Overview

overview

8

Static

static

1

fdm_x64_setup.exe

windows7-x64

8

fdm_x64_setup.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    161s
  • max time network
    167s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231023-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231023-enlocale:en-usos:windows10-2004-x64system
  • submitted
    02-11-2023 08:23

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    fdm_x64_setup.exe

  • Size

    34.5MB

  • MD5

    91ab36bcc69e3943521a56c8f67f702d

  • SHA1

    930d2b240f2f42528968e6d267b7adc5cb26f543

  • SHA256

    30adf5e886ddba24057585e8324a2d6d7ef2dcb9205542fa73c9c5e6356484ce

  • SHA512

    3797fb9838d249d5abe6eedf5a57c435fc29f33d9a5e66899a647d010f7bc40ebfcef0e3c655be6b182ee801ed4e58ea0a63335328208e98e907c3e7fef4ca63

  • SSDEEP

    786432:XYTLmlYzKwmWt+6U8FBRjJFnNHTbDk4lnIvA020WashoZO5wjf1GZ1v6oDovC:ITs+VmWt+7CBRjJl5vzIvAZ0WashkJj+

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\fdm_x64_setup.exe
    "C:\Users\Admin\AppData\Local\Temp\fdm_x64_setup.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:4448
    • C:\Users\Admin\AppData\Local\Temp\is-NSLOJ.tmp\fdm_x64_setup.tmp
      "C:\Users\Admin\AppData\Local\Temp\is-NSLOJ.tmp\fdm_x64_setup.tmp" /SL5="$60234,35194903,832512,C:\Users\Admin\AppData\Local\Temp\fdm_x64_setup.exe"
      2⤵
      • Executes dropped EXE
      PID:1192

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\is-NSLOJ.tmp\fdm_x64_setup.tmp
    Filesize

    3.1MB

    MD5

    469f8b8ceb47b9dec9b96ffbd546eaee

    SHA1

    5d50f989a5bc723082e36faa3c92c1b345dc652c

    SHA256

    0dfca7cda207bece9c96bef8b45a580625828ad212a6879bf98147e2194d8661

    SHA512

    f36763dca1f7c242ae6e7e9355c4896df714f250a5050cbf3b05b5a8981082d27fb2406b1f59ac604b3ef271bad7a4d9e722e2dbcf4474dc97b1af81466e6b1f

    Download Submit

  • memory/1192-6-0x0000000000A40000-0x0000000000A41000-memory.dmp

    Filesize

    4KB

    Download

  • memory/1192-8-0x0000000000400000-0x000000000071C000-memory.dmp

    Filesize

    3.1MB

    Download

  • memory/4448-1-0x0000000000400000-0x00000000004D8000-memory.dmp

    Filesize

    864KB

    Download

  • memory/4448-7-0x0000000000400000-0x00000000004D8000-memory.dmp

    Filesize

    864KB

    Download