3bbc0e091a3f6ec8fb5027fe0a84280b0a6c3a03a2941fccb57f769f3db9b1fb

Analysis

max time kernel
263s
max time network
203s
platform
windows10-2004_x64
resource
win10v2004-20240611-en
resource tags

arch:x64arch:x86image:win10v2004-20240611-enlocale:en-usos:windows10-2004-x64system
submitted
28/06/2024, 18:12

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

TheGlue_v1.6.6_Win/Install The Glue v1.6.6.exe
Size

13.0MB
MD5

e414b12412f7c91226c92741557bf470
SHA1

eb3d5fae75573e10b1c93da95d9201f8810e001f
SHA256

2685ee6af140780982355cf5442e97d7d161f2c14e09af7bbc404aad80a009db
SHA512

1b63494c3ce6329224106f495cc58f66127fe828aa9840a0ebae95f54003b7be525d6e37a903f6284dff89e0d53555342d2f533166bd717836004c300728ffff
SSDEEP

196608:lh/S+WcnyK+nu/aN60dkWo6nstTuTeZKKo452k7F6JS84d2nrVL0UCRf3H:T/SNqyJAE8XY1HJRnr2H

Score

7^/10

discovery

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
2532	Install The Glue v1.6.6.tmp

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Drops file in Program Files directory 10 IoCs

description	ioc	Process
File created	C:\Program Files\Common Files\VST2\is-EK20L.tmp	Install The Glue v1.6.6.tmp
File created	C:\Program Files\Common Files\VST3\is-37E6H.tmp	Install The Glue v1.6.6.tmp
File created	C:\Program Files\Cytomic\unins000.dat	Install The Glue v1.6.6.tmp
File created	C:\Program Files\Cytomic\is-3PJJH.tmp	Install The Glue v1.6.6.tmp
File created	C:\Program Files\Cytomic\unins000.msg	Install The Glue v1.6.6.tmp
File opened for modification	C:\Program Files\Cytomic\unins000.dat	Install The Glue v1.6.6.tmp
File created	C:\Program Files\Cytomic\InstallationLogFile.log	Install The Glue v1.6.6.tmp
File opened for modification	C:\Program Files\Cytomic\InstallationLogFile.log	Install The Glue v1.6.6.tmp
File opened for modification	C:\Program Files\Common Files\VST2\The Glue.dll	Install The Glue v1.6.6.tmp
File created	C:\Program Files\Common Files\Avid\Audio\Plug-Ins\The Glue.aaxplugin\Contents\x64\is-F07P2.tmp	Install The Glue v1.6.6.tmp

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
2532	Install The Glue v1.6.6.tmp
2532	Install The Glue v1.6.6.tmp

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2532	Install The Glue v1.6.6.tmp

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1096 wrote to memory of 2532	1096	Install The Glue v1.6.6.exe	83
PID 1096 wrote to memory of 2532	1096	Install The Glue v1.6.6.exe	83
PID 1096 wrote to memory of 2532	1096	Install The Glue v1.6.6.exe	83

C:\Users\Admin\AppData\Local\Temp\TheGlue_v1.6.6_Win\Install The Glue v1.6.6.exe
"C:\Users\Admin\AppData\Local\Temp\TheGlue_v1.6.6_Win\Install The Glue v1.6.6.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1096
- C:\Users\Admin\AppData\Local\Temp\is-TJPK9.tmp\Install The Glue v1.6.6.tmp
  "C:\Users\Admin\AppData\Local\Temp\is-TJPK9.tmp\Install The Glue v1.6.6.tmp" /SL5="$80066,12743781,832512,C:\Users\Admin\AppData\Local\Temp\TheGlue_v1.6.6_Win\Install The Glue v1.6.6.exe"
  2⤵
  - Executes dropped EXE
  - Drops file in Program Files directory
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of FindShellTrayWindow
  PID:2532

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Setup Log 2024-06-28 #001.txt

Filesize
4KB

MD5
cc1f471d18d42bbd740b8ad69d6df895

SHA1
e3c5e18ea567d553513663923ab9c49da897eba4

SHA256
f78bacaba3d9f0e7114081231f3df2b850e487a30698982310be1c355e5770c6

SHA512
664be381bf19a632a748f25b70a518948ddc45f20e2adcca0a417ef98b3fe135d42765106f8f2cfaa986efd4548a83b05af07a7ee011c0dfd0c2cf968eb0cc83

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-TJPK9.tmp\Install The Glue v1.6.6.tmp

Filesize
3.1MB

MD5
fd8e5abfe2f73975be67bb3f731ca224

SHA1
a6c6db123301b5cdd83e1653b54c5d4306203386

SHA256
53ef3f7be4612f14554aecd3f613e1c08b1676f14edf74998ed34818eef88fd5

SHA512
0458bb0a87b48263911e7e667e09151bcc319d581013f51b4edd089406572756540e43d8c51bd6bd4986839884b83b9f20facfe3856ad1fdc9ff55c70b2cdaeb

Download Submit
memory/1096-0-0x0000000000400000-0x00000000004D8000-memory.dmp

Filesize
864KB

Download
memory/1096-2-0x0000000000401000-0x00000000004B7000-memory.dmp

Filesize
728KB

Download
memory/1096-8-0x0000000000400000-0x00000000004D8000-memory.dmp

Filesize
864KB

Download
memory/1096-33-0x0000000000400000-0x00000000004D8000-memory.dmp

Filesize
864KB

Download
memory/2532-6-0x0000000000400000-0x000000000071C000-memory.dmp

Filesize
3.1MB

Download
memory/2532-9-0x0000000000400000-0x000000000071C000-memory.dmp

Filesize
3.1MB

Download
memory/2532-25-0x0000000000400000-0x000000000071C000-memory.dmp

Filesize
3.1MB

Download
memory/2532-32-0x0000000000400000-0x000000000071C000-memory.dmp

Filesize
3.1MB

Download