3c04fbb7b3578f13a908a22bbfa105f54c17759d28fa8d036efec1fa6b7ed9f6

Analysis

max time kernel
121s
max time network
128s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
15-03-2024 20:23

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

fl_patch_installer_20_7_1.exe
Size

83.8MB
MD5

f95e0b452331ebd0763ffb880f1814c9
SHA1

0c223c4d3a81f76019ed188480050c45144a54f6
SHA256

3c04fbb7b3578f13a908a22bbfa105f54c17759d28fa8d036efec1fa6b7ed9f6
SHA512

28ca4fec72d9d51194863d8a37327e7c824a8fb4eaaf34efa02269d585e34a7335e1f6ebd5dfa7f154f9d9f4724324a016ce64fa7be5451f50094527cd3dca92
SSDEEP

1572864:oCI1wqyIPz6fTB42pMhkiEfXwH4iZYPwOJtEcXtsmZj7vYXnxdO3nufvWaUHOCmr:oCI1wOP2NbpM6iaXwH9YoOJtzsijunye

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
2816	fl_patch_installer_20_7_1.tmp

Loads dropped DLL 1 IoCs

pid	Process
1864	fl_patch_installer_20_7_1.exe

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File opened for modification	C:\Program Files\Image-Line\FL Studio 20\Plugins\Fruity\Generators\Fruity DrumSynth Live\Fruity DrumSynth Live_x64.dll	fl_patch_installer_20_7_1.tmp
File opened for modification	C:\Program Files\Image-Line\FL Studio 20\Plugins\Fruity\Generators\Transistor Bass\Transistor Bass_x64.dll	fl_patch_installer_20_7_1.tmp
File created	C:\Program Files\Image-Line\FL Studio 20\is-NN933.tmp	fl_patch_installer_20_7_1.tmp
File created	C:\Program Files\Image-Line\FL Studio 20\Plugins\Fruity\Generators\Harmless\is-EQ704.tmp	fl_patch_installer_20_7_1.tmp
File created	C:\Program Files\Image-Line\FL Studio 20\Plugins\Fruity\Generators\Slicex\is-015LD.tmp	fl_patch_installer_20_7_1.tmp
File opened for modification	C:\Program Files\Image-Line\FL Studio 20\Plugins\Fruity\Generators\Wasp\Wasp.dll	fl_patch_installer_20_7_1.tmp
File opened for modification	C:\Program Files\Image-Line\FL Studio 20\Plugins\Fruity\Effects\Newtime\Newtime_x64.dll	fl_patch_installer_20_7_1.tmp
File opened for modification	C:\Program Files\Image-Line\FL Studio 20\Plugins\Fruity\Effects\Edison\Edison.dll	fl_patch_installer_20_7_1.tmp
File created	C:\Program Files\Image-Line\FL Studio 20\Plugins\Fruity\Effects\Vocodex\Synthesizer\is-RBTL8.tmp	fl_patch_installer_20_7_1.tmp
File created	C:\Program Files\Image-Line\FL Studio 20\Plugins\Fruity\Generators\SimSynth\is-07NNP.tmp	fl_patch_installer_20_7_1.tmp
File created	C:\Program Files\Image-Line\FL Studio 20\Plugins\Fruity\Generators\Transistor Bass\is-CUI28.tmp	fl_patch_installer_20_7_1.tmp
File opened for modification	C:\Program Files\Image-Line\FL Studio 20\Plugins\Fruity\Effects\Vocodex\Vocodex_x64.dll	fl_patch_installer_20_7_1.tmp
File opened for modification	C:\Program Files\Image-Line\FL Studio 20\Plugins\Fruity\Generators\Fruity DX10\Fruity DX10_x64.dll	fl_patch_installer_20_7_1.tmp
File created	C:\Program Files\Image-Line\FL Studio 20\Plugins\Fruity\Effects\Newtone\is-Q4CH7.tmp	fl_patch_installer_20_7_1.tmp
File opened for modification	C:\Program Files\Image-Line\FL Studio 20\Plugins\Fruity\Generators\Wasp\Wasp_x64.dll	fl_patch_installer_20_7_1.tmp
File created	C:\Program Files\Image-Line\FL Studio 20\Plugins\Fruity\Effects\Newtime\is-JQFQB.tmp	fl_patch_installer_20_7_1.tmp
File opened for modification	C:\Program Files\Image-Line\FL Studio 20\Plugins\Fruity\Generators\Wasp XT\Wasp XT.dll	fl_patch_installer_20_7_1.tmp
File opened for modification	C:\Program Files\Image-Line\FL Studio 20\Plugins\Fruity\Effects\Maximus\Maximus_x64.dll	fl_patch_installer_20_7_1.tmp
File opened for modification	C:\Program Files\Image-Line\FL Studio 20\_FLEngine.dll	fl_patch_installer_20_7_1.tmp
File created	C:\Program Files\Image-Line\FL Studio 20\is-KUPGV.tmp	fl_patch_installer_20_7_1.tmp
File created	C:\Program Files\Image-Line\FL Studio 20\Plugins\Fruity\Effects\Gross Beat\is-J69LB.tmp	fl_patch_installer_20_7_1.tmp
File created	C:\Program Files\Image-Line\FL Studio 20\Plugins\Fruity\Effects\Maximus\is-26HOO.tmp	fl_patch_installer_20_7_1.tmp
File opened for modification	C:\Program Files\Image-Line\FL Studio 20\FLEngine.dll	fl_patch_installer_20_7_1.tmp
File opened for modification	C:\Program Files\Image-Line\FL Studio 20\Plugins\Fruity\Effects\Newtime\Newtime.dll	fl_patch_installer_20_7_1.tmp
File created	C:\Program Files\Image-Line\FL Studio 20\Plugins\Fruity\Generators\SimSynth\is-O8GOA.tmp	fl_patch_installer_20_7_1.tmp
File created	C:\Program Files\Image-Line\FL Studio 20\Plugins\Fruity\Generators\Wasp XT\is-CGJRJ.tmp	fl_patch_installer_20_7_1.tmp
File created	C:\Program Files\Image-Line\FL Studio 20\Plugins\Fruity\Effects\Vocodex\Synthesizer\is-TE1Q7.tmp	fl_patch_installer_20_7_1.tmp
File created	C:\Program Files\Image-Line\FL Studio 20\Plugins\Fruity\Generators\Harmless\is-HQA09.tmp	fl_patch_installer_20_7_1.tmp
File opened for modification	C:\Program Files\Image-Line\FL Studio 20\Plugins\Fruity\Generators\Harmor\Harmor_x64.dll	fl_patch_installer_20_7_1.tmp
File opened for modification	C:\Program Files\Image-Line\FL Studio 20\Plugins\Fruity\Generators\SimSynth\SimSynth_x64.dll	fl_patch_installer_20_7_1.tmp
File created	C:\Program Files\Image-Line\FL Studio 20\Plugins\Fruity\Effects\Edison\is-0LDSA.tmp	fl_patch_installer_20_7_1.tmp
File created	C:\Program Files\Image-Line\FL Studio 20\Plugins\Fruity\Generators\Fruity Video Player\is-HQ4FO.tmp	fl_patch_installer_20_7_1.tmp
File created	C:\Program Files\Image-Line\FL Studio 20\Plugins\Fruity\Generators\Ogun\is-HAMI2.tmp	fl_patch_installer_20_7_1.tmp
File created	C:\Program Files\Image-Line\FL Studio 20\Plugins\Fruity\Generators\Wasp\is-A0SRC.tmp	fl_patch_installer_20_7_1.tmp
File opened for modification	C:\Program Files\Image-Line\FL Studio 20\Plugins\Fruity\Effects\Vocodex\Vocodex.dll	fl_patch_installer_20_7_1.tmp
File opened for modification	C:\Program Files\Image-Line\FL Studio 20\Plugins\Fruity\Generators\Fruity DX10\Fruity DX10.dll	fl_patch_installer_20_7_1.tmp
File created	C:\Program Files\Image-Line\FL Studio 20\Plugins\Fruity\Generators\Fruity Soundfont Player\is-RKCI8.tmp	fl_patch_installer_20_7_1.tmp
File opened for modification	C:\Program Files\Image-Line\FL Studio 20\Plugins\Fruity\Generators\SimSynth\SimSynth.dll	fl_patch_installer_20_7_1.tmp
File opened for modification	C:\Program Files\Image-Line\FL Studio 20\Plugins\Fruity\Generators\Sytrus\Sytrus_x64.dll	fl_patch_installer_20_7_1.tmp
File opened for modification	C:\Program Files\Image-Line\FL Studio 20\Plugins\Fruity\Effects\Newtone\Newtone_x64.dll	fl_patch_installer_20_7_1.tmp
File opened for modification	C:\Program Files\Image-Line\FL Studio 20\Plugins\Fruity\Effects\Transient Processor\Transient Processor.dll	fl_patch_installer_20_7_1.tmp
File created	C:\Program Files\Image-Line\FL Studio 20\Plugins\Fruity\Effects\Edison\is-9C0R9.tmp	fl_patch_installer_20_7_1.tmp
File created	C:\Program Files\Image-Line\FL Studio 20\Plugins\Fruity\Generators\Fruity DX10\is-QTCL6.tmp	fl_patch_installer_20_7_1.tmp
File opened for modification	C:\Program Files\Image-Line\FL Studio 20\Plugins\Fruity\Generators\Harmor\Harmor.dll	fl_patch_installer_20_7_1.tmp
File opened for modification	C:\Program Files\Image-Line\FL Studio 20\Plugins\Fruity\Effects\Vocodex\Synthesizer\Sytrus.dll	fl_patch_installer_20_7_1.tmp
File opened for modification	C:\Program Files\Image-Line\FL Studio 20\Plugins\Fruity\Generators\Harmless\Harmless.dll	fl_patch_installer_20_7_1.tmp
File opened for modification	C:\Program Files\Image-Line\FL Studio 20\_FLEngine_x64.dll	fl_patch_installer_20_7_1.tmp
File opened for modification	C:\Program Files\Image-Line\FL Studio 20\Plugins\Fruity\Generators\Slicex\Slicex_x64.dll	fl_patch_installer_20_7_1.tmp
File opened for modification	C:\Program Files\Image-Line\FL Studio 20\Plugins\Fruity\Effects\Edison\Edison_x64.dll	fl_patch_installer_20_7_1.tmp
File opened for modification	C:\Program Files\Image-Line\FL Studio 20\Plugins\Fruity\Effects\Transient Processor\Transient Processor_x64.dll	fl_patch_installer_20_7_1.tmp
File opened for modification	C:\Program Files\Image-Line\FL Studio 20\Plugins\Fruity\Generators\Fruity Video Player\Fruity Video Player.dll	fl_patch_installer_20_7_1.tmp
File created	C:\Program Files\Image-Line\FL Studio 20\is-BSLLB.tmp	fl_patch_installer_20_7_1.tmp
File created	C:\Program Files\Image-Line\FL Studio 20\Plugins\Fruity\Effects\Newtime\is-H2JVK.tmp	fl_patch_installer_20_7_1.tmp
File created	C:\Program Files\Image-Line\FL Studio 20\Plugins\Fruity\Generators\Fruity Video Player\is-CF5R4.tmp	fl_patch_installer_20_7_1.tmp
File created	C:\Program Files\Image-Line\FL Studio 20\Plugins\Fruity\Generators\Harmor\is-SGMKM.tmp	fl_patch_installer_20_7_1.tmp
File created	C:\Program Files\Image-Line\FL Studio 20\Plugins\Fruity\Generators\Ogun\is-6LV7S.tmp	fl_patch_installer_20_7_1.tmp
File opened for modification	C:\Program Files\Image-Line\FL Studio 20\Plugins\Fruity\Generators\Slicex\Slicex.dll	fl_patch_installer_20_7_1.tmp
File opened for modification	C:\Program Files\Image-Line\FL Studio 20\Plugins\Fruity\Effects\Vocodex\Synthesizer\Sytrus_x64.dll	fl_patch_installer_20_7_1.tmp
File opened for modification	C:\Program Files\Image-Line\FL Studio 20\Plugins\Fruity\Generators\Ogun\Ogun_x64.dll	fl_patch_installer_20_7_1.tmp
File created	C:\Program Files\Image-Line\FL Studio 20\Plugins\Fruity\Effects\Vocodex\is-7J9UF.tmp	fl_patch_installer_20_7_1.tmp
File opened for modification	C:\Program Files\Image-Line\FL Studio 20\Plugins\Fruity\Effects\Newtone\Newtone.dll	fl_patch_installer_20_7_1.tmp
File opened for modification	C:\Program Files\Image-Line\FL Studio 20\Plugins\Fruity\Generators\Fruity Soundfont Player\Fruity Soundfont Player.dll	fl_patch_installer_20_7_1.tmp
File opened for modification	C:\Program Files\Image-Line\FL Studio 20\Plugins\Fruity\Generators\Wasp XT\Wasp XT_x64.dll	fl_patch_installer_20_7_1.tmp
File created	C:\Program Files\Image-Line\FL Studio 20\Plugins\Fruity\Effects\Newtone\is-8BMP3.tmp	fl_patch_installer_20_7_1.tmp

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
2816	fl_patch_installer_20_7_1.tmp
2816	fl_patch_installer_20_7_1.tmp

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2816	fl_patch_installer_20_7_1.tmp

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1864 wrote to memory of 2816	1864	fl_patch_installer_20_7_1.exe	28
PID 1864 wrote to memory of 2816	1864	fl_patch_installer_20_7_1.exe	28
PID 1864 wrote to memory of 2816	1864	fl_patch_installer_20_7_1.exe	28
PID 1864 wrote to memory of 2816	1864	fl_patch_installer_20_7_1.exe	28
PID 1864 wrote to memory of 2816	1864	fl_patch_installer_20_7_1.exe	28
PID 1864 wrote to memory of 2816	1864	fl_patch_installer_20_7_1.exe	28
PID 1864 wrote to memory of 2816	1864	fl_patch_installer_20_7_1.exe	28

C:\Users\Admin\AppData\Local\Temp\fl_patch_installer_20_7_1.exe
"C:\Users\Admin\AppData\Local\Temp\fl_patch_installer_20_7_1.exe"
1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:1864
- C:\Users\Admin\AppData\Local\Temp\is-9QIH1.tmp\fl_patch_installer_20_7_1.tmp
  "C:\Users\Admin\AppData\Local\Temp\is-9QIH1.tmp\fl_patch_installer_20_7_1.tmp" /SL5="$150152,87449283,125440,C:\Users\Admin\AppData\Local\Temp\fl_patch_installer_20_7_1.exe"
  2⤵
  - Executes dropped EXE
  - Drops file in Program Files directory
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of FindShellTrayWindow
  PID:2816

C:\Windows\explorer.exe
"C:\Windows\explorer.exe"
1⤵
PID:268

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\Image-Line\FL Studio 20\Plugins\Fruity\Generators\Wasp XT\is-CGJRJ.tmp

Filesize
2.9MB

MD5
864fda8e7a0b2c9aeb663864266e5ecb

SHA1
87ddbc16946d925bf337eef89f2759ece653bc49

SHA256
e6649541f250ad1dde971c555d39d7b0ea2a2813dd70f8ea3b74848fdc14f1f7

SHA512
93819852286e9f881ba1a87bfe0c7d56e236d224adb9bf3b323f5586da678237ad30b6c98357ce0e6d357f3087df7aac60bae6a5649e98171ad03ad72cd50ceb

Download Submit
\Users\Admin\AppData\Local\Temp\is-9QIH1.tmp\fl_patch_installer_20_7_1.tmp

Filesize
1.1MB

MD5
006c402fd22016b5a5a1c2180ca5ccc9

SHA1
dc8dae24ef11181d145c8d9f6f245f3b67a3e1d0

SHA256
5b246db2dfc1a5d000b0662e2a58e1cb9f89fdc87945597ec1e1f2f245fd7898

SHA512
caea20f48421f7918c9ead0316decba60460c74ff878666e0a48ae1e5b2eb41a37b03c1a59bc3aa416990e49cae155e19894461c28c225f4f9b42e184db289b1

Download Submit
memory/1864-0-0x0000000000400000-0x0000000000429000-memory.dmp

Filesize
164KB

Download
memory/1864-9-0x0000000000400000-0x0000000000429000-memory.dmp

Filesize
164KB

Download
memory/1864-111-0x0000000000400000-0x0000000000429000-memory.dmp

Filesize
164KB

Download
memory/2816-7-0x0000000000240000-0x0000000000241000-memory.dmp

Filesize
4KB

Download
memory/2816-10-0x0000000000400000-0x000000000052E000-memory.dmp

Filesize
1.2MB

Download
memory/2816-12-0x0000000000400000-0x000000000052E000-memory.dmp

Filesize
1.2MB

Download
memory/2816-13-0x0000000000240000-0x0000000000241000-memory.dmp

Filesize
4KB

Download
memory/2816-59-0x0000000000400000-0x000000000052E000-memory.dmp

Filesize
1.2MB

Download
memory/2816-109-0x0000000000400000-0x000000000052E000-memory.dmp

Filesize
1.2MB

Download