da7200bc9f5d8f2ca1e35970d2ea67e417a04405e7ead6ca83dff168

SHA512
bd3d4c55bf7cb7cde529187a2f8ff24b3c6bf0e500b469f68fd80854058fcf72014a23db63fbf4c928f38d0954a870c4fc8fc10321e9ed6b51c58738320e0703

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-LEVKT.tmp\Setup Audiolens v1.2.0.tmp

Filesize
1.1MB

MD5
34acc2bdb45a9c436181426828c4cb49

SHA1
5adaa1ac822e6128b8d4b59a54d19901880452ae

SHA256
9c81817acd4982632d8c7f1df3898fca1477577738184265d735f49fc5480f07

SHA512
134ff4022571efd46f7a62e99b857ebe834e9916c786345908010f9e1fb90be226b740ddee16ae9290fe45c86be7238c4555e422abe66a461d11545e19734beb

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-LEVKT.tmp\Setup Audiolens v1.2.0.tmp

Filesize
1.1MB

MD5
34acc2bdb45a9c436181426828c4cb49

SHA1
5adaa1ac822e6128b8d4b59a54d19901880452ae

SHA256
9c81817acd4982632d8c7f1df3898fca1477577738184265d735f49fc5480f07

SHA512
134ff4022571efd46f7a62e99b857ebe834e9916c786345908010f9e1fb90be226b740ddee16ae9290fe45c86be7238c4555e422abe66a461d11545e19734beb

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-RD8JU.tmp\ISSKINU.DLL

Filesize
357KB

MD5
f30afccd6fafc1cad4567ada824c9358

SHA1
60a65b72f208563f90fba0da6af013a36707caa9

SHA256
e28d16fad16bca8198c47d7dd44acfd362dd6ba1654f700add8aaf2c0732622d

SHA512
59b199085ed4b59ef2b385a09d0901ff2efde7b344db1e900684a425fc2df8e2010ca73d2f2bffa547040cb1dd4c8938b175c463ccc5e39a840a19f9aa301a6c

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-RD8JU.tmp\R2RINNO.dll

Filesize
4KB

MD5
5df8ada84a16f5dfc24096ef90a5ce3a

SHA1
5e7e9c68119c3a0a1afc92c60674bc8714492823

SHA256
48a9c8c332fde541b571d9d522d0e37834b452f55af8cbdc341b12222e78fb5b

SHA512
661b5219c74dd6e3a8e899a1b1a3002689d148e337d7323a174519366c9548c284ee76e2faa2f9600cd483db21093ee62399f0d7403c39523c654266760191c2

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-RD8JU.tmp\SKIN.CJSTYLES

Filesize
813KB

MD5
5f87caf3f7cf63dde8e6af53bdf31289

SHA1
a2c3cc3d9d831acd797155b667db59a32000d7a8

SHA256
4731982b02b067d3f5a5a7518279a9265a49fb0f7b3f8dc3d61b82a5359d4940

SHA512
4875298d82037ef1fff1ee3c58a9059d8480274326c862729fcc56664ecb49e2692c3838948c66dc8336e4050469d831cbf1fbd79b66565ab673d2a67765109d

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-RD8JU.tmp\SKIN.CJSTYLES

Filesize
813KB

MD5
5f87caf3f7cf63dde8e6af53bdf31289

SHA1
a2c3cc3d9d831acd797155b667db59a32000d7a8

SHA256
4731982b02b067d3f5a5a7518279a9265a49fb0f7b3f8dc3d61b82a5359d4940

SHA512
4875298d82037ef1fff1ee3c58a9059d8480274326c862729fcc56664ecb49e2692c3838948c66dc8336e4050469d831cbf1fbd79b66565ab673d2a67765109d

Download Submit
memory/3932-0-0x0000000000400000-0x0000000000428000-memory.dmp

Filesize
160KB

Download
memory/3932-2-0x0000000000400000-0x0000000000428000-memory.dmp

Filesize
160KB

Download
memory/3932-339-0x0000000000400000-0x0000000000428000-memory.dmp

Filesize
160KB

Download
memory/3932-160-0x0000000000400000-0x0000000000428000-memory.dmp

Filesize
160KB

Download
memory/4984-47-0x0000000075440000-0x0000000075650000-memory.dmp

Filesize
2.1MB

Download
memory/4984-53-0x0000000075440000-0x0000000075650000-memory.dmp

Filesize
2.1MB

Download
memory/4984-24-0x0000000076AB0000-0x0000000076B2A000-memory.dmp

Filesize
488KB

Download
memory/4984-25-0x0000000010000000-0x0000000010061000-memory.dmp

Filesize
388KB

Download
memory/4984-26-0x0000000076AB0000-0x0000000076B2A000-memory.dmp

Filesize
488KB

Download
memory/4984-27-0x0000000077750000-0x0000000077775000-memory.dmp

Filesize
148KB

Download
memory/4984-28-0x0000000010000000-0x0000000010061000-memory.dmp

Filesize
388KB

Download
memory/4984-29-0x0000000076AB0000-0x0000000076B2A000-memory.dmp

Filesize
488KB

Download
memory/4984-30-0x0000000077750000-0x0000000077775000-memory.dmp

Filesize
148KB

Download
memory/4984-31-0x0000000074740000-0x0000000074770000-memory.dmp

Filesize
192KB

Download
memory/4984-32-0x0000000010000000-0x0000000010061000-memory.dmp

Filesize
388KB

Download
memory/4984-33-0x0000000010000000-0x0000000010061000-memory.dmp

Filesize
388KB

Download
memory/4984-34-0x0000000077750000-0x0000000077775000-memory.dmp

Filesize
148KB

Download
memory/4984-35-0x0000000010000000-0x0000000010061000-memory.dmp

Filesize
388KB

Download
memory/4984-36-0x0000000010000000-0x0000000010061000-memory.dmp

Filesize
388KB

Download
memory/4984-37-0x0000000076D00000-0x0000000076DE3000-memory.dmp

Filesize
908KB

Download
memory/4984-38-0x0000000075660000-0x0000000075C13000-memory.dmp

Filesize
5.7MB

Download
memory/4984-39-0x0000000076A00000-0x0000000076AAF000-memory.dmp

Filesize
700KB

Download
memory/4984-40-0x0000000075440000-0x0000000075650000-memory.dmp

Filesize
2.1MB

Download
memory/4984-41-0x0000000074570000-0x0000000074692000-memory.dmp

Filesize
1.1MB

Download
memory/4984-42-0x0000000010000000-0x0000000010061000-memory.dmp

Filesize
388KB

Download
memory/4984-43-0x0000000075F40000-0x000000007601C000-memory.dmp

Filesize
880KB

Download
memory/4984-44-0x0000000076D00000-0x0000000076DE3000-memory.dmp

Filesize
908KB

Download
memory/4984-45-0x0000000075660000-0x0000000075C13000-memory.dmp

Filesize
5.7MB

Download
memory/4984-46-0x0000000076A00000-0x0000000076AAF000-memory.dmp

Filesize
700KB

Download
memory/4984-22-0x0000000076AB0000-0x0000000076B2A000-memory.dmp

Filesize
488KB

Download
memory/4984-48-0x00000000753C0000-0x0000000075434000-memory.dmp

Filesize
464KB

Download
memory/4984-49-0x0000000074570000-0x0000000074692000-memory.dmp

Filesize
1.1MB

Download
memory/4984-50-0x0000000010000000-0x0000000010061000-memory.dmp

Filesize
388KB

Download
memory/4984-51-0x0000000075660000-0x0000000075C13000-memory.dmp

Filesize
5.7MB

Download
memory/4984-52-0x0000000076A00000-0x0000000076AAF000-memory.dmp

Filesize
700KB

Download
memory/4984-23-0x0000000010000000-0x0000000010061000-memory.dmp

Filesize
388KB

Download
memory/4984-54-0x00000000753C0000-0x0000000075434000-memory.dmp

Filesize
464KB

Download
memory/4984-56-0x0000000010000000-0x0000000010061000-memory.dmp

Filesize
388KB

Download
memory/4984-55-0x0000000074570000-0x0000000074692000-memory.dmp

Filesize
1.1MB

Download
memory/4984-57-0x0000000075660000-0x0000000075C13000-memory.dmp

Filesize
5.7MB

Download
memory/4984-58-0x0000000076A00000-0x0000000076AAF000-memory.dmp

Filesize
700KB

Download
memory/4984-59-0x0000000075440000-0x0000000075650000-memory.dmp

Filesize
2.1MB

Download
memory/4984-60-0x0000000077750000-0x0000000077775000-memory.dmp

Filesize
148KB

Download
memory/4984-61-0x00000000753C0000-0x0000000075434000-memory.dmp

Filesize
464KB

Download
memory/4984-62-0x0000000074570000-0x0000000074692000-memory.dmp

Filesize
1.1MB

Download
memory/4984-63-0x0000000010000000-0x0000000010061000-memory.dmp

Filesize
388KB

Download
memory/4984-64-0x0000000075660000-0x0000000075C13000-memory.dmp

Filesize
5.7MB

Download
memory/4984-65-0x0000000076A00000-0x0000000076AAF000-memory.dmp

Filesize
700KB

Download
memory/4984-66-0x0000000075440000-0x0000000075650000-memory.dmp

Filesize
2.1MB

Download
memory/4984-67-0x00000000753C0000-0x0000000075434000-memory.dmp

Filesize
464KB

Download
memory/4984-68-0x0000000074570000-0x0000000074692000-memory.dmp

Filesize
1.1MB

Download
memory/4984-69-0x0000000010000000-0x0000000010061000-memory.dmp

Filesize
388KB

Download
memory/4984-70-0x0000000075F40000-0x000000007601C000-memory.dmp

Filesize
880KB

Download
memory/4984-71-0x0000000076D00000-0x0000000076DE3000-memory.dmp

Filesize
908KB

Download
memory/4984-72-0x0000000075660000-0x0000000075C13000-memory.dmp

Filesize
5.7MB

Download
memory/4984-73-0x0000000076A00000-0x0000000076AAF000-memory.dmp

Filesize
700KB

Download
memory/4984-74-0x0000000075440000-0x0000000075650000-memory.dmp

Filesize
2.1MB

Download
memory/4984-75-0x00000000753C0000-0x0000000075434000-memory.dmp

Filesize
464KB

Download
memory/4984-78-0x0000000075660000-0x0000000075C13000-memory.dmp

Filesize
5.7MB

Download
memory/4984-77-0x0000000010000000-0x0000000010061000-memory.dmp

Filesize
388KB

Download
memory/4984-76-0x0000000074570000-0x0000000074692000-memory.dmp

Filesize
1.1MB

Download
memory/4984-79-0x0000000075440000-0x0000000075650000-memory.dmp

Filesize
2.1MB

Download
memory/4984-80-0x0000000010000000-0x0000000010061000-memory.dmp

Filesize
388KB

Download
memory/4984-21-0x0000000010000000-0x0000000010061000-memory.dmp

Filesize
388KB

Download
memory/4984-162-0x0000000000710000-0x0000000000711000-memory.dmp

Filesize
4KB

Download
memory/4984-20-0x0000000076AB0000-0x0000000076B2A000-memory.dmp

Filesize
488KB

Download
memory/4984-14-0x0000000010000000-0x0000000010061000-memory.dmp

Filesize
388KB

Download
memory/4984-6-0x0000000000710000-0x0000000000711000-memory.dmp

Filesize
4KB

Download