33572af76adcd8b752c09adc4cf6b17ab905b6d4d0ed4747edf67bb3bc06ae60

Analysis

max time kernel
128s
max time network
155s
platform
windows11-21h2_x64
resource
win11-20240611-en
resource tags

arch:x64arch:x86image:win11-20240611-enlocale:en-usos:windows11-21h2-x64system
submitted
30-06-2024 03:07

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Renoise 3.2.1/Portable/Renoise.exe
Size

200.1MB
MD5

19556124b81b6494ef7ab03086ca4981
SHA1

aba0811472579b0771cde536e074be06b480e2a9
SHA256

e56b38ddd9064a0d909ec956a36b10e3f0a1a8b4208b5a60e8175bbacf43db9f
SHA512

2da72ef887de122e2f15186f62900ab708d2b9cde091f9743fd0ed5c400b747a39f0ce5010feee156f0098db24b3ba892073da289571f7f3cf68b3aafecc934d
SSDEEP

3145728:5AeAFm7yRk+SBs8GgdPr5GPoqfV5X5dHAp4EvK:5AeIm7yRk+UGgdtyfVLdgp2

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 1 IoCs

Processes:

Renoise.exe

pid process

4324 Renoise.exe
Loads dropped DLL 1 IoCs

Processes:

Renoise.exe

pid process

4324 Renoise.exe
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

pid	process
4324	Renoise.exe

pid	process
4324	Renoise.exe

Checks processor information in registry 2 TTPs 2 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

Processes:

Renoise.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	Renoise.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	Renoise.exe

Modifies registry class 8 IoCs

Processes:

Renoise.exeMiniSearchHost.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-21-2198854727-3842442895-2838824242-1000_Classes\VirtualStore\MACHINE\SOFTWARE\Propellerhead Software\ReWire	Renoise.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2198854727-3842442895-2838824242-1000_Classes\VirtualStore\MACHINE\SOFTWARE\Propellerhead Software\ReWire\Renoise\Device Path = "C:\\Program Files\\Renoise 3.2.1\\ReWire Engine.dll"	Renoise.exe
Key created	\REGISTRY\USER\S-1-5-21-2198854727-3842442895-2838824242-1000_Classes\Local Settings\MuiCache	MiniSearchHost.exe
Key created	\REGISTRY\USER\S-1-5-21-2198854727-3842442895-2838824242-1000_Classes\VirtualStore\MACHINE\SOFTWARE\Propellerhead Software\ReWire\Renoise	Renoise.exe
Key created	\REGISTRY\USER\S-1-5-21-2198854727-3842442895-2838824242-1000_Classes\VirtualStore	Renoise.exe
Key created	\REGISTRY\USER\S-1-5-21-2198854727-3842442895-2838824242-1000_Classes\VirtualStore\MACHINE	Renoise.exe
Key created	\REGISTRY\USER\S-1-5-21-2198854727-3842442895-2838824242-1000_Classes\VirtualStore\MACHINE\SOFTWARE	Renoise.exe
Key created	\REGISTRY\USER\S-1-5-21-2198854727-3842442895-2838824242-1000_Classes\VirtualStore\MACHINE\SOFTWARE\Propellerhead Software	Renoise.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

Processes:

Renoise.exe

pid process

4324 Renoise.exe
4324 Renoise.exe
Suspicious behavior: GetForegroundWindowSpam 1 IoCs

Processes:

Renoise.exe

pid process

4324 Renoise.exe
Suspicious use of AdjustPrivilegeToken 2 IoCs

Processes:

AUDIODG.EXE

description pid process

Token: 33 3880 AUDIODG.EXE
Token: SeIncBasePriorityPrivilege 3880 AUDIODG.EXE
Suspicious use of FindShellTrayWindow 5 IoCs

Processes:

Renoise.exe

pid process

4324 Renoise.exe
4324 Renoise.exe
4324 Renoise.exe
4324 Renoise.exe
4324 Renoise.exe
Suspicious use of SetWindowsHookEx 5 IoCs

Processes:

Renoise.exeMiniSearchHost.exe

pid process

4324 Renoise.exe
4324 Renoise.exe
4324 Renoise.exe
4324 Renoise.exe
2672 MiniSearchHost.exe
Suspicious use of UnmapMainImage 2 IoCs

Processes:

Renoise.exe

pid process

4324 Renoise.exe
4324 Renoise.exe

pid	process
4324	Renoise.exe
4324	Renoise.exe

pid	process
4324	Renoise.exe

description	pid	process
Token: 33	3880	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	3880	AUDIODG.EXE

pid	process
4324	Renoise.exe
4324	Renoise.exe
4324	Renoise.exe
4324	Renoise.exe
4324	Renoise.exe

pid	process
4324	Renoise.exe
4324	Renoise.exe
4324	Renoise.exe
4324	Renoise.exe
2672	MiniSearchHost.exe

pid	process
4324	Renoise.exe
4324	Renoise.exe

Suspicious use of WriteProcessMemory 4 IoCs

Processes:

Renoise.exe

description	pid	process	target process
PID 2296 wrote to memory of 4324	2296	Renoise.exe	Renoise.exe
PID 2296 wrote to memory of 4324	2296	Renoise.exe	Renoise.exe
PID 2296 wrote to memory of 4324	2296	Renoise.exe	Renoise.exe
PID 2296 wrote to memory of 4324	2296	Renoise.exe	Renoise.exe

C:\Users\Admin\AppData\Local\Temp\Renoise 3.2.1\Portable\Renoise.exe
"C:\Users\Admin\AppData\Local\Temp\Renoise 3.2.1\Portable\Renoise.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2296

C:\Users\Admin\AppData\Local\Temp\Renoise 3.2.1\Portable\MAZTERIZE.COM\Renoise\3.2.1\local\stubexe\0x28B82B58306C357F\Renoise.exe
"C:\Users\Admin\AppData\Local\Temp\Renoise 3.2.1\Portable\MAZTERIZE.COM\Renoise\3.2.1\local\stubexe\0x28B82B58306C357F\Renoise.exe" /864A627C-C6B2-464A-AA13-25D62F282BD8
2⤵
- Executes dropped EXE
- Loads dropped DLL
- Checks processor information in registry
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of UnmapMainImage
PID:4324

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x00000000000004C0 0x00000000000004D4
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:3880

C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe
"C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe" -ServerName:MiniSearchUI.AppXj3y73at8fy1htwztzxs68sxx1v7cksp7.mca
1⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:2672

Network

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Query Registry

T1012

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\TempState\SearchHoverUnifiedTileModelCache.dat
Filesize
10KB

MD5
a05de6626e878c11872bcf9a152a692c

SHA1
8e2e338228d149511acd9740a84d5310c33f7f2c

SHA256
2b028061471208157f927bc0495bd6814ebce7edb5c6a0cf5f6d8d065845d704

SHA512
9f73b10f2acb9d22d8c02428f55759d55c4a6d8f4521f2c8f698c7d20280aded26a3e2ecd565507d5e8334ba4843076fbc42e3df74b49a8bc20eeb71d9ceb520

Download Submit
C:\Users\Admin\AppData\Local\Temp\Renoise 3.2.1\Portable\MAZTERIZE.COM\Renoise\3.2.1\local\meta\@PROGRAMFILES@\Renoise 3.2.1\Renoise.exe.__meta__
Filesize
32B

MD5
f41015abe8a68ce0a6eca6c9fa4acfa5

SHA1
de72526ddc2c7ebeff489ec853fbbbcf8ce06283

SHA256
34f0a9829cf19093a9b7e13e0b4f296142866b4469c4fb4f6d868b98460d6eb2

SHA512
5f83e9a5126f014d65fd79de8de42c6d28cca1fc697bdfcd6e76b98f3cbf8cf581a76ffafdb3fccb2f5dfd46381b83bfdbb5ed46e0a6bf2a09c4673664644a5a

Download Submit
C:\Users\Admin\AppData\Local\Temp\Renoise 3.2.1\Portable\MAZTERIZE.COM\Renoise\3.2.1\local\meta\@PROGRAMFILES@\Renoise 3.2.1\Resources\Stylesheets.__meta__.__tmp__
Filesize
32B

MD5
7eded22d09271be56edf368af94e55ab

SHA1
9b574ee3c866e0b325246611fc5c412b8b959806

SHA256
e6e210fa821463797d690682617069c89bf858451534ae49dacb2176207da32f

SHA512
33a65406df4f1318d8b2ba0c53a4c9f0464c5f5c6cd187a6513beb2bc64cd9fba4c8b0d0344dc0f9025fd5a0bb68fe7c7fe4425ec84a3175ae8ca731ab95fb95

Download Submit
C:\Users\Admin\AppData\Local\Temp\Renoise 3.2.1\Portable\MAZTERIZE.COM\Renoise\3.2.1\local\modified\@PROGRAMFILES@\Renoise 3.2.1\Renoise.exe
Filesize
27.6MB

MD5
6a117037ffbad9c68353a553f0bb0742

SHA1
4f5da526ec19b81ca49e4edb947185611c51139a

SHA256
1772092509fb3ad698be65cfdcfebe8b9ece0acf66adcb24191eb9b54a40015a

SHA512
4534f2db06a9cc274914de709c1c7fa99718bb414b203e7a79d9a42e3cd505ad3f22d731a92f694cd9ffaf8fd48a53a52dc1052333144a27bf01ac6107900fd4

Download Submit
C:\Users\Admin\AppData\Local\Temp\Renoise 3.2.1\Portable\MAZTERIZE.COM\Renoise\3.2.1\local\stubexe\0x28B82B58306C357F\Renoise.exe
Filesize
27KB

MD5
436d33ed76cc9d3a38d0a9d2375b6c70

SHA1
a8e6863423b641a6b24a9b49578bbe75496d0604

SHA256
724282c8475c87953776fe9add4b90e87dc16211e17ad02d77120d0d68a7be57

SHA512
bdde6b7cc0453c46ad4475139a8ec27ec5dc777d2dac927e97d23f9b387fa2468059728ebe588c41e2a79225c35a8edc8f8f6be6af37e0b843912e6f4b702bd9

Download Submit
C:\Users\Admin\AppData\Local\Temp\Renoise 3.2.1\Portable\MAZTERIZE.COM\Renoise\3.2.1\xsandbox.bin
Filesize
16B

MD5
ec3d19e8e9b05d025cb56c2a98ead8e7

SHA1
748532edeb86496c8efe5e2327501d89ec1f13df

SHA256
edb7be3ef6098a1e24d0c72bbc6f968dea773951a0dd07b63bad6d9009ae3bf4

SHA512
175fb8432472b6795bb5db0eba61bc7b57331720825df5b048f3086815ba844df4f7e83e42ff9e8fe5ab01700675a774cb916677953d6e0088ffbf1fa2775349

Download Submit
C:\Users\Admin\AppData\Local\Temp\SPOON\CACHE\0xC1FC5CB2AA039F6F\sxs\Manifests\AudioPluginServer32.exe_0xef2706591d8c1caa4b7764a74bf38407.1.manifest.__tmp__
Filesize
631B

MD5
441c070b9ff2044c15dc36cc07200b9a

SHA1
b7d85dff06380d788f2c6027b9278a2bd0707267

SHA256
ce419f9c607ce24f86f531ea057d08439588b5b5a130837635665c2bcc71f941

SHA512
333d05a640b5dcb3c138448dbbaef9d8015e4afc57493d0f27b77659262a85a9a444eadce9e24cc6b5ec7b72476644f03e1ef7173f7fe1a1a0c727f82a16aa3e

Download Submit
C:\Users\Admin\AppData\Roaming\Renoise\V3.2.1\CachedVSTs_x64.db
Filesize
287KB

MD5
14b2cc82bc91db511b06682d03dba082

SHA1
04794920504fd3fddece5d4dbf485341089ff4d7

SHA256
0493938a895d7cac746d3d0606933daca836d7e486c2fb733ebe9b336c23e51b

SHA512
45c90cf7e407fd5e5921ccd8de5a4aeea257277b8dad22f66729aacd31b4cf2327262b5feabc0d2ef9ef22ad94f994413c1a717846f2b6aeaab60739043bf156

Download Submit
C:\Users\Admin\AppData\Roaming\Renoise\V3.2.1\KeyBindings.xslt
Filesize
9KB

MD5
1a8283664c72ba23657ffd29a12bee24

SHA1
19b9f0e796d1c2d8128cdd06a96bd8e19f36621b

SHA256
0e67912e7cf5d14586bb10e83a7c8544a56d892fb4ff4590a8ff26056d97a103

SHA512
52e4d4c0ab46aa88da8a3a4cdf455739933aa414bfe1948b01ba3e517319844402f72963f2871160410414713954da9932ff30bdde9c5ef16730f89a9219fe20

Download Submit
memory/2296-26-0x00007FF8612E0000-0x00007FF8614E9000-memory.dmp

Filesize
2.0MB

Download
memory/2296-27-0x00007FF8612E0000-0x00007FF8614E9000-memory.dmp

Filesize
2.0MB

Download
memory/2296-23-0x00007FF8612E0000-0x00007FF8614E9000-memory.dmp

Filesize
2.0MB

Download
memory/2296-42-0x00007FF8612E0000-0x00007FF8614E9000-memory.dmp

Filesize
2.0MB

Download
memory/2296-31-0x00007FF8612E0000-0x00007FF8614E9000-memory.dmp

Filesize
2.0MB

Download
memory/2296-32-0x00007FF8612E0000-0x00007FF8614E9000-memory.dmp

Filesize
2.0MB

Download
memory/2296-30-0x00007FF8612E0000-0x00007FF8614E9000-memory.dmp

Filesize
2.0MB

Download
memory/2296-85-0x00007FF8612E0000-0x00007FF8614E9000-memory.dmp

Filesize
2.0MB

Download
memory/2296-3-0x0000000002D40000-0x0000000002DFB000-memory.dmp

Filesize
748KB

Download
memory/2296-33-0x00007FF8612E0000-0x00007FF8614E9000-memory.dmp

Filesize
2.0MB

Download
memory/2296-9-0x0000000002D40000-0x0000000002DFB000-memory.dmp

Filesize
748KB

Download
memory/2296-712-0x00007FF8612E0000-0x00007FF8614E9000-memory.dmp

Filesize
2.0MB

Download
memory/2296-711-0x0000000000EB0000-0x0000000001456000-memory.dmp

Filesize
5.6MB

Download
memory/2296-667-0x0000000000EB0000-0x0000000001456000-memory.dmp

Filesize
5.6MB

Download
memory/2296-666-0x00007FF8612E0000-0x00007FF8614E9000-memory.dmp

Filesize
2.0MB

Download
memory/2296-17-0x0000000000EB0000-0x0000000001456000-memory.dmp

Filesize
5.6MB

Download
memory/2296-20-0x00007FF861384000-0x00007FF861385000-memory.dmp

Filesize
4KB

Download
memory/2296-14-0x0000000002D40000-0x0000000002DFB000-memory.dmp

Filesize
748KB

Download
memory/4324-137-0x00007FF8554C0000-0x00007FF855562000-memory.dmp

Filesize
648KB

Download
memory/4324-120-0x00007FF852560000-0x00007FF852611000-memory.dmp

Filesize
708KB

Download
memory/4324-140-0x00007FF8554C0000-0x00007FF855562000-memory.dmp

Filesize
648KB

Download
memory/4324-139-0x00007FF8554C0000-0x00007FF855562000-memory.dmp

Filesize
648KB

Download
memory/4324-138-0x00007FF8554C0000-0x00007FF855562000-memory.dmp

Filesize
648KB

Download
memory/4324-142-0x00007FF8554C0000-0x00007FF855562000-memory.dmp

Filesize
648KB

Download
memory/4324-136-0x00007FF8554C0000-0x00007FF855562000-memory.dmp

Filesize
648KB

Download
memory/4324-133-0x00007FF852560000-0x00007FF852611000-memory.dmp

Filesize
708KB

Download
memory/4324-132-0x00007FF852560000-0x00007FF852611000-memory.dmp

Filesize
708KB

Download
memory/4324-131-0x00007FF852560000-0x00007FF852611000-memory.dmp

Filesize
708KB

Download
memory/4324-130-0x00007FF852560000-0x00007FF852611000-memory.dmp

Filesize
708KB

Download
memory/4324-129-0x00007FF852560000-0x00007FF852611000-memory.dmp

Filesize
708KB

Download
memory/4324-128-0x00007FF852560000-0x00007FF852611000-memory.dmp

Filesize
708KB

Download
memory/4324-126-0x00007FF852560000-0x00007FF852611000-memory.dmp

Filesize
708KB

Download
memory/4324-125-0x00007FF852560000-0x00007FF852611000-memory.dmp

Filesize
708KB

Download
memory/4324-124-0x00007FF852560000-0x00007FF852611000-memory.dmp

Filesize
708KB

Download
memory/4324-123-0x00007FF852560000-0x00007FF852611000-memory.dmp

Filesize
708KB

Download
memory/4324-122-0x00007FF852560000-0x00007FF852611000-memory.dmp

Filesize
708KB

Download
memory/4324-121-0x00007FF852560000-0x00007FF852611000-memory.dmp

Filesize
708KB

Download
memory/4324-141-0x00007FF8554C0000-0x00007FF855562000-memory.dmp

Filesize
648KB

Download
memory/4324-119-0x00007FF852560000-0x00007FF852611000-memory.dmp

Filesize
708KB

Download
memory/4324-118-0x00007FF852560000-0x00007FF852611000-memory.dmp

Filesize
708KB

Download
memory/4324-117-0x00007FF852560000-0x00007FF852611000-memory.dmp

Filesize
708KB

Download
memory/4324-114-0x00007FF852560000-0x00007FF852611000-memory.dmp

Filesize
708KB

Download
memory/4324-115-0x00007FF852560000-0x00007FF852611000-memory.dmp

Filesize
708KB

Download
memory/4324-113-0x00007FF852560000-0x00007FF852611000-memory.dmp

Filesize
708KB

Download
memory/4324-112-0x00007FF852560000-0x00007FF852611000-memory.dmp

Filesize
708KB

Download
memory/4324-111-0x00007FF852560000-0x00007FF852611000-memory.dmp

Filesize
708KB

Download
memory/4324-135-0x00007FF8554C0000-0x00007FF855562000-memory.dmp

Filesize
648KB

Download
memory/4324-134-0x00007FF8554C0000-0x00007FF855562000-memory.dmp

Filesize
648KB

Download
memory/4324-127-0x00007FF852560000-0x00007FF852611000-memory.dmp

Filesize
708KB

Download
memory/4324-116-0x00007FF852560000-0x00007FF852611000-memory.dmp

Filesize
708KB

Download
memory/4324-143-0x00007FF8554C0000-0x00007FF855562000-memory.dmp

Filesize
648KB

Download
memory/4324-144-0x00007FF8554C0000-0x00007FF855562000-memory.dmp

Filesize
648KB

Download
memory/4324-108-0x0000000140000000-0x0000000142AC3000-memory.dmp

Filesize
42.8MB

Download
memory/4324-107-0x0000000140000000-0x0000000142AC3000-memory.dmp

Filesize
42.8MB

Download
memory/4324-106-0x0000000140000000-0x0000000142AC3000-memory.dmp

Filesize
42.8MB

Download
memory/4324-103-0x0000000000840000-0x0000000000842000-memory.dmp

Filesize
8KB

Download
memory/4324-93-0x0000000000C40000-0x0000000000CFB000-memory.dmp

Filesize
748KB

Download
memory/4324-98-0x0000000000C40000-0x0000000000CFB000-memory.dmp

Filesize
748KB

Download