e45a0747468178e7d3518ece3569536ace50b50267839f0f381b4e00e02378e8

Analysis

max time kernel
28s
max time network
33s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
01/07/2024, 10:49

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Sugar.Bytes.Effectrix.2.v2.0.3-TeamCubeadooby.exe
Size

16.1MB
MD5

bc086f1a4caf0a29cb4fca70338ae480
SHA1

ed5dcbfda06df7fec77fa1c01df9a5a3c3e22a83
SHA256

e45a0747468178e7d3518ece3569536ace50b50267839f0f381b4e00e02378e8
SHA512

89e3a019e7791807e71af6c6f40bd5633e02f62ccb151fc87c3ce0a7ab3c02a0e08a7d32d0287433e86985c4d2b8512ff2fd484c4aa5be99532a62543c559d76
SSDEEP

393216:45vj/jsu+XRnjKMGLbPxmo3dcXZQvNOG44+HaGezRMh:4Nj/jshXRjm44YWvNm4+ZeFo

Score

7^/10

discovery

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
1020	Sugar.Bytes.Effectrix.2.v2.0.3-TeamCubeadooby.tmp

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Drops desktop.ini file(s) 2 IoCs

description	ioc	Process
File opened for modification	C:\Program Files\Common Files\Avid\Audio\Plug-Ins\Sugar Bytes\Effectrix2.aaxplugin\desktop.ini	Sugar.Bytes.Effectrix.2.v2.0.3-TeamCubeadooby.tmp
File opened for modification	C:\Program Files\Common Files\Avid\Audio\Plug-Ins\Sugar Bytes\desktop.ini	Sugar.Bytes.Effectrix.2.v2.0.3-TeamCubeadooby.tmp

Drops file in Program Files directory 45 IoCs

description	ioc	Process
File created	C:\Program Files\Sugar Bytes\Effectrix2\Demo Sounds\is-JV8DC.tmp	Sugar.Bytes.Effectrix.2.v2.0.3-TeamCubeadooby.tmp
File opened for modification	C:\Program Files\Common Files\Avid\Audio\Plug-Ins\Sugar Bytes\Effectrix2.aaxplugin\PlugIn.ico	Sugar.Bytes.Effectrix.2.v2.0.3-TeamCubeadooby.tmp
File opened for modification	C:\Program Files\Common Files\Avid\Audio\Plug-Ins\Sugar Bytes\Effectrix2.aaxplugin	Sugar.Bytes.Effectrix.2.v2.0.3-TeamCubeadooby.tmp
File created	C:\Program Files\Sugar Bytes\Effectrix2\is-LPSLD.tmp	Sugar.Bytes.Effectrix.2.v2.0.3-TeamCubeadooby.tmp
File created	C:\Program Files\Sugar Bytes\Effectrix2\Demo Sounds\is-O64AT.tmp	Sugar.Bytes.Effectrix.2.v2.0.3-TeamCubeadooby.tmp
File created	C:\Program Files\Sugar Bytes\Effectrix2\Demo Sounds\is-4UJ0L.tmp	Sugar.Bytes.Effectrix.2.v2.0.3-TeamCubeadooby.tmp
File created	C:\Program Files\Sugar Bytes\Effectrix2\Demo Sounds\is-FJU5Q.tmp	Sugar.Bytes.Effectrix.2.v2.0.3-TeamCubeadooby.tmp
File created	C:\Program Files\Sugar Bytes\Effectrix2\Demo Sounds\is-4V39S.tmp	Sugar.Bytes.Effectrix.2.v2.0.3-TeamCubeadooby.tmp
File created	C:\Program Files\Common Files\Avid\Audio\Plug-Ins\Sugar Bytes\is-1PFSI.tmp	Sugar.Bytes.Effectrix.2.v2.0.3-TeamCubeadooby.tmp
File created	C:\Program Files\Common Files\Avid\Audio\Plug-Ins\Sugar Bytes\is-G3LB7.tmp	Sugar.Bytes.Effectrix.2.v2.0.3-TeamCubeadooby.tmp
File opened for modification	C:\Program Files\Sugar Bytes\Effectrix2\Effectrix2.exe	Sugar.Bytes.Effectrix.2.v2.0.3-TeamCubeadooby.tmp
File opened for modification	C:\Program Files\Sugar Bytes\Effectrix2	Sugar.Bytes.Effectrix.2.v2.0.3-TeamCubeadooby.tmp
File created	C:\Program Files\Common Files\VST3\Sugar Bytes\is-VJSER.tmp	Sugar.Bytes.Effectrix.2.v2.0.3-TeamCubeadooby.tmp
File created	C:\Program Files\Sugar Bytes\Effectrix2\is-S57C8.tmp	Sugar.Bytes.Effectrix.2.v2.0.3-TeamCubeadooby.tmp
File opened for modification	C:\Program Files\Common Files\Avid\Audio\Plug-Ins\Sugar Bytes\PlugIn.ico	Sugar.Bytes.Effectrix.2.v2.0.3-TeamCubeadooby.tmp
File created	C:\Program Files\Sugar Bytes\is-1KJ54.tmp	Sugar.Bytes.Effectrix.2.v2.0.3-TeamCubeadooby.tmp
File opened for modification	C:\Program Files\Vstplugins\Sugar Bytes	Sugar.Bytes.Effectrix.2.v2.0.3-TeamCubeadooby.tmp
File created	C:\Program Files\Sugar Bytes\Effectrix2\unins000.dat	Sugar.Bytes.Effectrix.2.v2.0.3-TeamCubeadooby.tmp
File created	C:\Program Files\Common Files\VST3\Sugar Bytes\is-26SQ5.tmp	Sugar.Bytes.Effectrix.2.v2.0.3-TeamCubeadooby.tmp
File created	C:\Program Files\Sugar Bytes\Effectrix2\Manual\is-IG6BB.tmp	Sugar.Bytes.Effectrix.2.v2.0.3-TeamCubeadooby.tmp
File created	C:\Program Files\Sugar Bytes\Effectrix2\Demo Sounds\is-9PDOE.tmp	Sugar.Bytes.Effectrix.2.v2.0.3-TeamCubeadooby.tmp
File created	C:\Program Files\Common Files\Avid\Audio\Plug-Ins\Sugar Bytes\Effectrix2.aaxplugin\is-5O3F0.tmp	Sugar.Bytes.Effectrix.2.v2.0.3-TeamCubeadooby.tmp
File created	C:\Program Files\Sugar Bytes\Effectrix2\Demo Sounds\is-2L51U.tmp	Sugar.Bytes.Effectrix.2.v2.0.3-TeamCubeadooby.tmp
File created	C:\Program Files\Sugar Bytes\Effectrix2\Demo Sounds\is-0B5N1.tmp	Sugar.Bytes.Effectrix.2.v2.0.3-TeamCubeadooby.tmp
File opened for modification	C:\Program Files\Vstplugins\Sugar Bytes\Effectrix2.dll	Sugar.Bytes.Effectrix.2.v2.0.3-TeamCubeadooby.tmp
File opened for modification	C:\Program Files\Common Files\VST3\Sugar Bytes	Sugar.Bytes.Effectrix.2.v2.0.3-TeamCubeadooby.tmp
File created	C:\Program Files\Sugar Bytes\Effectrix2\is-KG9I0.tmp	Sugar.Bytes.Effectrix.2.v2.0.3-TeamCubeadooby.tmp
File created	C:\Program Files\Vstplugins\Sugar Bytes\is-52JH3.tmp	Sugar.Bytes.Effectrix.2.v2.0.3-TeamCubeadooby.tmp
File created	C:\Program Files\Sugar Bytes\Effectrix2\Manual\is-TUODM.tmp	Sugar.Bytes.Effectrix.2.v2.0.3-TeamCubeadooby.tmp
File created	C:\Program Files\Sugar Bytes\Effectrix2\Demo Sounds\is-RSPPK.tmp	Sugar.Bytes.Effectrix.2.v2.0.3-TeamCubeadooby.tmp
File created	C:\Program Files\Common Files\Avid\Audio\Plug-Ins\Sugar Bytes\Effectrix2.aaxplugin\is-AO3DS.tmp	Sugar.Bytes.Effectrix.2.v2.0.3-TeamCubeadooby.tmp
File created	C:\Program Files\Vstplugins\Sugar Bytes\is-VGLNG.tmp	Sugar.Bytes.Effectrix.2.v2.0.3-TeamCubeadooby.tmp
File created	C:\Program Files\Sugar Bytes\is-9NI78.tmp	Sugar.Bytes.Effectrix.2.v2.0.3-TeamCubeadooby.tmp
File created	C:\Program Files\Sugar Bytes\Effectrix2\is-71S6O.tmp	Sugar.Bytes.Effectrix.2.v2.0.3-TeamCubeadooby.tmp
File opened for modification	C:\Program Files\Sugar Bytes\Effectrix2\unins000.dat	Sugar.Bytes.Effectrix.2.v2.0.3-TeamCubeadooby.tmp
File opened for modification	C:\Program Files\Common Files\Avid\Audio\Plug-Ins\Sugar Bytes	Sugar.Bytes.Effectrix.2.v2.0.3-TeamCubeadooby.tmp
File opened for modification	C:\Program Files\Common Files\Avid\Audio\Plug-Ins\Sugar Bytes\Effectrix2.aaxplugin\desktop.ini	Sugar.Bytes.Effectrix.2.v2.0.3-TeamCubeadooby.tmp
File created	C:\Program Files\Common Files\VST3\Sugar Bytes\is-UQ347.tmp	Sugar.Bytes.Effectrix.2.v2.0.3-TeamCubeadooby.tmp
File created	C:\Program Files\Vstplugins\Sugar Bytes\is-DDRV7.tmp	Sugar.Bytes.Effectrix.2.v2.0.3-TeamCubeadooby.tmp
File opened for modification	C:\Program Files\Sugar Bytes\Effectrix2\Effectrix2.dll	Sugar.Bytes.Effectrix.2.v2.0.3-TeamCubeadooby.tmp
File opened for modification	C:\Program Files\Sugar Bytes	Sugar.Bytes.Effectrix.2.v2.0.3-TeamCubeadooby.tmp
File created	C:\Program Files\Common Files\Avid\Audio\Plug-Ins\Sugar Bytes\Effectrix2.aaxplugin\Contents\x64\is-40K2L.tmp	Sugar.Bytes.Effectrix.2.v2.0.3-TeamCubeadooby.tmp
File created	C:\Program Files\Sugar Bytes\Effectrix2\is-R3KSD.tmp	Sugar.Bytes.Effectrix.2.v2.0.3-TeamCubeadooby.tmp
File created	C:\Program Files\Sugar Bytes\Effectrix2\Demo Sounds\is-GLP51.tmp	Sugar.Bytes.Effectrix.2.v2.0.3-TeamCubeadooby.tmp
File opened for modification	C:\Program Files\Common Files\Avid\Audio\Plug-Ins\Sugar Bytes\desktop.ini	Sugar.Bytes.Effectrix.2.v2.0.3-TeamCubeadooby.tmp

Drops file in Windows directory 4 IoCs

description	ioc	Process
File created	C:\Windows\Fonts\is-G813R.tmp	Sugar.Bytes.Effectrix.2.v2.0.3-TeamCubeadooby.tmp
File created	C:\Windows\Fonts\is-LEOJL.tmp	Sugar.Bytes.Effectrix.2.v2.0.3-TeamCubeadooby.tmp
File created	C:\Windows\Fonts\is-SRECV.tmp	Sugar.Bytes.Effectrix.2.v2.0.3-TeamCubeadooby.tmp
File created	C:\Windows\Fonts\is-J44UR.tmp	Sugar.Bytes.Effectrix.2.v2.0.3-TeamCubeadooby.tmp

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
1020	Sugar.Bytes.Effectrix.2.v2.0.3-TeamCubeadooby.tmp
1020	Sugar.Bytes.Effectrix.2.v2.0.3-TeamCubeadooby.tmp

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
1020	Sugar.Bytes.Effectrix.2.v2.0.3-TeamCubeadooby.tmp

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1668 wrote to memory of 1020	1668	Sugar.Bytes.Effectrix.2.v2.0.3-TeamCubeadooby.exe	80
PID 1668 wrote to memory of 1020	1668	Sugar.Bytes.Effectrix.2.v2.0.3-TeamCubeadooby.exe	80
PID 1668 wrote to memory of 1020	1668	Sugar.Bytes.Effectrix.2.v2.0.3-TeamCubeadooby.exe	80

C:\Users\Admin\AppData\Local\Temp\Sugar.Bytes.Effectrix.2.v2.0.3-TeamCubeadooby.exe
"C:\Users\Admin\AppData\Local\Temp\Sugar.Bytes.Effectrix.2.v2.0.3-TeamCubeadooby.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1668
- C:\Users\Admin\AppData\Local\Temp\is-RVO4N.tmp\Sugar.Bytes.Effectrix.2.v2.0.3-TeamCubeadooby.tmp
  "C:\Users\Admin\AppData\Local\Temp\is-RVO4N.tmp\Sugar.Bytes.Effectrix.2.v2.0.3-TeamCubeadooby.tmp" /SL5="$E003E,15775861,822272,C:\Users\Admin\AppData\Local\Temp\Sugar.Bytes.Effectrix.2.v2.0.3-TeamCubeadooby.exe"
  2⤵
  - Executes dropped EXE
  - Drops desktop.ini file(s)
  - Drops file in Program Files directory
  - Drops file in Windows directory
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of FindShellTrayWindow
  PID:1020

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\Common Files\Avid\Audio\Plug-Ins\Sugar Bytes\is-G3LB7.tmp

Filesize
48B

MD5
0e903c9111f1570df8c8cddb04230cdf

SHA1
f1164945ea8a01edba0c4a17b26193286920921e

SHA256
a1eb16b390198bf48c7a891c6efb5358a56713834ded6a6ee485450d4c261276

SHA512
0d0914a57c440d5695941b35b2ba40e42a9579e029e525cb7acfdfbb5f2d9cca2259b3e22c7980e3ea3193706a43ae0d1b8a2a5bb85516517868bef20620f5c2

Download Submit
C:\Program Files\Common Files\VST3\Sugar Bytes\is-VJSER.tmp

Filesize
24KB

MD5
4fa6349c8f8a70ed26023bd5e6adcd7a

SHA1
0b0dcc840bb0ea7cb944800f5fee4f7afe4407d7

SHA256
140780f0701417325e9e5e5650453659b21639b146f3abe7fd5b5ddbe6718492

SHA512
48b10a5ee5f92ecff3fb3af178f12fadfd3cdbfe543842dd55667b75e90d6d4f8453360e1761c237193f0542c826b601427456b8c5a857acf12f68084e95ff81

Download Submit
C:\Program Files\Sugar Bytes\Effectrix2\Effectrix2.dll

Filesize
12.9MB

MD5
8c17c564a633ad176f7036f5a4f7482f

SHA1
211b1d050b79ee050dfcbf4220be12de1576e2ef

SHA256
a5d96eb5b803b9faab347a354468fbcb5a5a3396587ad2975db8a5e16e70274b

SHA512
df1b80797303d3a0c163d5be5ad70ccfc2108c7c70f0854443f3d0b341ef3d7260af5412a7fa29fdeb01fc3b2baec3c31eb8cdbd2d9713714e7bffb54ac88a92

Download Submit
C:\Program Files\Sugar Bytes\Effectrix2\Effectrix2.exe

Filesize
2.9MB

MD5
be86680cb14f3c1442b191e95262224a

SHA1
9a6db75a9216cc0529163593ecb67f607f9422e7

SHA256
6a71cf57dce55e0d063cc4b320863ebb4b2f63d9ce1c2df7f6105d54e0779a5d

SHA512
281cbdfca8f28afd130916c580b021d70a78e04e48e294390682aae4e3dd95c0d8e50823acd5297d5051b16a2f39f0ba6ab91d3f8f7638f167ce03367ea32da4

Download Submit
C:\Program Files\Sugar Bytes\Effectrix2\is-71S6O.tmp

Filesize
44KB

MD5
f90d7d75f4e7efb421d7951427747fbe

SHA1
0aa79c8caad7f4762371618f57786b080e5c32e7

SHA256
289e4cfc31197aa599cf2254d6af83277476ac05aa6178c1afa0872e6ba1b206

SHA512
06b42fa067348c6a9f75d36f11e0289c1c89ebd66ba2b9bf10d31e24f2329b94e064c0b1947cbfd9c70a91241c5b3f1f445bea180486db42a57d8dbcc097d6ac

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-RVO4N.tmp\Sugar.Bytes.Effectrix.2.v2.0.3-TeamCubeadooby.tmp

Filesize
3.0MB

MD5
e9903969e9086848582a0a10987165cc

SHA1
4ac588c40248b983336cce2fbc830b0bf5b81add

SHA256
478df61aa665c7b8120e7766b7fdbf60c08a575fae060f61b8fcee75daae8fe7

SHA512
d630dc499041e52ae080ab7915d4b78943e3f36c49d31d4da57972f118991cf16f619862ae56a824d3edb9fe2b76a315edcbbc34c8da14a5f9bddfaa2f9e60eb

Download Submit
memory/1020-6-0x0000000000400000-0x0000000000712000-memory.dmp

Filesize
3.1MB

Download
memory/1020-9-0x0000000000400000-0x0000000000712000-memory.dmp

Filesize
3.1MB

Download
memory/1020-1294-0x0000000000400000-0x0000000000712000-memory.dmp

Filesize
3.1MB

Download
memory/1020-1296-0x0000000000400000-0x0000000000712000-memory.dmp

Filesize
3.1MB

Download
memory/1668-8-0x0000000000400000-0x00000000004D6000-memory.dmp

Filesize
856KB

Download
memory/1668-2-0x0000000000401000-0x00000000004B7000-memory.dmp

Filesize
728KB

Download
memory/1668-0-0x0000000000400000-0x00000000004D6000-memory.dmp

Filesize
856KB

Download
memory/1668-1297-0x0000000000400000-0x00000000004D6000-memory.dmp

Filesize
856KB

Download