Overview
overview
7Static
static
3EqualizerA....2.exe
windows11-21h2-x64
7$PLUGINSDI...ol.dll
windows11-21h2-x64
3$PLUGINSDI...re.dll
windows11-21h2-x64
3$PLUGINSDI...nu.dll
windows11-21h2-x64
3$PLUGINSDI...em.dll
windows11-21h2-x64
3$PLUGINSDI...ay.dll
windows11-21h2-x64
3$PLUGINSDI...gs.dll
windows11-21h2-x64
3Benchmark.exe
windows11-21h2-x64
1Configurat...e).url
windows11-21h2-x64
1Configurat...e).url
windows11-21h2-x64
1Configurator.exe
windows11-21h2-x64
Editor.exe
windows11-21h2-x64
1EqualizerAPO.dll
windows11-21h2-x64
7Qt5Core.dll
windows11-21h2-x64
1Qt5Gui.dll
windows11-21h2-x64
1Qt5Widgets.dll
windows11-21h2-x64
1Uninstall.exe
windows11-21h2-x64
7$PLUGINSDI...em.dll
windows11-21h2-x64
3$PLUGINSDI...gs.dll
windows11-21h2-x64
3VoicemeeterClient.exe
windows11-21h2-x64
1libfftw3f-3.dll
windows11-21h2-x64
1libsndfile-1.dll
windows11-21h2-x64
1msvcp140.dll
windows11-21h2-x64
1msvcp140_1.dll
windows11-21h2-x64
1qt/imagefo...if.dll
windows11-21h2-x64
1qt/imagefo...co.dll
windows11-21h2-x64
1qt/imagefo...eg.dll
windows11-21h2-x64
1qt/platfor...ws.dll
windows11-21h2-x64
1qt/styles/...le.dll
windows11-21h2-x64
1vcruntime140.dll
windows11-21h2-x64
1vcruntime140_1.dll
windows11-21h2-x64
1Analysis
-
max time kernel
446s -
max time network
1175s -
platform
windows11-21h2_x64 -
resource
win11-20240508-en -
resource tags
arch:x64arch:x86image:win11-20240508-enlocale:en-usos:windows11-21h2-x64system -
submitted
04-07-2024 14:17
Static task
static1
Behavioral task
behavioral1
Sample
EqualizerAPO64-1.3.2.exe
Resource
win11-20240611-en
windows11-21h2-x64
Behavioral task
behavioral2
Sample
$PLUGINSDIR/AccessControl.dll
Resource
win11-20240508-en
windows11-21h2-x64
Behavioral task
behavioral3
Sample
$PLUGINSDIR/NSISpcre.dll
Resource
win11-20240508-en
windows11-21h2-x64
Behavioral task
behavioral4
Sample
$PLUGINSDIR/StartMenu.dll
Resource
win11-20240508-en
windows11-21h2-x64
Behavioral task
behavioral5
Sample
$PLUGINSDIR/System.dll
Resource
win11-20240611-en
windows11-21h2-x64
Behavioral task
behavioral6
Sample
$PLUGINSDIR/nsArray.dll
Resource
win11-20240611-en
windows11-21h2-x64
Behavioral task
behavioral7
Sample
$PLUGINSDIR/nsDialogs.dll
Resource
win11-20240508-en
windows11-21h2-x64
Behavioral task
behavioral8
Sample
Benchmark.exe
Resource
win11-20240611-en
windows11-21h2-x64
Behavioral task
behavioral9
Sample
Configuration reference (online).url
Resource
win11-20240508-en
windows11-21h2-x64
Behavioral task
behavioral10
Sample
Configuration tutorial (online).url
Resource
win11-20240611-en
windows11-21h2-x64
Behavioral task
behavioral11
Sample
Configurator.exe
Resource
win11-20240508-en
windows11-21h2-x64
Behavioral task
behavioral12
Sample
Editor.exe
Resource
win11-20240611-en
windows11-21h2-x64
Behavioral task
behavioral13
Sample
EqualizerAPO.dll
Resource
win11-20240508-en
windows11-21h2-x64
Behavioral task
behavioral14
Sample
Qt5Core.dll
Resource
win11-20240508-en
windows11-21h2-x64
Behavioral task
behavioral15
Sample
Qt5Gui.dll
Resource
win11-20240508-en
windows11-21h2-x64
Behavioral task
behavioral16
Sample
Qt5Widgets.dll
Resource
win11-20240508-en
windows11-21h2-x64
Behavioral task
behavioral17
Sample
Uninstall.exe
Resource
win11-20240508-en
windows11-21h2-x64
Behavioral task
behavioral18
Sample
$PLUGINSDIR/System.dll
Resource
win11-20240508-en
windows11-21h2-x64
Behavioral task
behavioral19
Sample
$PLUGINSDIR/nsDialogs.dll
Resource
win11-20240508-en
windows11-21h2-x64
Behavioral task
behavioral20
Sample
VoicemeeterClient.exe
Resource
win11-20240508-en
windows11-21h2-x64
Behavioral task
behavioral21
Sample
libfftw3f-3.dll
Resource
win11-20240611-en
windows11-21h2-x64
Behavioral task
behavioral22
Sample
libsndfile-1.dll
Resource
win11-20240611-en
windows11-21h2-x64
Behavioral task
behavioral23
Sample
msvcp140.dll
Resource
win11-20240611-en
windows11-21h2-x64
Behavioral task
behavioral24
Sample
msvcp140_1.dll
Resource
win11-20240611-en
windows11-21h2-x64
Behavioral task
behavioral25
Sample
qt/imageformats/qgif.dll
Resource
win11-20240508-en
windows11-21h2-x64
Behavioral task
behavioral26
Sample
qt/imageformats/qico.dll
Resource
win11-20240508-en
windows11-21h2-x64
Behavioral task
behavioral27
Sample
qt/imageformats/qjpeg.dll
Resource
win11-20240508-en
windows11-21h2-x64
Behavioral task
behavioral28
Sample
qt/platforms/qwindows.dll
Resource
win11-20240611-en
windows11-21h2-x64
Behavioral task
behavioral29
Sample
qt/styles/qwindowsvistastyle.dll
Resource
win11-20240611-en
windows11-21h2-x64
Behavioral task
behavioral30
Sample
vcruntime140.dll
Resource
win11-20240611-en
windows11-21h2-x64
Behavioral task
behavioral31
Sample
vcruntime140_1.dll
Resource
win11-20240611-en
windows11-21h2-x64
General
-
Target
EqualizerAPO.dll
-
Size
599KB
-
MD5
83a561caaff42103c1a5b3010f6c42c1
-
SHA1
cf611472169125ac8cc1a5811a5d5186633b2a36
-
SHA256
d403076a0e3ea500e83228bb8390aea052ee5bb5eeec40ace96b7537bc5e8744
-
SHA512
142f30206ec36a4897641bd3dd5e7253cdaa6d107f53ebcc787617e3d949c9e70ba91a9035743a619ea7ed09c12694626d946f72ec1d270e83dab50cd49379a5
-
SSDEEP
12288:ntffJWs//v9oNPupTvTzkeRo8FATDDpTiaNhTk:ntffJx//A2r/VFATZTiaN6
Malware Config
Signatures
-
Event Triggered Execution: Component Object Model Hijacking 1 TTPs
Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.
-
Modifies registry class 37 IoCs
description ioc Process Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\AudioEngine\AudioProcessingObjects\{EACD2258-FCAC-4FF4-B36D-419E924A6D79}\APOInterface0 = "{FD7F2B29-24D0-4B5C-B177-592C39F9CA10}" regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{EC1CC9CE-FAED-4822-828A-82A81A6F018F}\InprocServer32 regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{EACD2258-FCAC-4FF4-B36D-419E924A6D79}\InprocServer32 regsvr32.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Classes\AudioEngine\AudioProcessingObjects\{EC1CC9CE-FAED-4822-828A-82A81A6F018F}\MinOutputConnections = "1" regsvr32.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Classes\AudioEngine\AudioProcessingObjects\{EACD2258-FCAC-4FF4-B36D-419E924A6D79}\MinorVersion = "0" regsvr32.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Classes\AudioEngine\AudioProcessingObjects\{EACD2258-FCAC-4FF4-B36D-419E924A6D79}\MinOutputConnections = "1" regsvr32.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Classes\AudioEngine\AudioProcessingObjects\{EC1CC9CE-FAED-4822-828A-82A81A6F018F}\NumAPOInterfaces = "1" regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{EC1CC9CE-FAED-4822-828A-82A81A6F018F}\ = "EqualizerAPO Post-Mix Class" regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{EACD2258-FCAC-4FF4-B36D-419E924A6D79} regsvr32.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Classes\AudioEngine\AudioProcessingObjects\{EACD2258-FCAC-4FF4-B36D-419E924A6D79}\NumAPOInterfaces = "1" regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{EC1CC9CE-FAED-4822-828A-82A81A6F018F} regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\AudioEngine\AudioProcessingObjects\{EC1CC9CE-FAED-4822-828A-82A81A6F018F}\FriendlyName = "EqualizerAPO" regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\AudioEngine\AudioProcessingObjects\{EACD2258-FCAC-4FF4-B36D-419E924A6D79} regsvr32.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Classes\AudioEngine\AudioProcessingObjects\{EACD2258-FCAC-4FF4-B36D-419E924A6D79}\MajorVersion = "1" regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\AudioEngine\AudioProcessingObjects\{EACD2258-FCAC-4FF4-B36D-419E924A6D79}\Copyright = "Copyright (C) 2015" regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{EC1CC9CE-FAED-4822-828A-82A81A6F018F}\InprocServer32\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\EqualizerAPO.dll" regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{EACD2258-FCAC-4FF4-B36D-419E924A6D79}\InprocServer32\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\EqualizerAPO.dll" regsvr32.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Classes\AudioEngine\AudioProcessingObjects\{EC1CC9CE-FAED-4822-828A-82A81A6F018F}\MaxInputConnections = "1" regsvr32.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Classes\AudioEngine\AudioProcessingObjects\{EC1CC9CE-FAED-4822-828A-82A81A6F018F}\MaxOutputConnections = "1" regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\AudioEngine\AudioProcessingObjects\{EC1CC9CE-FAED-4822-828A-82A81A6F018F}\APOInterface0 = "{FD7F2B29-24D0-4B5C-B177-592C39F9CA10}" regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{EACD2258-FCAC-4FF4-B36D-419E924A6D79}\ = "EqualizerAPO Pre-Mix Class" regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\AudioEngine\AudioProcessingObjects regsvr32.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Classes\AudioEngine\AudioProcessingObjects\{EACD2258-FCAC-4FF4-B36D-419E924A6D79}\MaxInputConnections = "1" regsvr32.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Classes\AudioEngine\AudioProcessingObjects\{EACD2258-FCAC-4FF4-B36D-419E924A6D79}\MaxInstances = "4294967295" regsvr32.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Classes\AudioEngine\AudioProcessingObjects\{EC1CC9CE-FAED-4822-828A-82A81A6F018F}\MajorVersion = "1" regsvr32.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Classes\AudioEngine\AudioProcessingObjects\{EACD2258-FCAC-4FF4-B36D-419E924A6D79}\Flags = "13" regsvr32.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Classes\AudioEngine\AudioProcessingObjects\{EC1CC9CE-FAED-4822-828A-82A81A6F018F}\MinInputConnections = "1" regsvr32.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Classes\AudioEngine\AudioProcessingObjects\{EACD2258-FCAC-4FF4-B36D-419E924A6D79}\MinInputConnections = "1" regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{EC1CC9CE-FAED-4822-828A-82A81A6F018F}\InprocServer32\ThreadingModel = "Both" regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\AudioEngine\AudioProcessingObjects\{EC1CC9CE-FAED-4822-828A-82A81A6F018F} regsvr32.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Classes\AudioEngine\AudioProcessingObjects\{EC1CC9CE-FAED-4822-828A-82A81A6F018F}\MinorVersion = "0" regsvr32.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Classes\AudioEngine\AudioProcessingObjects\{EC1CC9CE-FAED-4822-828A-82A81A6F018F}\Flags = "13" regsvr32.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Classes\AudioEngine\AudioProcessingObjects\{EACD2258-FCAC-4FF4-B36D-419E924A6D79}\MaxOutputConnections = "1" regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{EACD2258-FCAC-4FF4-B36D-419E924A6D79}\InprocServer32\ThreadingModel = "Both" regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\AudioEngine\AudioProcessingObjects\{EC1CC9CE-FAED-4822-828A-82A81A6F018F}\Copyright = "Copyright (C) 2015" regsvr32.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Classes\AudioEngine\AudioProcessingObjects\{EC1CC9CE-FAED-4822-828A-82A81A6F018F}\MaxInstances = "4294967295" regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\AudioEngine\AudioProcessingObjects\{EACD2258-FCAC-4FF4-B36D-419E924A6D79}\FriendlyName = "EqualizerAPO" regsvr32.exe