dc7de9526b50b299217087a4bf2a40bb529005a4d441743f6fa9c7b9fce0bf77 | Triage

Submit
Reports

Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

8

Static

static

3

Antares Au...CE.exe

windows7-x64

8

Antares Au...CE.exe

windows10-2004-x64

8

Sharing

General

Target

Antares Auto-Tune Pro X v10.3.1 CE.exe
Size

85.9MB
Sample

240405-c5y81aag66
MD5

bc098726a5e3276880e0f32d2e6cfda1
SHA1

7e12e8091bfdc3a5a917725016bcb5eba401e36a
SHA256

dc7de9526b50b299217087a4bf2a40bb529005a4d441743f6fa9c7b9fce0bf77
SHA512

b9bb06f4250e2deb3978e6b069640cc1e0348fd68972d8da51a85eec4d05a7f972808bb4f0d55f8057c90cec8cd2636556fe6f20af85e83d6c4148af691a033a
SSDEEP

1572864:BxhAXXk7jJMEb5/oolzSylAPSkavpme7ILvWeqfBQC:Brl7tMEhBhlETaobgBQC

Score

8^/10

discovery evasion persistence

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

Antares Auto-Tune Pro X v10.3.1 CE.exe

Resource

win7-20240221-en

discovery evasion

windows7-x64

11 signatures

150 seconds

Behavioral task

behavioral2

Sample

Antares Auto-Tune Pro X v10.3.1 CE.exe

Resource

win10v2004-20240226-en

discovery evasion persistence

windows10-2004-x64

26 signatures

150 seconds

Malware Config

Targets

- Target
  
  Antares Auto-Tune Pro X v10.3.1 CE.exe
- Size
  
  85.9MB
- MD5
  
  bc098726a5e3276880e0f32d2e6cfda1
- SHA1
  
  7e12e8091bfdc3a5a917725016bcb5eba401e36a
- SHA256
  
  dc7de9526b50b299217087a4bf2a40bb529005a4d441743f6fa9c7b9fce0bf77
- SHA512
  
  b9bb06f4250e2deb3978e6b069640cc1e0348fd68972d8da51a85eec4d05a7f972808bb4f0d55f8057c90cec8cd2636556fe6f20af85e83d6c4148af691a033a
- SSDEEP
  
  1572864:BxhAXXk7jJMEb5/oolzSylAPSkavpme7ILvWeqfBQC:Brl7tMEhBhlETaobgBQC
Score

8^/10

discovery evasion persistence
- Sets file to hidden
  Modifies file attributes to stop it showing in Explorer etc.
  evasion
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Modifies system executable filetype association
  persistence
- Registers COM server for autorun
  persistence
- Adds Run key to start application
  persistence
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Drops desktop.ini file(s)
- Checks system information in the registry
  System information is often read in order to detect sandboxing environments.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Event Triggered Execution

Change Default File Association

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Event Triggered Execution

Change Default File Association

Defense Evasion

Hide Artifacts

Hidden Files and Directories

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoveryevasion

behavioral2

discoveryevasionpersistence

© 2018-2025

Terms | Privacy