Overview

overview

7

Static

static

1

fdm_x64_setup.exe

windows7-x64

7

fdm_x64_setup.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    143s
  • max time network
    121s
  • platform
    windows7_x64
  • resource
    win7-20231215-en
  • resource tags

    arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
  • submitted
    27/01/2024, 02:21

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    fdm_x64_setup.exe

  • Size

    41.2MB

  • MD5

    2dffb2a3f68ce9b506f4aa14ceaf433a

  • SHA1

    5d0008687f2bfecbeca68279cbbfbb9791797e36

  • SHA256

    0c4950be3e7d765fad2a533a75ee0b4a6541a35220624aadbee3d6ac5434cd36

  • SHA512

    6de3cd0c8e67b4bec40d01ee099bbbf450ba8321a23b515cfe50e7ebd64605a920513cb46fd41bce61fcafc246b1b8d27a60c31db56bf182d727cf362c770976

  • SSDEEP

    786432:JmUBy8Nm0t6A4md+ipMJ1sIa/ZpsV29K61cIXhjzpFzrPHyA:9yJb+dyJyI0ZCi1c8hP3zr

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 1 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of WriteProcessMemory 7 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\fdm_x64_setup.exe
    "C:\Users\Admin\AppData\Local\Temp\fdm_x64_setup.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious use of WriteProcessMemory
    PID:3052
    • C:\Users\Admin\AppData\Local\Temp\is-UF9NO.tmp\fdm_x64_setup.tmp
      "C:\Users\Admin\AppData\Local\Temp\is-UF9NO.tmp\fdm_x64_setup.tmp" /SL5="$70124,42260626,832512,C:\Users\Admin\AppData\Local\Temp\fdm_x64_setup.exe"
      2⤵
      • Executes dropped EXE
      • Suspicious behavior: GetForegroundWindowSpam
      PID:3060

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • \Users\Admin\AppData\Local\Temp\is-UF9NO.tmp\fdm_x64_setup.tmp
    Filesize

    3.1MB

    MD5

    f1721288ae36ec36e6c843d422a060d6

    SHA1

    8d7dc264b9f6da3f43cbb57b4359ec395964a1f5

    SHA256

    8e5d5fd3b9c9a29b279c7777c752b1620570077f47b96fa89f7886584ecea1f0

    SHA512

    977221fde9b11f717d585a2ed2e24dffe5684b1114db39f64baa6d51557585410b770dd80c46ba5c2dd3261277ea3dca74edb81435b93d123380e4907dcc680d

    Download Submit

  • memory/3052-1-0x0000000000400000-0x00000000004D8000-memory.dmp

    Filesize

    864KB

    Download

  • memory/3052-10-0x0000000000400000-0x00000000004D8000-memory.dmp

    Filesize

    864KB

    Download

  • memory/3060-8-0x0000000000240000-0x0000000000241000-memory.dmp

    Filesize

    4KB

    Download

  • memory/3060-9-0x00000000003F0000-0x00000000003F1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/3060-11-0x0000000000400000-0x000000000071C000-memory.dmp

    Filesize

    3.1MB

    Download

  • memory/3060-14-0x0000000000240000-0x0000000000241000-memory.dmp

    Filesize

    4KB

    Download

  • memory/3060-15-0x00000000003F0000-0x00000000003F1000-memory.dmp

    Filesize

    4KB

    Download