Overview

overview

7

Static

static

3

OnRadio_Se....1.exe

windows11-21h2-x64

7

Analysis

  • max time kernel
    79s
  • max time network
    85s
  • platform
    windows11-21h2_x64
  • resource
    win11-20240802-en
  • resource tags

    arch:x64arch:x86image:win11-20240802-enlocale:en-usos:windows11-21h2-x64system
  • submitted
    15/09/2024, 07:59

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    OnRadio_Setup_v1.24.9.1.exe

  • Size

    2.2MB

  • MD5

    9b527456f3636c8b6e9585ad40fc88f9

  • SHA1

    143346dd0d2779ad813bdda80f297f149785ba19

  • SHA256

    b63fcd706474aea3f5d762714da6cfa68e5f30ae6bb2941604d5d73b96208644

  • SHA512

    fcad5170f47667928ae1aede8f49ffce205b52acf6593691f4f353a2819963276a99a4ef55bd0c8775507f2b0de704346868aafd0b779ab423c41633340a73de

  • SSDEEP

    49152:VXz+RkTYatIKZnemLi+zHZPNBn1C5Gth7xnl8Qht+cd:VXz++kaawemLxzHZPN+52xlPtd

Score
7/10
discovery

Malware Config

Signatures

  • Executes dropped EXE 3 IoCs
  • Loads dropped DLL 44 IoCs
  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  • Enumerates connected drives 3 TTPs 46 IoCs

    Attempts to read the root path of hard drives other than the default C: drive.

  • Drops file in Program Files directory 12 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Program crash 2 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 4 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Modifies registry class 6 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 17 IoCs
  • Suspicious use of WriteProcessMemory 6 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\OnRadio_Setup_v1.24.9.1.exe
    "C:\Users\Admin\AppData\Local\Temp\OnRadio_Setup_v1.24.9.1.exe"
    1⤵
    • Drops file in Program Files directory
    • System Location Discovery: System Language Discovery
    • Suspicious use of WriteProcessMemory
    PID:4648
    • C:\Program Files (x86)\VL\OnRadio\OnRadio.exe
      "C:\Program Files (x86)\VL\OnRadio\OnRadio.exe"
      2⤵
      • Executes dropped EXE
      • Loads dropped DLL
      • System Location Discovery: System Language Discovery
      PID:4452
      • C:\Windows\SysWOW64\WerFault.exe
        C:\Windows\SysWOW64\WerFault.exe -u -p 4452 -s 1340
        3⤵
        • Program crash
        PID:488
      • C:\Windows\SysWOW64\WerFault.exe
        C:\Windows\SysWOW64\WerFault.exe -u -p 4452 -s 1392
        3⤵
        • Program crash
        PID:2192
  • C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 4452 -ip 4452
    1⤵
      PID:576
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -pss -s 512 -p 4452 -ip 4452
      1⤵
        PID:2196
      • C:\Program Files (x86)\VL\OnRadio\OnRadio.exe
        "C:\Program Files (x86)\VL\OnRadio\OnRadio.exe"
        1⤵
        • Executes dropped EXE
        • Loads dropped DLL
        • Enumerates connected drives
        • System Location Discovery: System Language Discovery
        • Modifies registry class
        • Suspicious behavior: GetForegroundWindowSpam
        • Suspicious use of AdjustPrivilegeToken
        • Suspicious use of WriteProcessMemory
        PID:4760
        • C:\Program Files (x86)\VL\OnRadio\OnRadio.exe
          "C:\Program Files (x86)\VL\OnRadio\OnRadio.exe"
          2⤵
          • Executes dropped EXE
          • Loads dropped DLL
          • Enumerates connected drives
          • System Location Discovery: System Language Discovery
          • Modifies registry class
          • Suspicious use of AdjustPrivilegeToken
          PID:4836
      • C:\Windows\system32\AUDIODG.EXE
        C:\Windows\system32\AUDIODG.EXE 0x00000000000004EC 0x00000000000004F0
        1⤵
        • Suspicious use of AdjustPrivilegeToken
        PID:4088

      Network

      MITRE ATT&CK Enterprise v15

      Replay Monitor

      Loading Replay Monitor...

      Downloads

      • C:\Program Files (x86)\VL\OnRadio\AxInterop.WMPLib.dll
        Filesize

        52KB

        MD5

        9d70351a0de0e37c2dabbb77281d779c

        SHA1

        bea50ed133afa998d34fcf55bb349d2a489024da

        SHA256

        5240a072e9bbab24654cff886160bf6fde00a1ff39acbc6279484860c1712e3d

        SHA512

        9a7ee68f9690f188a674efb467533a0741159329b378145040d7f1928ddf3f4639f30e8d9e33cd7fbedc4a687a0d90bd3a2da4cdb3759444f471736c0ac73483

        Download Submit

      • C:\Program Files (x86)\VL\OnRadio\ColorSlider.dll
        Filesize

        22KB

        MD5

        c1b3a3e13cee687b8785815b85c49083

        SHA1

        b23944469ef97eda51d26915b6121a209dfaa1fd

        SHA256

        5545dcbbfb08131a1ae59c15955109c7655480e8eab4c4b2ee24812ad74618f9

        SHA512

        a1c2e838464fa7c8a7e59973fb4855ab084036b2367c9604e913d6a3b2a27665e0eccbd7f9cbee94dc8570b8f2ebe650186caddfacca001a6d20f65d01d8d418

        Download Submit

      • C:\Program Files (x86)\VL\OnRadio\Interop.WMPLib.dll
        Filesize

        323KB

        MD5

        447f46943ebd0c4adadf2c0bdb0e58a9

        SHA1

        3edbd96cb1537238b3194972cb8cf7264e7ec120

        SHA256

        ac9a1a9282faad6615972a5805547e98838ebbca09345d09b7d937c68bc19aac

        SHA512

        b0ebdd5d9356354351184f5ccaeb4c9be075272b49f334c7a3827691e8c13721ba479a3a6fff4ba57bb26eb7a651c0f36ba1dd91e52989d9dd6a56f49353fccf

        Download Submit

      • C:\Program Files (x86)\VL\OnRadio\OnRadio.exe
        Filesize

        757KB

        MD5

        82664a76443cf192b635947ad7de940b

        SHA1

        dddc2db3bde13178923a8a6a98be7e19bfb0dc8a

        SHA256

        6deaf61098a58289a1f7b6d86e07fc576bb2ba5349e9331fc2f14473fe938991

        SHA512

        d5314ec827ab5af00c8ef7509ce3f3e01310aed74b23ffcb36ef013dd7e9b80f4e54353a8aa399ba05c849aaa0cf67a40fc9218dbddecd8648024c539abd6bd8

        Download Submit

      • C:\Program Files (x86)\VL\OnRadio\System.Data.SQLite.dll
        Filesize

        421KB

        MD5

        edd007cf3fcb18ccef985f58004b1aee

        SHA1

        c3a697e0552ab600132f8fd4635f78517d4cb4e4

        SHA256

        9b0581b003161d1605405ab4ae2a31e03bf3287673c148f4a1d90253aaad2c30

        SHA512

        f848b4c4ba2f95ab9e8f90b5de8d169013b6c0ed7465c24f378c3df44d5bcc52e44c15e05973392e4d53c5b53007c8122ce4fd632d0ac203040fed10abb0b75f

        Download Submit

      • C:\Program Files (x86)\VL\OnRadio\Uninstall.exe
        Filesize

        195KB

        MD5

        e8e41fddf81f69801d427f3e40c9e1c2

        SHA1

        51b499939f75e3c0c17c65550b58cec4b3d106b1

        SHA256

        d8f0020f98b4cb90b07720c591d707703fd752bbe9935227ea938e96f8090be2

        SHA512

        59c1a06aad81b50b0299caa96b944d6a5da01fd0e5a1f4d7e33c790ac1dd1b9399f6f4a849e3326290d2554cbfd2026214cea095612de851400186288f7b12f4

        Download Submit

      • C:\Program Files (x86)\VL\OnRadio\en-US\OnRadio.resources.dll
        Filesize

        208KB

        MD5

        5026eae26880875eae091f29e7c33be1

        SHA1

        e0e800e161e6f8bbd363ff6881ef330522d37962

        SHA256

        b588c885b21273ffef9e8c24a5064f763d06007904c9f6a4be83bcb5adfd5198

        SHA512

        580d745e3bb881f6db74adf67f6dd22fe42cd6cb71054f9aa83e863043b93ce8986c94e31c36e577f5090874b0ce97dc4ecca1ca7157a6d7411f9c87f1b67770

        Download Submit

      • C:\Program Files (x86)\VL\OnRadio\en\OnRadio.resources.dll
        Filesize

        190KB

        MD5

        149ba62fbc30abdb72e1d9b1085abeaa

        SHA1

        d345eac16c74aeee65b1c5040e963f6d85c47ec7

        SHA256

        a11b3e5225957a1f191d4a419b51ea94665129ab49efa05376f7c5b2ede29411

        SHA512

        48d45f90180e8e49b3d6e19dddb90320e7fb25d3436437454c24d5fd0b1104029b440050121e3a4175e519b3675b7e99b76dc9dc3b50d7706e3778b1db140263

        Download Submit

      • C:\Program Files (x86)\VL\OnRadio\uk-UA\OnRadio.resources.dll
        Filesize

        209KB

        MD5

        2ac172c9d70c7204576939a92dc6ae33

        SHA1

        655b5e68fe330821d108a57f3aa30b6ce7f71c80

        SHA256

        a556cf79c7ae536cca5ae06361cc443dc4b9e0528845e8ab60e3a16571379b5f

        SHA512

        439fc3f2b579c58d0ce6927ab53463a22047bd3ae173b62dcbe5dd88f8caf31b6ed571eca18253d6ac995e8a5e47564f95b3d18d2a213d59726dee90d5bea370

        Download Submit

      • C:\Program Files (x86)\VL\OnRadio\uk\OnRadio.resources.dll
        Filesize

        189KB

        MD5

        9e9abb8f8fbfceac1f40c33f03303157

        SHA1

        5f5a8788b0b0d9b2e3ec4b3e63a1e3ec1d4d78c7

        SHA256

        073c5247d6af362a7402c1927080b0cab215ddeca1af8f387c8e50a17926be32

        SHA512

        9b2b47e1a6629f5bb7cbf40adae4c2337297b8ab7229dfa31fa842ef2134aea18bf15ae4c9dcf43813ee9f326c8c0b63c4dd6d6d177d64e98528cc9f5d84caba

        Download Submit

      • C:\Program Files (x86)\VL\OnRadio\x86\SQLite.Interop.dll
        Filesize

        1.4MB

        MD5

        6f2fdecc48e7d72ca1eb7f17a97e59ad

        SHA1

        fcbc8c4403e5c8194ee69158d7e70ee7dbd4c056

        SHA256

        70e48ef5c14766f3601c97451b47859fddcbe7f237e1c5200cea8e7a7609d809

        SHA512

        fea98a3d6fff1497551dc6583dd92798dcac764070a350fd381e856105a6411c94effd4b189b7a32608ff610422b8dbd6d93393c5da99ee66d4569d45191dc8b

        Download Submit

      • C:\Users\Admin\AppData\Local\Microsoft\Media Player\CurrentDatabase_400.wmdb
        Filesize

        256KB

        MD5

        9cb09e0dd984673281db533693ed82ec

        SHA1

        a295b3174815687dac5e6a4bcacae95617518ccb

        SHA256

        686322271981c2dfe24603bdc1128036c5cd2f25a5d17ddd17521dff6609c2c6

        SHA512

        80506877cfcf153cb303ffb0d0bf36899f5874316edddb5fa279c19ab17de557d165a0c2018edeea239f3f26ff9dafd9c70ccfd2cb4399bf7e50dee30d59df1d

        Download Submit

      • C:\Users\Admin\AppData\Local\Microsoft\Media Player\CurrentDatabase_400.wmdb
        Filesize

        1024KB

        MD5

        d9c6a2bcc648843de666b4ca9eaabf14

        SHA1

        f422005b1c4ba33bd15c3efa8530c0efa508129f

        SHA256

        8d782a7f323a06b1189a09b686ec94ec6b3bca9feb6148f4117d7a4e5b06b836

        SHA512

        3b52c9fc6955ed3bb777ee84b8485af3c03b93366a584c2fc00c4a14dd5767544090ac4974181f7e1a80192d54c6e4e292ca61a7798074bbe1a66addf742ca13

        Download Submit

      • C:\Users\Admin\AppData\Local\Microsoft\Windows Media\12.0\WMSDKNS.XML
        Filesize

        9KB

        MD5

        7050d5ae8acfbe560fa11073fef8185d

        SHA1

        5bc38e77ff06785fe0aec5a345c4ccd15752560e

        SHA256

        cb87767c4a384c24e4a0f88455f59101b1ae7b4fb8de8a5adb4136c5f7ee545b

        SHA512

        a7a295ac8921bb3dde58d4bcde9372ed59def61d4b7699057274960fa8c1d1a1daff834a93f7a0698e9e5c16db43af05e9fd2d6d7c9232f7d26ffcff5fc5900b

        Download Submit

      • C:\Users\Admin\AppData\Local\VL\OnRadio.exe_Url_kql1iwfbka2njgu5cqoco4l1j3bmp55a\1.24.9.1\oyw0vky0.newcfg
        Filesize

        1KB

        MD5

        525a641b23a61c6f245f98813c7903d6

        SHA1

        fd7c4b769cc2c2223c209d321c023c6b3db301f1

        SHA256

        fc032a985974c79251fd4b49134b9e4562f60b2ad251e938ee32b4b1b04f8f94

        SHA512

        9ab57aae7bcdfc0aa74957b542778035c2de707dfdf51c8c914fe7061bda100ee6e2a5e168caa876a90ea2ea3a0c3d0224887eeefa64c5a1367e5399cba6415a

        Download Submit

      • C:\Users\Admin\AppData\Local\VL\OnRadio.exe_Url_kql1iwfbka2njgu5cqoco4l1j3bmp55a\1.24.9.1\user.config
        Filesize

        1KB

        MD5

        1c9c6acd28ba8efebeda07d48129afbc

        SHA1

        97fc5b6aa1428c9ab18a2f91db2a7a85c2253cd8

        SHA256

        a2b3aea3ce891e6edb982c5a974bae7063c87773007b498be6210e2e9893d604

        SHA512

        d225bb6b00b4aa9ddc614470280ea6402029235928e65ab94e8f053a752832a82d6a5e1fcdf4abe96194c6aa458dfe4e0e89c82733ca8951e97e8e51facae109

        Download Submit

      • C:\Users\Admin\AppData\Local\VL\OnRadio.exe_Url_kql1iwfbka2njgu5cqoco4l1j3bmp55a\1.24.9.1\user.config
        Filesize

        1KB

        MD5

        d95f17aef1f0fa9ac6c5c0ed9bb3a9ba

        SHA1

        c5fb802eec23536a4868fecec6297703d6077efe

        SHA256

        a76ffb1ed5fc1ff1718f5fa810a2bd2fb05b3b6c170a36a086c70a8f4c0806bc

        SHA512

        94baa17813c90da5590f22f96106d68f54f8b7f354775c65d487f39795de982c662d3645ec94a4c87386f69211a4490407327f5b9c78a8c9ab79620913c9ca07

        Download Submit

      • C:\Users\Admin\AppData\Local\VL\OnRadio.exe_Url_kql1iwfbka2njgu5cqoco4l1j3bmp55a\1.24.9.1\user.config
        Filesize

        1KB

        MD5

        0167ab97dc58d339568cb0adfcf91f74

        SHA1

        0dc8691f64aec7853d8af4ee74d130145e687b22

        SHA256

        e172943089ba740a9ba1d067ec4a2ab300f84bc22616a1ced3283b0c729c579a

        SHA512

        88cd2c0ab148188a411cea2977a5c01edfa9c5df499c15baeff448373259b84f155eeb91efb63cb39d051e9addac5c3fc91538bbbf65eda45108a648fcbb9272

        Download Submit

      • C:\Users\Admin\AppData\Roaming\OnRadio\OnRadio.db
        Filesize

        672KB

        MD5

        e6383e605cc8661c1041e29b36a1d17e

        SHA1

        c03fa4ce8f5cfaf0de377e7eea2556b7607b44d3

        SHA256

        f785d5c33b5b985131e671e981ec9433cf19a104e63fb384701cb6d92c6bce6f

        SHA512

        815bc46c361a45f7bb59dd9216053f1bd89fd29a3d9efc774524bc0565bb8f71f2bd014b0f2d38b5b17f0fcb2228c4bc45736189b5618622c53d21e7b661343f

        Download Submit

      • memory/4452-97-0x00000000053C0000-0x00000000053D4000-memory.dmp

        Filesize

        80KB

        Download

      • memory/4452-81-0x0000000000220000-0x00000000002E4000-memory.dmp

        Filesize

        784KB

        Download

      • memory/4452-107-0x0000000073E80000-0x0000000074631000-memory.dmp

        Filesize

        7.7MB

        Download

      • memory/4452-89-0x0000000005350000-0x000000000535A000-memory.dmp

        Filesize

        40KB

        Download

      • memory/4452-80-0x0000000073E8E000-0x0000000073E8F000-memory.dmp

        Filesize

        4KB

        Download

      • memory/4452-102-0x0000000008BB0000-0x0000000008BE6000-memory.dmp

        Filesize

        216KB

        Download

      • memory/4452-87-0x0000000004EC0000-0x0000000004F18000-memory.dmp

        Filesize

        352KB

        Download

      • memory/4452-88-0x0000000073E80000-0x0000000074631000-memory.dmp

        Filesize

        7.7MB

        Download

      • memory/4452-82-0x0000000005470000-0x0000000005A16000-memory.dmp

        Filesize

        5.6MB

        Download

      • memory/4452-83-0x0000000004DC0000-0x0000000004E52000-memory.dmp

        Filesize

        584KB

        Download

      • memory/4452-93-0x0000000005380000-0x000000000538C000-memory.dmp

        Filesize

        48KB

        Download

      • memory/4452-106-0x0000000008BF0000-0x0000000008C2A000-memory.dmp

        Filesize

        232KB

        Download

      • memory/4648-15-0x0000000000400000-0x0000000000449000-memory.dmp

        Filesize

        292KB

        Download

      • memory/4648-98-0x0000000000400000-0x0000000000449000-memory.dmp

        Filesize

        292KB

        Download

      • memory/4648-76-0x0000000000400000-0x0000000000449000-memory.dmp

        Filesize

        292KB

        Download

      • memory/4760-140-0x000000000D140000-0x000000000D17A000-memory.dmp

        Filesize

        232KB

        Download

      • memory/4760-188-0x000000000E470000-0x000000000E480000-memory.dmp

        Filesize

        64KB

        Download

      • memory/4760-149-0x000000000D200000-0x000000000D221000-memory.dmp

        Filesize

        132KB

        Download

      • memory/4760-155-0x000000000E470000-0x000000000E480000-memory.dmp

        Filesize

        64KB

        Download

      • memory/4760-156-0x000000000E470000-0x000000000E480000-memory.dmp

        Filesize

        64KB

        Download

      • memory/4760-158-0x000000000E470000-0x000000000E480000-memory.dmp

        Filesize

        64KB

        Download

      • memory/4760-157-0x000000000E470000-0x000000000E480000-memory.dmp

        Filesize

        64KB

        Download

      • memory/4760-159-0x000000000E470000-0x000000000E480000-memory.dmp

        Filesize

        64KB

        Download

      • memory/4760-160-0x000000000E470000-0x000000000E480000-memory.dmp

        Filesize

        64KB

        Download

      • memory/4760-144-0x000000000D180000-0x000000000D1B6000-memory.dmp

        Filesize

        216KB

        Download

      • memory/4760-173-0x000000007517E000-0x000000007517F000-memory.dmp

        Filesize

        4KB

        Download

      • memory/4760-174-0x0000000075170000-0x0000000075921000-memory.dmp

        Filesize

        7.7MB

        Download

      • memory/4760-175-0x0000000010190000-0x0000000010318000-memory.dmp

        Filesize

        1.5MB

        Download

      • memory/4760-136-0x000000000D060000-0x000000000D0AC000-memory.dmp

        Filesize

        304KB

        Download

      • memory/4760-135-0x000000000CD00000-0x000000000D057000-memory.dmp

        Filesize

        3.3MB

        Download

      • memory/4760-148-0x000000000DE30000-0x000000000DE6C000-memory.dmp

        Filesize

        240KB

        Download

      • memory/4760-134-0x000000000CC90000-0x000000000CCFA000-memory.dmp

        Filesize

        424KB

        Download

      • memory/4760-216-0x0000000075170000-0x0000000075921000-memory.dmp

        Filesize

        7.7MB

        Download

      • memory/4760-109-0x000000007517E000-0x000000007517F000-memory.dmp

        Filesize

        4KB

        Download

      • memory/4760-112-0x0000000075170000-0x0000000075921000-memory.dmp

        Filesize

        7.7MB

        Download

      • memory/4836-235-0x000000000AF60000-0x000000000AF81000-memory.dmp

        Filesize

        132KB

        Download

      • memory/4836-228-0x000000000ADC0000-0x000000000AE0C000-memory.dmp

        Filesize

        304KB

        Download

      • memory/4836-244-0x000000000C290000-0x000000000C2A0000-memory.dmp

        Filesize

        64KB

        Download

      • memory/4836-243-0x000000000C290000-0x000000000C2A0000-memory.dmp

        Filesize

        64KB

        Download

      • memory/4836-242-0x000000000C290000-0x000000000C2A0000-memory.dmp

        Filesize

        64KB

        Download

      • memory/4836-241-0x000000000C290000-0x000000000C2A0000-memory.dmp

        Filesize

        64KB

        Download

      • memory/4836-246-0x000000000C290000-0x000000000C2A0000-memory.dmp

        Filesize

        64KB

        Download

      • memory/4836-245-0x000000000C290000-0x000000000C2A0000-memory.dmp

        Filesize

        64KB

        Download

      • memory/4836-227-0x000000000AA60000-0x000000000ADB7000-memory.dmp

        Filesize

        3.3MB

        Download