Overview

overview

8

Static

static

3

Antares Au...CE.exe

windows7-x64

8

Antares Au...CE.exe

windows10-2004-x64

8

Analysis

  • max time kernel
    63s
  • max time network
    18s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    05-04-2024 02:40

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Antares Auto-Tune Pro X v10.3.1 CE.exe

  • Size

    85.9MB

  • MD5

    bc098726a5e3276880e0f32d2e6cfda1

  • SHA1

    7e12e8091bfdc3a5a917725016bcb5eba401e36a

  • SHA256

    dc7de9526b50b299217087a4bf2a40bb529005a4d441743f6fa9c7b9fce0bf77

  • SHA512

    b9bb06f4250e2deb3978e6b069640cc1e0348fd68972d8da51a85eec4d05a7f972808bb4f0d55f8057c90cec8cd2636556fe6f20af85e83d6c4148af691a033a

  • SSDEEP

    1572864:BxhAXXk7jJMEb5/oolzSylAPSkavpme7ILvWeqfBQC:Brl7tMEhBhlETaobgBQC

Score
8/10
discoveryevasion

Malware Config

Signatures

  • Sets file to hidden 1 TTPs 2 IoCs

    Modifies file attributes to stop it showing in Explorer etc.

    evasion
  • Executes dropped EXE 4 IoCs
  • Loads dropped DLL 2 IoCs
  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  • Drops desktop.ini file(s) 7 IoCs
  • Drops file in Program Files directory 45 IoCs
  • Runs net.exe
  • Suspicious behavior: EnumeratesProcesses 2 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of WriteProcessMemory 40 IoCs
  • Views/modifies file attributes 1 TTPs 3 IoCs
    evasion

Processes

  • C:\Users\Admin\AppData\Local\Temp\Antares Auto-Tune Pro X v10.3.1 CE.exe
    "C:\Users\Admin\AppData\Local\Temp\Antares Auto-Tune Pro X v10.3.1 CE.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious use of WriteProcessMemory
    PID:2112
    • C:\Users\Admin\AppData\Local\Temp\is-TIMI6.tmp\Antares Auto-Tune Pro X v10.3.1 CE.tmp
      "C:\Users\Admin\AppData\Local\Temp\is-TIMI6.tmp\Antares Auto-Tune Pro X v10.3.1 CE.tmp" /SL5="$90120,89194940,864768,C:\Users\Admin\AppData\Local\Temp\Antares Auto-Tune Pro X v10.3.1 CE.exe"
      2⤵
      • Executes dropped EXE
      • Loads dropped DLL
      • Drops desktop.ini file(s)
      • Drops file in Program Files directory
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of WriteProcessMemory
      PID:2872
      • C:\Windows\system32\net.exe
        "C:\Windows\system32\net.exe" stop "Antares Central Services"
        3⤵
        • Suspicious use of WriteProcessMemory
        PID:1684
        • C:\Windows\system32\net1.exe
          C:\Windows\system32\net1 stop "Antares Central Services"
          4⤵
            PID:1508
        • C:\Windows\system32\net.exe
          "C:\Windows\system32\net.exe" stop CmWebAdmin.exe
          3⤵
          • Suspicious use of WriteProcessMemory
          PID:1884
          • C:\Windows\system32\net1.exe
            C:\Windows\system32\net1 stop CmWebAdmin.exe
            4⤵
              PID:1880
          • C:\Windows\system32\net.exe
            "C:\Windows\system32\net.exe" stop CodeMeter.exe
            3⤵
            • Suspicious use of WriteProcessMemory
            PID:1640
            • C:\Windows\system32\net1.exe
              C:\Windows\system32\net1 stop CodeMeter.exe
              4⤵
                PID:1084
            • C:\Windows\system32\attrib.exe
              "C:\Windows\system32\attrib.exe" +r /s /d "C:\Program Files\Common Files\Avid\Audio\Plug-Ins\Antares\*"
              3⤵
              • Drops desktop.ini file(s)
              • Drops file in Program Files directory
              • Views/modifies file attributes
              PID:2044
            • C:\Windows\system32\attrib.exe
              "C:\Windows\system32\attrib.exe" +s +h /s /d "C:\Program Files\Common Files\Avid\Audio\Plug-Ins\Antares\*.ini"
              3⤵
              • Sets file to hidden
              • Drops desktop.ini file(s)
              • Drops file in Program Files directory
              • Views/modifies file attributes
              PID:2072
            • C:\Windows\system32\attrib.exe
              "C:\Windows\system32\attrib.exe" +s +h /s /d "C:\Program Files\Common Files\Avid\Audio\Plug-Ins\Antares\*.ico"
              3⤵
              • Sets file to hidden
              • Drops file in Program Files directory
              • Views/modifies file attributes
              PID:2308
        • C:\Windows\explorer.exe
          "C:\Windows\explorer.exe"
          1⤵
            PID:1424
          • C:\Program Files\Antares Audio Technologies\Antares Central.exe
            "C:\Program Files\Antares Audio Technologies\Antares Central.exe"
            1⤵
            • Executes dropped EXE
            PID:1216
          • C:\Program Files\Antares Audio Technologies\Antares Central.exe
            "C:\Program Files\Antares Audio Technologies\Antares Central.exe"
            1⤵
            • Executes dropped EXE
            PID:2928
          • C:\Program Files\Antares Audio Technologies\Antares Central.exe
            "C:\Program Files\Antares Audio Technologies\Antares Central.exe"
            1⤵
            • Executes dropped EXE
            PID:1936

          Network

          MITRE ATT&CK Enterprise v15

          Replay Monitor

          Loading Replay Monitor...

          Downloads

          • C:\Program Files\Antares Audio Technologies\Antares Central.exe
            Filesize

            72KB

            MD5

            a7ca0d123c7252899d4a6372ec198e3e

            SHA1

            15f645713de2ec4adc24c6965ff972a455a17347

            SHA256

            22474c4ea7c88736a4a400175a266ce176a899571f14db9497b9895b81b7568d

            SHA512

            371508340775ed1b530cba573ffaae2aeea92d82e8f7bd761cd8747a549eb169c5952cbd0c6a1a23d5340bfd365459046134679c76bae0a751d184837ed47f80

            Download Submit

          • C:\Program Files\Common Files\Avid\Audio\Plug-Ins\Antares\Auto-Key.aaxplugin\Contents\Resources\Auto-Key.xml
            Filesize

            9KB

            MD5

            44554c48016e097a80f592dc7656e292

            SHA1

            5bd0c43722cf276e9c51d8b372bda33297ca6bbe

            SHA256

            62a96686da67da29fd6d54f65f44806c6f88185a45bbbe342cc385d90e00fdb9

            SHA512

            ffaf43c826170f5bc8e246a6a039738553ebd8a90ab8b6885729ea297189fdcde6c4e52a5a1d134f3306c052fdd0b567ca7c59267b3e812a213ed70def234c0b

            Download Submit

          • C:\Program Files\Common Files\Avid\Audio\Plug-Ins\Antares\Auto-Key.aaxplugin\Contents\x64\Auto-Key.aaxplugin
            Filesize

            13.8MB

            MD5

            e84c950b03d5c72e3fe198d789854701

            SHA1

            7cc2d95a593c2c4be22c2ccef8d361d72576aa78

            SHA256

            0f09bb391e3038f59f76a9c8927335182690aff373594578db0b455911a36314

            SHA512

            ea5c097abb159724c8d66f7b1e066a444ba57cbce9e433a9e28347c7081786bcb3165401069ea3aabbfc3b51e2cf30c90ee12f64fa01c939cd63453b2c4e3974

            Download Submit

          • C:\Program Files\Common Files\Avid\Audio\Plug-Ins\Antares\Auto-Tune Pro.aaxplugin\Contents\Resources\AutoTunePro.xml
            Filesize

            32KB

            MD5

            f6d7e92c546f969afbe4158ce2feb785

            SHA1

            277cf1d0f1f0bf9a4549f766b502369955ca5aec

            SHA256

            60f1b3dbcae91d77d52bf3cec20add1a76d80151558e21a94a3bc4c9fd9a696c

            SHA512

            f887feb06dbeafabbe1faf65e627b9315070e74f0b815386ff8b5c0627c50750bc35fa3b4084fb1fb6b8a65f5b9aa45aa641984002a8a5a3f6e3b572aa15b3a6

            Download Submit

          • C:\Program Files\Common Files\Avid\Audio\Plug-Ins\Antares\Auto-Tune Pro.aaxplugin\Contents\x64\Auto-Tune Pro.aaxplugin
            Filesize

            42.7MB

            MD5

            00f1e4a9fcd5e1574da621dde42336e9

            SHA1

            bc881b4183e418191e8e42f0e55c6bd1de274c61

            SHA256

            4a23755ae9b36c7642a68a31f8507f33eb1d7975669bc74f97070c115cb8ef14

            SHA512

            5cff154cc098606fb934cca2aa164f42fb4c5180086573176b94fcb6216bb31311c607e8a300d681cba5cf9d1c895d900913e372184f13e7e8a45494e26c22a6

            Download Submit

          • C:\Program Files\Common Files\Avid\Audio\Plug-Ins\Antares\Auto-Tune Pro.aaxplugin\desktop.ini
            Filesize

            126B

            MD5

            798095cd31340606c8e81d0a5107d57e

            SHA1

            39d058c4d45ef84b188f7ece620106124eb3d74e

            SHA256

            5526ef6345adee7c693e58354dd72b095df152be62ff7298b4c6f6d0f91e2f83

            SHA512

            9ca995c89d3f23cd2a977fb2826da1f75dc4caa4fe965f9aac3a6d486f6558429a44eaeea35217f85d94ba6d7c2c54ab520c9a1786133b2edd103e36159e53a1

            Download Submit

          • C:\Program Files\Common Files\VST3\Antares\is-7VVEC.tmp
            Filesize

            45KB

            MD5

            6e03b680fbee54e69e52a15245989862

            SHA1

            0136100d693fa2cf4eba38ac0314951b7be22c9b

            SHA256

            00999004190475604537034d99d9a2cc84355579e4b199045dc6c8c3479e3600

            SHA512

            1a2e8770e676bfe9c84f81185584fdf347271897637f18ccbcb1f1dfb7f4afac4cf65ab0d19d7f34044b5f5b304d7b54c9c85c8049fee0a4a3e4cabe3ae7c578

            Download Submit

          • C:\Program Files\Common Files\VST3\Antares\is-JMPF6.tmp
            Filesize

            46B

            MD5

            92872f8ac2aed2db0b07e0bd2a2cc207

            SHA1

            6f7560add23274d6e0482754c186b59518269112

            SHA256

            524c4940611c5338397e0bbdd9f23c030da1e5387f772a38b1599b467be78732

            SHA512

            17b4a82fe65178e7701c61239d951155929a1b950c1ad35cd214286fa05032b10f1300bb01ef25910d4685e67dcd511da5f13de531e2210fc413ad77528969df

            Download Submit

          • \Users\Admin\AppData\Local\Temp\is-IPL9H.tmp\_isetup\_iscrypt.dll
            Filesize

            2KB

            MD5

            a69559718ab506675e907fe49deb71e9

            SHA1

            bc8f404ffdb1960b50c12ff9413c893b56f2e36f

            SHA256

            2f6294f9aa09f59a574b5dcd33be54e16b39377984f3d5658cda44950fa0f8fc

            SHA512

            e52e0aa7fe3f79e36330c455d944653d449ba05b2f9abee0914a0910c3452cfa679a40441f9ac696b3ccf9445cbb85095747e86153402fc362bb30ac08249a63

            Download Submit

          • \Users\Admin\AppData\Local\Temp\is-TIMI6.tmp\Antares Auto-Tune Pro X v10.3.1 CE.tmp
            Filesize

            3.1MB

            MD5

            31cd6eb9935a435a0e2810ccc5892767

            SHA1

            8081b5b305cce54ee398bb2201d16e0ba7a153c4

            SHA256

            9ce72a80569d00b753bc86f066d0448428d5f9be11b9aa8355d652127f212749

            SHA512

            bdac5c47cd1e6b96348f9b08a978b6ba5965db9f8a45f321cef0c06909d54a663212e415cb2ed464355694c613cda4a81192dd6c542723996cb8f91c26813ae7

            Download Submit

          • memory/2112-160-0x0000000000400000-0x00000000004E4000-memory.dmp

            Filesize

            912KB

            Download

          • memory/2112-0-0x0000000000400000-0x00000000004E4000-memory.dmp

            Filesize

            912KB

            Download

          • memory/2112-175-0x0000000000400000-0x00000000004E4000-memory.dmp

            Filesize

            912KB

            Download

          • memory/2872-161-0x0000000000400000-0x000000000072C000-memory.dmp

            Filesize

            3.2MB

            Download

          • memory/2872-7-0x0000000000240000-0x0000000000241000-memory.dmp

            Filesize

            4KB

            Download

          • memory/2872-174-0x0000000000400000-0x000000000072C000-memory.dmp

            Filesize

            3.2MB

            Download