Overview

overview

7

Static

static

3

Antares Au...CE.exe

windows7-x64

7

Antares Au...CE.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    68s
  • max time network
    82s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    27-04-2024 15:41

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Antares Auto-Tune bundle V9 CE.exe

  • Size

    110.0MB

  • MD5

    cda53632778d1ced63a7c0809b71cb86

  • SHA1

    f7d30963a0d45f35cc015f5c5e5ed58276b0e628

  • SHA256

    fb83741f29e99b8af74f9e182c3f1eaebeb2f401a5c6886f1c045d406e282c23

  • SHA512

    8b6cd507fc76d75aa2d96d5546ef1d12f0c25c015bd195cee914d5501ec277b41801f1adb171ba67b164a3e7e68fd3d232ea9f7903cf11443f9a83db0be18b2e

  • SSDEEP

    3145728:8aDfXHRtVR2oE76WDIJZZPlPZrbsAjHMZN1cy:86vHRtVRu7JsnN5ZfsAjsn1H

Score
7/10
discovery

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 2 IoCs
  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  • Drops desktop.ini file(s) 3 IoCs
  • Enumerates connected drives 3 TTPs 23 IoCs

    Attempts to read the root path of hard drives other than the default C: drive.

  • Drops file in Program Files directory 53 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious behavior: EnumeratesProcesses 2 IoCs
  • Suspicious use of FindShellTrayWindow 64 IoCs
  • Suspicious use of WriteProcessMemory 7 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\Antares Auto-Tune bundle V9 CE.exe
    "C:\Users\Admin\AppData\Local\Temp\Antares Auto-Tune bundle V9 CE.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious use of WriteProcessMemory
    PID:1400
    • C:\Users\Admin\AppData\Local\Temp\is-LBF53.tmp\Antares Auto-Tune bundle V9 CE.tmp
      "C:\Users\Admin\AppData\Local\Temp\is-LBF53.tmp\Antares Auto-Tune bundle V9 CE.tmp" /SL5="$70122,114584709,763392,C:\Users\Admin\AppData\Local\Temp\Antares Auto-Tune bundle V9 CE.exe"
      2⤵
      • Executes dropped EXE
      • Loads dropped DLL
      • Drops desktop.ini file(s)
      • Drops file in Program Files directory
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of FindShellTrayWindow
      PID:2412
  • C:\Windows\system32\mstsc.exe
    "C:\Windows\system32\mstsc.exe"
    1⤵
    • Enumerates connected drives
    PID:900
  • C:\Windows\explorer.exe
    "C:\Windows\explorer.exe"
    1⤵
      PID:1572

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Program Files\Steinberg\VSTPlugins\Antares\is-JODQJ.tmp
      Filesize

      45KB

      MD5

      6e03b680fbee54e69e52a15245989862

      SHA1

      0136100d693fa2cf4eba38ac0314951b7be22c9b

      SHA256

      00999004190475604537034d99d9a2cc84355579e4b199045dc6c8c3479e3600

      SHA512

      1a2e8770e676bfe9c84f81185584fdf347271897637f18ccbcb1f1dfb7f4afac4cf65ab0d19d7f34044b5f5b304d7b54c9c85c8049fee0a4a3e4cabe3ae7c578

      Download Submit

    • C:\Program Files\Steinberg\VSTPlugins\Antares\is-R2SUB.tmp
      Filesize

      126B

      MD5

      798095cd31340606c8e81d0a5107d57e

      SHA1

      39d058c4d45ef84b188f7ece620106124eb3d74e

      SHA256

      5526ef6345adee7c693e58354dd72b095df152be62ff7298b4c6f6d0f91e2f83

      SHA512

      9ca995c89d3f23cd2a977fb2826da1f75dc4caa4fe965f9aac3a6d486f6558429a44eaeea35217f85d94ba6d7c2c54ab520c9a1786133b2edd103e36159e53a1

      Download Submit

    • \ProgramData\Antares\unins000.exe
      Filesize

      2.5MB

      MD5

      f9f5ebf1286b47f1a57486bea7506ede

      SHA1

      776b3b46334e0ea2db686a24524526e131f74869

      SHA256

      0ec27dff2bd94ac109857f4995e51b1ca6054debf988ae60536f950abaab2884

      SHA512

      7ca8d4d9b60f4523e4ff24eab49c4e87c9e0e3462cb822c25c473af8a83076fba95d33615546bd7d6344b873b8197bec25ddb4d273f1cda451844ab9f176bc1f

      Download Submit

    • \Users\Admin\AppData\Local\Temp\is-LBF53.tmp\Antares Auto-Tune bundle V9 CE.tmp
      Filesize

      2.5MB

      MD5

      ebbb655a85d61e4adad34d9ade0ea184

      SHA1

      41d3a5ab6de2cd4c45bd9545906c53ba9eaf345d

      SHA256

      4cfcbcffe82bc6943890fa818ded2708f46c4f85ec368de00836ac708acdb080

      SHA512

      a84a4104356c23fa5a618368fa4ba2793435832f3eefb6b243d1513d7ac586002449f127abc6bbb3cf199a930bdd718c6d1ec273738e1d9796d423ddb312eb50

      Download Submit

    • memory/1400-10-0x0000000000400000-0x00000000004C8000-memory.dmp

      Filesize

      800KB

      Download

    • memory/1400-2-0x0000000000400000-0x00000000004C8000-memory.dmp

      Filesize

      800KB

      Download

    • memory/1400-332-0x0000000000400000-0x00000000004C8000-memory.dmp

      Filesize

      800KB

      Download

    • memory/2412-11-0x0000000000400000-0x0000000000683000-memory.dmp

      Filesize

      2.5MB

      Download

    • memory/2412-40-0x0000000000400000-0x0000000000683000-memory.dmp

      Filesize

      2.5MB

      Download

    • memory/2412-43-0x00000000002C0000-0x00000000002C1000-memory.dmp

      Filesize

      4KB

      Download

    • memory/2412-75-0x0000000000400000-0x0000000000683000-memory.dmp

      Filesize

      2.5MB

      Download

    • memory/2412-87-0x0000000000400000-0x0000000000683000-memory.dmp

      Filesize

      2.5MB

      Download

    • memory/2412-8-0x00000000002C0000-0x00000000002C1000-memory.dmp

      Filesize

      4KB

      Download

    • memory/2412-330-0x0000000000400000-0x0000000000683000-memory.dmp

      Filesize

      2.5MB

      Download