Overview

overview

8

Static

static

3

Antares Au...CE.exe

windows10-2004-x64

8

Analysis

  • max time kernel
    33s
  • max time network
    20s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240709-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
  • submitted
    09-07-2024 23:35

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Antares Auto-Tune Pro X v10.3.1 CE.exe

  • Size

    85.9MB

  • MD5

    bc098726a5e3276880e0f32d2e6cfda1

  • SHA1

    7e12e8091bfdc3a5a917725016bcb5eba401e36a

  • SHA256

    dc7de9526b50b299217087a4bf2a40bb529005a4d441743f6fa9c7b9fce0bf77

  • SHA512

    b9bb06f4250e2deb3978e6b069640cc1e0348fd68972d8da51a85eec4d05a7f972808bb4f0d55f8057c90cec8cd2636556fe6f20af85e83d6c4148af691a033a

  • SSDEEP

    1572864:BxhAXXk7jJMEb5/oolzSylAPSkavpme7ILvWeqfBQC:Brl7tMEhBhlETaobgBQC

Score
8/10
discoveryevasion

Malware Config

Signatures

  • Sets file to hidden 1 TTPs 2 IoCs

    Modifies file attributes to stop it showing in Explorer etc.

    evasion
  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 1 IoCs
  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  • Drops desktop.ini file(s) 7 IoCs
  • Drops file in Program Files directory 45 IoCs
  • Runs net.exe
  • Suspicious behavior: EnumeratesProcesses 2 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of WriteProcessMemory 21 IoCs
  • Views/modifies file attributes 1 TTPs 3 IoCs
    evasion

Processes

  • C:\Users\Admin\AppData\Local\Temp\Antares Auto-Tune Pro X v10.3.1 CE.exe
    "C:\Users\Admin\AppData\Local\Temp\Antares Auto-Tune Pro X v10.3.1 CE.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:3512
    • C:\Users\Admin\AppData\Local\Temp\is-8I1E8.tmp\Antares Auto-Tune Pro X v10.3.1 CE.tmp
      "C:\Users\Admin\AppData\Local\Temp\is-8I1E8.tmp\Antares Auto-Tune Pro X v10.3.1 CE.tmp" /SL5="$501CE,89194940,864768,C:\Users\Admin\AppData\Local\Temp\Antares Auto-Tune Pro X v10.3.1 CE.exe"
      2⤵
      • Executes dropped EXE
      • Loads dropped DLL
      • Drops desktop.ini file(s)
      • Drops file in Program Files directory
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of WriteProcessMemory
      PID:1196
      • C:\Windows\system32\net.exe
        "C:\Windows\system32\net.exe" stop "Antares Central Services"
        3⤵
        • Suspicious use of WriteProcessMemory
        PID:4728
        • C:\Windows\system32\net1.exe
          C:\Windows\system32\net1 stop "Antares Central Services"
          4⤵
            PID:4220
        • C:\Windows\system32\net.exe
          "C:\Windows\system32\net.exe" stop CmWebAdmin.exe
          3⤵
          • Suspicious use of WriteProcessMemory
          PID:1924
          • C:\Windows\system32\net1.exe
            C:\Windows\system32\net1 stop CmWebAdmin.exe
            4⤵
              PID:3132
          • C:\Windows\system32\net.exe
            "C:\Windows\system32\net.exe" stop CodeMeter.exe
            3⤵
            • Suspicious use of WriteProcessMemory
            PID:1068
            • C:\Windows\system32\net1.exe
              C:\Windows\system32\net1 stop CodeMeter.exe
              4⤵
                PID:4116
            • C:\Windows\system32\attrib.exe
              "C:\Windows\system32\attrib.exe" +r /s /d "C:\Program Files\Common Files\Avid\Audio\Plug-Ins\Antares\*"
              3⤵
              • Drops desktop.ini file(s)
              • Drops file in Program Files directory
              • Views/modifies file attributes
              PID:1600
            • C:\Windows\system32\attrib.exe
              "C:\Windows\system32\attrib.exe" +s +h /s /d "C:\Program Files\Common Files\Avid\Audio\Plug-Ins\Antares\*.ini"
              3⤵
              • Sets file to hidden
              • Drops desktop.ini file(s)
              • Drops file in Program Files directory
              • Views/modifies file attributes
              PID:4036
            • C:\Windows\system32\attrib.exe
              "C:\Windows\system32\attrib.exe" +s +h /s /d "C:\Program Files\Common Files\Avid\Audio\Plug-Ins\Antares\*.ico"
              3⤵
              • Sets file to hidden
              • Drops file in Program Files directory
              • Views/modifies file attributes
              PID:808

        Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Program Files\Common Files\Avid\Audio\Plug-Ins\Antares\Auto-Key.aaxplugin\Contents\Resources\Auto-Key.xml
          Filesize

          9KB

          MD5

          44554c48016e097a80f592dc7656e292

          SHA1

          5bd0c43722cf276e9c51d8b372bda33297ca6bbe

          SHA256

          62a96686da67da29fd6d54f65f44806c6f88185a45bbbe342cc385d90e00fdb9

          SHA512

          ffaf43c826170f5bc8e246a6a039738553ebd8a90ab8b6885729ea297189fdcde6c4e52a5a1d134f3306c052fdd0b567ca7c59267b3e812a213ed70def234c0b

          Download Submit

        • C:\Program Files\Common Files\Avid\Audio\Plug-Ins\Antares\Auto-Key.aaxplugin\Contents\x64\Auto-Key.aaxplugin
          Filesize

          13.8MB

          MD5

          e84c950b03d5c72e3fe198d789854701

          SHA1

          7cc2d95a593c2c4be22c2ccef8d361d72576aa78

          SHA256

          0f09bb391e3038f59f76a9c8927335182690aff373594578db0b455911a36314

          SHA512

          ea5c097abb159724c8d66f7b1e066a444ba57cbce9e433a9e28347c7081786bcb3165401069ea3aabbfc3b51e2cf30c90ee12f64fa01c939cd63453b2c4e3974

          Download Submit

        • C:\Program Files\Common Files\Avid\Audio\Plug-Ins\Antares\Auto-Tune Pro.aaxplugin\Contents\Resources\AutoTunePro.xml
          Filesize

          32KB

          MD5

          f6d7e92c546f969afbe4158ce2feb785

          SHA1

          277cf1d0f1f0bf9a4549f766b502369955ca5aec

          SHA256

          60f1b3dbcae91d77d52bf3cec20add1a76d80151558e21a94a3bc4c9fd9a696c

          SHA512

          f887feb06dbeafabbe1faf65e627b9315070e74f0b815386ff8b5c0627c50750bc35fa3b4084fb1fb6b8a65f5b9aa45aa641984002a8a5a3f6e3b572aa15b3a6

          Download Submit

        • C:\Program Files\Common Files\Avid\Audio\Plug-Ins\Antares\Auto-Tune Pro.aaxplugin\Contents\x64\Auto-Tune Pro.aaxplugin
          Filesize

          42.7MB

          MD5

          00f1e4a9fcd5e1574da621dde42336e9

          SHA1

          bc881b4183e418191e8e42f0e55c6bd1de274c61

          SHA256

          4a23755ae9b36c7642a68a31f8507f33eb1d7975669bc74f97070c115cb8ef14

          SHA512

          5cff154cc098606fb934cca2aa164f42fb4c5180086573176b94fcb6216bb31311c607e8a300d681cba5cf9d1c895d900913e372184f13e7e8a45494e26c22a6

          Download Submit

        • C:\Program Files\Common Files\Avid\Audio\Plug-Ins\Antares\Auto-Tune Pro.aaxplugin\desktop.ini
          Filesize

          126B

          MD5

          798095cd31340606c8e81d0a5107d57e

          SHA1

          39d058c4d45ef84b188f7ece620106124eb3d74e

          SHA256

          5526ef6345adee7c693e58354dd72b095df152be62ff7298b4c6f6d0f91e2f83

          SHA512

          9ca995c89d3f23cd2a977fb2826da1f75dc4caa4fe965f9aac3a6d486f6558429a44eaeea35217f85d94ba6d7c2c54ab520c9a1786133b2edd103e36159e53a1

          Download Submit

        • C:\Program Files\Common Files\VST3\Antares\is-5IRD8.tmp
          Filesize

          46B

          MD5

          92872f8ac2aed2db0b07e0bd2a2cc207

          SHA1

          6f7560add23274d6e0482754c186b59518269112

          SHA256

          524c4940611c5338397e0bbdd9f23c030da1e5387f772a38b1599b467be78732

          SHA512

          17b4a82fe65178e7701c61239d951155929a1b950c1ad35cd214286fa05032b10f1300bb01ef25910d4685e67dcd511da5f13de531e2210fc413ad77528969df

          Download Submit

        • C:\Program Files\Common Files\VST3\Antares\is-68JTL.tmp
          Filesize

          45KB

          MD5

          6e03b680fbee54e69e52a15245989862

          SHA1

          0136100d693fa2cf4eba38ac0314951b7be22c9b

          SHA256

          00999004190475604537034d99d9a2cc84355579e4b199045dc6c8c3479e3600

          SHA512

          1a2e8770e676bfe9c84f81185584fdf347271897637f18ccbcb1f1dfb7f4afac4cf65ab0d19d7f34044b5f5b304d7b54c9c85c8049fee0a4a3e4cabe3ae7c578

          Download Submit

        • C:\Users\Admin\AppData\Local\Temp\is-8I1E8.tmp\Antares Auto-Tune Pro X v10.3.1 CE.tmp
          Filesize

          3.1MB

          MD5

          31cd6eb9935a435a0e2810ccc5892767

          SHA1

          8081b5b305cce54ee398bb2201d16e0ba7a153c4

          SHA256

          9ce72a80569d00b753bc86f066d0448428d5f9be11b9aa8355d652127f212749

          SHA512

          bdac5c47cd1e6b96348f9b08a978b6ba5965db9f8a45f321cef0c06909d54a663212e415cb2ed464355694c613cda4a81192dd6c542723996cb8f91c26813ae7

          Download Submit

        • C:\Users\Admin\AppData\Local\Temp\is-HS9V3.tmp\_isetup\_iscrypt.dll
          Filesize

          2KB

          MD5

          a69559718ab506675e907fe49deb71e9

          SHA1

          bc8f404ffdb1960b50c12ff9413c893b56f2e36f

          SHA256

          2f6294f9aa09f59a574b5dcd33be54e16b39377984f3d5658cda44950fa0f8fc

          SHA512

          e52e0aa7fe3f79e36330c455d944653d449ba05b2f9abee0914a0910c3452cfa679a40441f9ac696b3ccf9445cbb85095747e86153402fc362bb30ac08249a63

          Download Submit

        • memory/1196-12-0x0000000000400000-0x000000000072C000-memory.dmp

          Filesize

          3.2MB

          Download

        • memory/1196-6-0x0000000000400000-0x000000000072C000-memory.dmp

          Filesize

          3.2MB

          Download

        • memory/1196-171-0x0000000000400000-0x000000000072C000-memory.dmp

          Filesize

          3.2MB

          Download

        • memory/1196-175-0x0000000000400000-0x000000000072C000-memory.dmp

          Filesize

          3.2MB

          Download

        • memory/3512-0-0x0000000000400000-0x00000000004E4000-memory.dmp

          Filesize

          912KB

          Download

        • memory/3512-11-0x0000000000400000-0x00000000004E4000-memory.dmp

          Filesize

          912KB

          Download

        • memory/3512-2-0x0000000000401000-0x00000000004C1000-memory.dmp

          Filesize

          768KB

          Download

        • memory/3512-176-0x0000000000400000-0x00000000004E4000-memory.dmp

          Filesize

          912KB

          Download