e9ba725c4e84213a9379abf1685c9a4581b83b78a245b71d5dfbd064f6878933

Analysis

max time kernel
159s
max time network
321s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
28-03-2024 15:51

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

FL Studio v21.2.3 [4004].exe
Size

1021.3MB
MD5

e175044a06322fcce7529df21a178d1b
SHA1

680aeb47b8f1dc749c6371a009d1d8f5035fcdec
SHA256

e9ba725c4e84213a9379abf1685c9a4581b83b78a245b71d5dfbd064f6878933
SHA512

ad90e9355923c68819d5a999f1a36c052d917b1cfec4712d9b0ae28aebbb8a7d096fdb0b4bd7f713240b1841a535a38ab80c9e37e67e3a30aadb8738c0015a04
SSDEEP

25165824:y2gWnKmCZREvIDFQp3851ixBeCX/jwp/6XC+:kWnUZtpQqfHmrwp/kN

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 1 IoCs

Processes:

flstudio_win64_21.2.3.4004.exe

pid process

548 flstudio_win64_21.2.3.4004.exe

pid	process
548	flstudio_win64_21.2.3.4004.exe

Loads dropped DLL 15 IoCs

Processes:

FL Studio v21.2.3 [4004].exeflstudio_win64_21.2.3.4004.exe

pid	process
2604	FL Studio v21.2.3 [4004].exe
2604	FL Studio v21.2.3 [4004].exe
548	flstudio_win64_21.2.3.4004.exe
548	flstudio_win64_21.2.3.4004.exe
548	flstudio_win64_21.2.3.4004.exe
548	flstudio_win64_21.2.3.4004.exe
548	flstudio_win64_21.2.3.4004.exe
548	flstudio_win64_21.2.3.4004.exe
548	flstudio_win64_21.2.3.4004.exe
548	flstudio_win64_21.2.3.4004.exe
548	flstudio_win64_21.2.3.4004.exe
548	flstudio_win64_21.2.3.4004.exe
548	flstudio_win64_21.2.3.4004.exe
548	flstudio_win64_21.2.3.4004.exe
548	flstudio_win64_21.2.3.4004.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious use of WriteProcessMemory 4 IoCs

Processes:

FL Studio v21.2.3 [4004].exe

description	pid	process	target process
PID 2604 wrote to memory of 548	2604	FL Studio v21.2.3 [4004].exe	flstudio_win64_21.2.3.4004.exe
PID 2604 wrote to memory of 548	2604	FL Studio v21.2.3 [4004].exe	flstudio_win64_21.2.3.4004.exe
PID 2604 wrote to memory of 548	2604	FL Studio v21.2.3 [4004].exe	flstudio_win64_21.2.3.4004.exe
PID 2604 wrote to memory of 548	2604	FL Studio v21.2.3 [4004].exe	flstudio_win64_21.2.3.4004.exe

C:\Users\Admin\AppData\Local\Temp\FL Studio v21.2.3 [4004].exe
"C:\Users\Admin\AppData\Local\Temp\FL Studio v21.2.3 [4004].exe"
1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:2604
- C:\Users\Admin\AppData\Local\Temp\nsf7956.tmp\flstudio_win64_21.2.3.4004.exe
  C:\Users\Admin\AppData\Local\Temp\nsf7956.tmp\flstudio_win64_21.2.3.4004.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  PID:548

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\nsf7956.tmp\flstudio_win64_21.2.3.4004.exe

Filesize
312.6MB

MD5
8ba1cbdc20bc440cab819b38f1d8598e

SHA1
bf19f9a9eb03c6b12fc64f69b5c6536eef6cf355

SHA256
38c568a09996bdf736e79520623ee2bce76b1f0081e43914908b84966f9aba6c

SHA512
012246d5c1165f2335e114b947d2b6581d8f3c90c34af54ed11446f66de7785ca2a26521a47654e75f013ffb65735f0e92a8fc23178d77df19b67326179f4bb1

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsf7956.tmp\flstudio_win64_21.2.3.4004.exe

Filesize
781.7MB

MD5
eb832d3b82adbc831bfef8dd7f9bbe92

SHA1
2c693fc5e6771a03d852d3bdf044144c3acebed6

SHA256
9b632f6451a3a79e9e14e5c7b049348af2705d2e454ec93a17dc33dc67eca1b8

SHA512
336a390b8607d582478115ac2c14cc3a550313242b7b87ee4c6faf79f9c02a21b5fff6fc14bd36e90e6c35df633bb76fdc786e0ad321e757cdaf8666b81adc85

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsqF671.tmp\ioSpecial.ini

Filesize
1KB

MD5
df71c8a60d9b3bb88dd0b7ad38383bf7

SHA1
98128c97bec9fd949d3a8ddbc395ca46f2e25b81

SHA256
9b91ee85f8d7c7bf3c3d23bd8241f1719d2895d54f06f921f5ba1369f96e7d6e

SHA512
2bc7f8b364ea8267c828b537b51b91c8bf59771adede0bead5865846e5fcf6c8d3a53f00be01123b990e6409521cfb444c9014b2acdbdb9f33f5e2ae7d237f55

Download Submit
\Users\Admin\AppData\Local\Temp\nsf7956.tmp\System.dll

Filesize
12KB

MD5
8cf2ac271d7679b1d68eefc1ae0c5618

SHA1
7cc1caaa747ee16dc894a600a4256f64fa65a9b8

SHA256
6950991102462d84fdc0e3b0ae30c95af8c192f77ce3d78e8d54e6b22f7c09ba

SHA512
ce828fb9ecd7655cc4c974f78f209d3326ba71ced60171a45a437fc3fff3bd0d69a0997adaca29265c7b5419bdea2b17f8cc8ceae1b8ce6b22b7ed9120bb5ad3

Download Submit
\Users\Admin\AppData\Local\Temp\nsf7956.tmp\flstudio_win64_21.2.3.4004.exe

Filesize
691.5MB

MD5
14ec0b45ef1069a51d9e4644c496fa77

SHA1
b1a30e837d5f6c900f84a3badc54048af5e9986f

SHA256
bdf546e9a993f2e2e1b37904e73c5cb079660641d4c5690b33086a9205962135

SHA512
a0b712b5605a5c681eb83522efbff46217da22a8e7462a95c8248eefa7145168f56dcfb55ac9a7ab4306aaaf3a10a2b837d11455ed6bcf481e5932f840755a08

Download Submit
\Users\Admin\AppData\Local\Temp\nsqF671.tmp\ILSetup.dll

Filesize
1.0MB

MD5
cd50c47c010aa1e6abd8bd8ce98fb8c5

SHA1
547e445c42b39041204c012f95e146ba7bb3442b

SHA256
1ea1404b5e14ee8572575d941ef27437a534b46aa1d23e112cf40f4144cbb7ca

SHA512
f4c54f3403633167572e36867a0e99164de2cafe873505922b055b65b63809729a89ab3df092a634d18fe2fb8d3d1060a908349ef61b88ff0750815347a4fa53

Download Submit
\Users\Admin\AppData\Local\Temp\nsqF671.tmp\InstallOptions.dll

Filesize
15KB

MD5
998189882c9f1be220c9faf0fd2bde15

SHA1
787d50c46c9a2a48565f684fabc7503aca8b0493

SHA256
f34385901206a3952fe2724edb3b0b123fd897119c774ab68c8745de6662d990

SHA512
e0c52ad851b476e7bcbadea8f993e5c6f9f70a9b46e2aebe8ee353a372b0bd5af95241240f880f49b9d91d240a4a2b7e7d2b7c8a18ca1654e607fa8d2772dfd6

Download Submit
\Users\Admin\AppData\Local\Temp\nsqF671.tmp\System.dll

Filesize
11KB

MD5
24523fe14bb9ba400a3950016b187915

SHA1
6ec152b4e4ac04038d4608a8a206070185116036

SHA256
c4aaf80e3990185eeb5ea56bf841dbf5f3d02269d715f3bfdfe8b54aa797a7b9

SHA512
ae73351d27109187f7c4e312bc30a165202f29d74c65dd0feaee75dab72b97d27c6482b1e95771063afec7e9f2ca03a27a11cd25e39228072b69c33fffef7257

Download Submit
\Users\Admin\AppData\Local\Temp\nsqF671.tmp\UAC.dll

Filesize
14KB

MD5
adb29e6b186daa765dc750128649b63d

SHA1
160cbdc4cb0ac2c142d361df138c537aa7e708c9

SHA256
2f7f8fc05dc4fd0d5cda501b47e4433357e887bbfed7292c028d99c73b52dc08

SHA512
b28adcccf0c33660fecd6f95f28f11f793dc9988582187617b4c113fb4e6fdad4cf7694cd8c0300a477e63536456894d119741a940dda09b7df3ff0087a7eada

Download Submit
\Users\Admin\AppData\Local\Temp\nsqF671.tmp\UserMgr.dll

Filesize
23KB

MD5
9210597fba3dfab3c69b1eb490205419

SHA1
6e3ca39043756ed1cceaf2d4853e7cb6be1c64cb

SHA256
7696c255014a543f720e189ab3fe48f62fcf43435465062649c96138eedb222f

SHA512
4877daefdd34725791fba7c8cc2d85c4e91080ca7787a71ee9ffde71704ac40799b891f03d1f1805a31af6ddc35e335f74c9d620e87d517670a378c001cffb06

Download Submit
memory/548-25-0x0000000003A60000-0x0000000003B6B000-memory.dmp

Filesize
1.0MB

Download
memory/548-77-0x0000000003AF0000-0x0000000003BFB000-memory.dmp

Filesize
1.0MB

Download