38e3439acc61a4cccde272a5aa3dfc3291e82c7967db9bc040e2336f2bc4b1a7

Analysis

max time kernel
321s
max time network
321s
platform
windows7_x64
resource
win7-20230831-en
resource tags

arch:x64arch:x86image:win7-20230831-enlocale:en-usos:windows7-x64system
submitted
12-10-2023 09:47

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

FireDaemonPro.4.0.6/FireDaemon-Pro-x64-4.0.68.exe
Size

32.9MB
MD5

1fb7bc200e2015fd749605e8cc9b70e1
SHA1

47860f259e5711b8235681849441a5a5fa698e67
SHA256

b76c6dbff614ff0375bd66789b2b5f694b3e6a9e082211331dfc3be47b1fe279
SHA512

f0cdc7b8b01b9b96a4d1f0c08ec231250a350dc411eefe67d0546d89cb1be5fa379a2d9e8aa46bb8864584a9114d5ca13f1e5836c2066cfb0b41eabed9c6e7c1
SSDEEP

786432:VnkiJzIqsDRVMP4zBmgkWALsEycCmudWiNIklf7S:VkiJzIq3P4zBmgkWVuC4KIR

Score

4^/10

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
2544	FireDaemon-Pro-x64-4.0.68.exe

Loads dropped DLL 1 IoCs

pid	Process
1796	FireDaemon-Pro-x64-4.0.68.exe

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1796 wrote to memory of 2544	1796	FireDaemon-Pro-x64-4.0.68.exe	26
PID 1796 wrote to memory of 2544	1796	FireDaemon-Pro-x64-4.0.68.exe	26
PID 1796 wrote to memory of 2544	1796	FireDaemon-Pro-x64-4.0.68.exe	26
PID 1796 wrote to memory of 2544	1796	FireDaemon-Pro-x64-4.0.68.exe	26
PID 1796 wrote to memory of 2544	1796	FireDaemon-Pro-x64-4.0.68.exe	26
PID 1796 wrote to memory of 2544	1796	FireDaemon-Pro-x64-4.0.68.exe	26
PID 1796 wrote to memory of 2544	1796	FireDaemon-Pro-x64-4.0.68.exe	26

C:\Users\Admin\AppData\Local\Temp\FireDaemonPro.4.0.6\FireDaemon-Pro-x64-4.0.68.exe
"C:\Users\Admin\AppData\Local\Temp\FireDaemonPro.4.0.6\FireDaemon-Pro-x64-4.0.68.exe"
1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:1796
- C:\Users\Admin\AppData\Local\Temp\{32B1F704-D711-4027-B765-6324D3A8ADF7}\FireDaemon-Pro-x64-4.0.68.exe
  C:\Users\Admin\AppData\Local\Temp\{32B1F704-D711-4027-B765-6324D3A8ADF7}\FireDaemon-Pro-x64-4.0.68.exe /q"C:\Users\Admin\AppData\Local\Temp\FireDaemonPro.4.0.6\FireDaemon-Pro-x64-4.0.68.exe" /tempdisk1folder"C:\Users\Admin\AppData\Local\Temp\{32B1F704-D711-4027-B765-6324D3A8ADF7}" /IS_temp
  2⤵
  - Executes dropped EXE
  PID:2544

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\issB1D4.tmp

Filesize
2.5MB

MD5
73d623b13eddbb804e619ec9bf69ee2a

SHA1
587cf4cb7f8946d5d79e7dc8df1076beb14081d6

SHA256
cc9798f900a0c9b6b48c5c723b352a12987bb16efc950422c1be447ddd306db9

SHA512
5b93eb2457735d655745930d7fd9bd13ff47dd8ae3df6c17802c9c907b5a907b6a2c9743e857009d11166e2a15b0e2f9a052a69404abb2deaa34983424842382

Download Submit
C:\Users\Admin\AppData\Local\Temp\{32B1F704-D711-4027-B765-6324D3A8ADF7}\0x0409.ini

Filesize
21KB

MD5
a108f0030a2cda00405281014f897241

SHA1
d112325fa45664272b08ef5e8ff8c85382ebb991

SHA256
8b76df0ffc9a226b532b60936765b852b89780c6e475c152f7c320e085e43948

SHA512
d83894b039316c38915a789920758664257680dcb549a9b740cf5361addbee4d4a96a3ff2999b5d8acfb1d9336da055ec20012d29a9f83ee5459f103fbeec298

Download Submit
C:\Users\Admin\AppData\Local\Temp\{32B1F704-D711-4027-B765-6324D3A8ADF7}\FireDaemon-Pro-x64-4.0.68.exe

Filesize
32.9MB

MD5
1fb7bc200e2015fd749605e8cc9b70e1

SHA1
47860f259e5711b8235681849441a5a5fa698e67

SHA256
b76c6dbff614ff0375bd66789b2b5f694b3e6a9e082211331dfc3be47b1fe279

SHA512
f0cdc7b8b01b9b96a4d1f0c08ec231250a350dc411eefe67d0546d89cb1be5fa379a2d9e8aa46bb8864584a9114d5ca13f1e5836c2066cfb0b41eabed9c6e7c1

Download Submit
C:\Users\Admin\AppData\Local\Temp\{32B1F704-D711-4027-B765-6324D3A8ADF7}\FireDaemon-Pro-x64-4.0.68.exe

Filesize
32.9MB

MD5
1fb7bc200e2015fd749605e8cc9b70e1

SHA1
47860f259e5711b8235681849441a5a5fa698e67

SHA256
b76c6dbff614ff0375bd66789b2b5f694b3e6a9e082211331dfc3be47b1fe279

SHA512
f0cdc7b8b01b9b96a4d1f0c08ec231250a350dc411eefe67d0546d89cb1be5fa379a2d9e8aa46bb8864584a9114d5ca13f1e5836c2066cfb0b41eabed9c6e7c1

Download Submit
C:\Users\Admin\AppData\Local\Temp\{32B1F704-D711-4027-B765-6324D3A8ADF7}\_ISMSIDEL.INI

Filesize
672B

MD5
4dbc6e5e5f9bec684f638b2fd674fec0

SHA1
b69da716cd150b4477402ba414170b5aa07d0b29

SHA256
6d644a9a78d845eeb66117cdee38b7efdbe009cfa8e01ca415cccaecf318ba00

SHA512
7098b3f63009fb1a163a21c84bcc5fa9e9d2005fe034769d288fe02cc56ab6f590c3f7c8bc87210d7f105ad4d1e339f49a5998aa5db7a08c425cd733c4f707d7

Download Submit
C:\Users\Admin\AppData\Local\Temp\~1F65.tmp

Filesize
5KB

MD5
732ba3e4def4bc8865c93bb178c3097c

SHA1
6b3cda78d589c0c691cb91d5dee39f59b8e50998

SHA256
dbeb2635aadb313cb5a1c607d5fe31734fd378c6e146f84fdf174a6798aace9d

SHA512
83474363f232ef7723ef72f50767444b788ee25c14b6f2f3df83502dc569dc94f6e9d44f24bfa572b90172dbd35a4e81673add6a9021ed9eb1af876dcce07ce9

Download Submit
\Users\Admin\AppData\Local\Temp\{32B1F704-D711-4027-B765-6324D3A8ADF7}\FireDaemon-Pro-x64-4.0.68.exe

Filesize
32.9MB

MD5
1fb7bc200e2015fd749605e8cc9b70e1

SHA1
47860f259e5711b8235681849441a5a5fa698e67

SHA256
b76c6dbff614ff0375bd66789b2b5f694b3e6a9e082211331dfc3be47b1fe279

SHA512
f0cdc7b8b01b9b96a4d1f0c08ec231250a350dc411eefe67d0546d89cb1be5fa379a2d9e8aa46bb8864584a9114d5ca13f1e5836c2066cfb0b41eabed9c6e7c1

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads