e9ba725c4e84213a9379abf1685c9a4581b83b78a245b71d5dfbd064f6878933

Analysis

max time kernel
159s
max time network
244s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
28-03-2024 15:51

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

FL Studio v21.2.3 [4004].exe
Size

1021.3MB
MD5

e175044a06322fcce7529df21a178d1b
SHA1

680aeb47b8f1dc749c6371a009d1d8f5035fcdec
SHA256

e9ba725c4e84213a9379abf1685c9a4581b83b78a245b71d5dfbd064f6878933
SHA512

ad90e9355923c68819d5a999f1a36c052d917b1cfec4712d9b0ae28aebbb8a7d096fdb0b4bd7f713240b1841a535a38ab80c9e37e67e3a30aadb8738c0015a04
SSDEEP

25165824:y2gWnKmCZREvIDFQp3851ixBeCX/jwp/6XC+:kWnUZtpQqfHmrwp/kN

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 1 IoCs

Processes:

flstudio_win64_21.2.3.4004.exe

pid process

2252 flstudio_win64_21.2.3.4004.exe

pid	process
2252	flstudio_win64_21.2.3.4004.exe

Loads dropped DLL 17 IoCs

Processes:

FL Studio v21.2.3 [4004].exeflstudio_win64_21.2.3.4004.exe

pid	process
1324	FL Studio v21.2.3 [4004].exe
2252	flstudio_win64_21.2.3.4004.exe
2252	flstudio_win64_21.2.3.4004.exe
2252	flstudio_win64_21.2.3.4004.exe
2252	flstudio_win64_21.2.3.4004.exe
2252	flstudio_win64_21.2.3.4004.exe
2252	flstudio_win64_21.2.3.4004.exe
2252	flstudio_win64_21.2.3.4004.exe
2252	flstudio_win64_21.2.3.4004.exe
2252	flstudio_win64_21.2.3.4004.exe
2252	flstudio_win64_21.2.3.4004.exe
2252	flstudio_win64_21.2.3.4004.exe
2252	flstudio_win64_21.2.3.4004.exe
2252	flstudio_win64_21.2.3.4004.exe
2252	flstudio_win64_21.2.3.4004.exe
2252	flstudio_win64_21.2.3.4004.exe
2252	flstudio_win64_21.2.3.4004.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious use of WriteProcessMemory 3 IoCs

Processes:

FL Studio v21.2.3 [4004].exe

description	pid	process	target process
PID 1324 wrote to memory of 2252	1324	FL Studio v21.2.3 [4004].exe	flstudio_win64_21.2.3.4004.exe
PID 1324 wrote to memory of 2252	1324	FL Studio v21.2.3 [4004].exe	flstudio_win64_21.2.3.4004.exe
PID 1324 wrote to memory of 2252	1324	FL Studio v21.2.3 [4004].exe	flstudio_win64_21.2.3.4004.exe

C:\Users\Admin\AppData\Local\Temp\FL Studio v21.2.3 [4004].exe
"C:\Users\Admin\AppData\Local\Temp\FL Studio v21.2.3 [4004].exe"
1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:1324
- C:\Users\Admin\AppData\Local\Temp\nsc620D.tmp\flstudio_win64_21.2.3.4004.exe
  C:\Users\Admin\AppData\Local\Temp\nsc620D.tmp\flstudio_win64_21.2.3.4004.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  PID:2252

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\nsc620D.tmp\System.dll

Filesize
12KB

MD5
8cf2ac271d7679b1d68eefc1ae0c5618

SHA1
7cc1caaa747ee16dc894a600a4256f64fa65a9b8

SHA256
6950991102462d84fdc0e3b0ae30c95af8c192f77ce3d78e8d54e6b22f7c09ba

SHA512
ce828fb9ecd7655cc4c974f78f209d3326ba71ced60171a45a437fc3fff3bd0d69a0997adaca29265c7b5419bdea2b17f8cc8ceae1b8ce6b22b7ed9120bb5ad3

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsc620D.tmp\flstudio_win64_21.2.3.4004.exe

Filesize
787.7MB

MD5
9b8312c4aaee1e3d914f120724b5854a

SHA1
20e83d40cca8ed377e812931e1c2cad997316c51

SHA256
b03cf252528decf4c03e3d13e124104bd1207d520641fb0cdacb8d84270fbb47

SHA512
25986ba96ebb5514fe52bdb9f72ab07a66892d371509892b217bd6af7e75bdbaba1ef94cb91a625d47c2a0f34e8a24f27c2aac7c379c8da204741e1abbef79ce

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsc620D.tmp\flstudio_win64_21.2.3.4004.exe

Filesize
782.8MB

MD5
0189ffbffe0be708c27c48d083aab2a4

SHA1
2e402dc0a850e64fdf0ad33df70f2e29c6bb1a7d

SHA256
345066e3e2dee2167b1bca6175235b604ea5cee07199b6ed9796e606b24ef889

SHA512
410045714ec85c3e78238b8ab50d08a506d412422e609323b139f56f499a08a94573066cc35f7419f3a8c0471c6376cb9d6f85e1015cdb718fa690bbcf36940a

Download Submit
C:\Users\Admin\AppData\Local\Temp\nssFB9D.tmp\ILSetup.dll

Filesize
1.0MB

MD5
cd50c47c010aa1e6abd8bd8ce98fb8c5

SHA1
547e445c42b39041204c012f95e146ba7bb3442b

SHA256
1ea1404b5e14ee8572575d941ef27437a534b46aa1d23e112cf40f4144cbb7ca

SHA512
f4c54f3403633167572e36867a0e99164de2cafe873505922b055b65b63809729a89ab3df092a634d18fe2fb8d3d1060a908349ef61b88ff0750815347a4fa53

Download Submit
C:\Users\Admin\AppData\Local\Temp\nssFB9D.tmp\InstallOptions.dll

Filesize
15KB

MD5
998189882c9f1be220c9faf0fd2bde15

SHA1
787d50c46c9a2a48565f684fabc7503aca8b0493

SHA256
f34385901206a3952fe2724edb3b0b123fd897119c774ab68c8745de6662d990

SHA512
e0c52ad851b476e7bcbadea8f993e5c6f9f70a9b46e2aebe8ee353a372b0bd5af95241240f880f49b9d91d240a4a2b7e7d2b7c8a18ca1654e607fa8d2772dfd6

Download Submit
C:\Users\Admin\AppData\Local\Temp\nssFB9D.tmp\System.dll

Filesize
11KB

MD5
24523fe14bb9ba400a3950016b187915

SHA1
6ec152b4e4ac04038d4608a8a206070185116036

SHA256
c4aaf80e3990185eeb5ea56bf841dbf5f3d02269d715f3bfdfe8b54aa797a7b9

SHA512
ae73351d27109187f7c4e312bc30a165202f29d74c65dd0feaee75dab72b97d27c6482b1e95771063afec7e9f2ca03a27a11cd25e39228072b69c33fffef7257

Download Submit
C:\Users\Admin\AppData\Local\Temp\nssFB9D.tmp\UAC.dll

Filesize
14KB

MD5
adb29e6b186daa765dc750128649b63d

SHA1
160cbdc4cb0ac2c142d361df138c537aa7e708c9

SHA256
2f7f8fc05dc4fd0d5cda501b47e4433357e887bbfed7292c028d99c73b52dc08

SHA512
b28adcccf0c33660fecd6f95f28f11f793dc9988582187617b4c113fb4e6fdad4cf7694cd8c0300a477e63536456894d119741a940dda09b7df3ff0087a7eada

Download Submit
C:\Users\Admin\AppData\Local\Temp\nssFB9D.tmp\UserMgr.dll

Filesize
23KB

MD5
9210597fba3dfab3c69b1eb490205419

SHA1
6e3ca39043756ed1cceaf2d4853e7cb6be1c64cb

SHA256
7696c255014a543f720e189ab3fe48f62fcf43435465062649c96138eedb222f

SHA512
4877daefdd34725791fba7c8cc2d85c4e91080ca7787a71ee9ffde71704ac40799b891f03d1f1805a31af6ddc35e335f74c9d620e87d517670a378c001cffb06

Download Submit
C:\Users\Admin\AppData\Local\Temp\nssFB9D.tmp\ioSpecial.ini

Filesize
1KB

MD5
d84cafa24c018fd8ca7b43c98e6108d1

SHA1
74a7526b3e062f65d183006f5df3fda39dc235ca

SHA256
73935d8a3dba5c3737d47469c5cbb36cf7a12bfa0ac4fb290775ca1b37390d82

SHA512
497963fe9b14ab17d2ae7314aca49135f38c79929ddc9db4832f583143b74a1778edfdd274253ff9682fbd29390232a21aafcacd72fd8eaa7013840b38b3b717

Download Submit
memory/2252-21-0x0000000004AB0000-0x0000000004BBB000-memory.dmp

Filesize
1.0MB

Download
memory/2252-69-0x0000000004BF0000-0x0000000004CFB000-memory.dmp

Filesize
1.0MB

Download