Overview

overview

6

Static

static

1

FMod_Launcher (1).exe

windows10-1703-x64

6

Resubmissions

24-03-2023 17:54

230324-whbnzagd42 6

24-03-2023 17:51

230324-wfeb3sgd26 6

Analysis

  • max time kernel
    145s
  • max time network
    151s
  • platform
    windows10-1703_x64
  • resource
    win10-20230220-en
  • resource tags

    arch:x64arch:x86image:win10-20230220-enlocale:en-usos:windows10-1703-x64system
  • submitted
    24-03-2023 17:54

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    FMod_Launcher (1).exe

  • Size

    1.6MB

  • MD5

    dbcd36d12a22f43052c7b1c4f795e533

  • SHA1

    1ac35d781d8c8e495ec46249451558f758ce3d41

  • SHA256

    11b3cfe00741aecc278e6ef0da367f4ac1ac1c7463c6d616f3f6b9e5339929a2

  • SHA512

    67f52702c283246dfdceb3281aad9fc9d539b7883544cf825e9dcee738facdeba544b31fbe3cbd04cbc57a2a7a2662cd1b713979414b1aa4489b01dce2388314

  • SSDEEP

    49152:SrgBWBKH8jkDVFCNXODzWS9HfX0Hj7FMCGJr:b+KH4kpc+DX/0HnFdG

Score
6/10

Malware Config

Signatures

  • Legitimate hosting services abused for malware hosting/C2 1 TTPs
  • Drops file in Windows directory 1 IoCs
  • Program crash 1 IoCs
  • Gathers network information 2 TTPs 1 IoCs

    Uses commandline utility to view network configuration.

  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of SetWindowsHookEx 3 IoCs
  • Suspicious use of WriteProcessMemory 2 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\FMod_Launcher (1).exe
    "C:\Users\Admin\AppData\Local\Temp\FMod_Launcher (1).exe"
    1⤵
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of SetWindowsHookEx
    PID:2256
  • C:\Windows\SystemApps\Microsoft.Windows.SecHealthUI_cw5n1h2txyewy\SecHealthUI.exe
    "C:\Windows\SystemApps\Microsoft.Windows.SecHealthUI_cw5n1h2txyewy\SecHealthUI.exe" -ServerName:SecHealthUI.AppXep4x2tbtjws1v9qqs0rmb3hxykvkpqtn.mca
    1⤵
    • Drops file in Windows directory
    • Suspicious use of SetWindowsHookEx
    PID:3920
    • C:\Windows\system32\WerFault.exe
      C:\Windows\system32\WerFault.exe -u -p 3920 -s 1668
      2⤵
      • Program crash
      PID:4344
  • C:\Windows\System32\rundll32.exe
    C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
    1⤵
      PID:4220
    • C:\Windows\system32\cmd.exe
      "C:\Windows\system32\cmd.exe"
      1⤵
      • Suspicious use of WriteProcessMemory
      PID:1484
      • C:\Windows\system32\ipconfig.exe
        ipconfig
        2⤵
        • Gathers network information
        PID:1128

    Network

    MITRE ATT&CK Enterprise v6

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • memory/2256-116-0x0000020CC9800000-0x0000020CC9996000-memory.dmp

      Filesize

      1.6MB

      Download

    • memory/2256-117-0x0000020CE4030000-0x0000020CE4436000-memory.dmp

      Filesize

      4.0MB

      Download

    • memory/2256-118-0x0000020CCB700000-0x0000020CCB710000-memory.dmp

      Filesize

      64KB

      Download

    • memory/2256-119-0x0000020CCB700000-0x0000020CCB710000-memory.dmp

      Filesize

      64KB

      Download

    • memory/2256-120-0x0000020CCB700000-0x0000020CCB710000-memory.dmp

      Filesize

      64KB

      Download

    • memory/2256-121-0x0000020CCB700000-0x0000020CCB710000-memory.dmp

      Filesize

      64KB

      Download

    • memory/2256-122-0x0000020CCB700000-0x0000020CCB710000-memory.dmp

      Filesize

      64KB

      Download

    • memory/2256-123-0x0000020CCB700000-0x0000020CCB710000-memory.dmp

      Filesize

      64KB

      Download

    • memory/2256-124-0x0000020CCB700000-0x0000020CCB710000-memory.dmp

      Filesize

      64KB

      Download

    • memory/2256-125-0x0000020CCB700000-0x0000020CCB710000-memory.dmp

      Filesize

      64KB

      Download

    • memory/2256-126-0x0000020CCB700000-0x0000020CCB710000-memory.dmp

      Filesize

      64KB

      Download

    • memory/2256-127-0x0000020CCB700000-0x0000020CCB710000-memory.dmp

      Filesize

      64KB

      Download

    • memory/2256-128-0x0000020CCB700000-0x0000020CCB710000-memory.dmp

      Filesize

      64KB

      Download

    • memory/2256-129-0x0000020CCB700000-0x0000020CCB710000-memory.dmp

      Filesize

      64KB

      Download

    • memory/2256-130-0x0000020CCB700000-0x0000020CCB710000-memory.dmp

      Filesize

      64KB

      Download