Overview
overview
10Static
static
1FL64 (scaled).exe
windows7-x64
5FL64 (scaled).exe
windows10-2004-x64
5FL64.exe
windows7-x64
5FL64.exe
windows10-2004-x64
5FLEngine_x64.dll
windows7-x64
10FLEngine_x64.dll
windows10-2004-x64
5FLEngine_x...y1.dll
windows7-x64
5FLEngine_x...y1.dll
windows10-2004-x64
5FLEngine_x...y2.dll
windows7-x64
5FLEngine_x...y2.dll
windows10-2004-x64
5FLEngine_x...y3.dll
windows7-x64
5FLEngine_x...y3.dll
windows10-2004-x64
5FLEngine_x...y4.dll
windows7-x64
5FLEngine_x...y4.dll
windows10-2004-x64
5FLEngine_x...y5.dll
windows7-x64
5FLEngine_x...y5.dll
windows10-2004-x64
5Analysis
-
max time kernel
145s -
max time network
201s -
platform
windows10-2004_x64 -
resource
win10v2004-20240508-en -
resource tags
arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system -
submitted
09/05/2024, 18:16 UTC
Static task
static1
Behavioral task
behavioral1
Sample
FL64 (scaled).exe
Resource
win7-20240220-en
Behavioral task
behavioral2
Sample
FL64 (scaled).exe
Resource
win10v2004-20240426-en
Behavioral task
behavioral3
Sample
FL64.exe
Resource
win7-20240508-en
Behavioral task
behavioral4
Sample
FL64.exe
Resource
win10v2004-20240426-en
Behavioral task
behavioral5
Sample
FLEngine_x64.dll
Resource
win7-20240221-en
Behavioral task
behavioral6
Sample
FLEngine_x64.dll
Resource
win10v2004-20240508-en
Behavioral task
behavioral7
Sample
FLEngine_x64_Copy1.dll
Resource
win7-20240221-en
Behavioral task
behavioral8
Sample
FLEngine_x64_Copy1.dll
Resource
win10v2004-20240426-en
Behavioral task
behavioral9
Sample
FLEngine_x64_Copy2.dll
Resource
win7-20240220-en
Behavioral task
behavioral10
Sample
FLEngine_x64_Copy2.dll
Resource
win10v2004-20240508-en
Behavioral task
behavioral11
Sample
FLEngine_x64_Copy3.dll
Resource
win7-20240508-en
Behavioral task
behavioral12
Sample
FLEngine_x64_Copy3.dll
Resource
win10v2004-20240508-en
Behavioral task
behavioral13
Sample
FLEngine_x64_Copy4.dll
Resource
win7-20240221-en
Behavioral task
behavioral14
Sample
FLEngine_x64_Copy4.dll
Resource
win10v2004-20240426-en
Behavioral task
behavioral15
Sample
FLEngine_x64_Copy5.dll
Resource
win7-20240221-en
Behavioral task
behavioral16
Sample
FLEngine_x64_Copy5.dll
Resource
win10v2004-20240508-en
General
-
Target
FLEngine_x64_Copy5.dll
-
Size
63.3MB
-
MD5
06bb6dde5c9adbac93470ed86ce7d5ff
-
SHA1
46fc43590d6d4c4f04f23ab0eb6f8f602e7e731a
-
SHA256
2a44a8af200c4ee36de4b0f91471ffca82ce25e0fe90401d64a9d4c01b9f9525
-
SHA512
5399dbdf1c523ae86956b3a774996cbe0276fb1ca08919564f7669e8cb695711dc9830cbf751cf4479d2bb08f982193c22e00a8be34c5466c9567287a45d8c23
-
SSDEEP
786432:iJfMakY21meWZcB9fM/4F+cJ/HKYVVCmS0fkrw632FfsjA2E27Dy:ek+W/FRsYVV0/rVmEE2h7+
Malware Config
Signatures
-
Suspicious use of NtSetInformationThreadHideFromDebugger 2 IoCs
pid Process 2104 rundll32.exe 2104 rundll32.exe -
Suspicious behavior: EnumeratesProcesses 2 IoCs
pid Process 2104 rundll32.exe 2104 rundll32.exe
Processes
Network
-
Remote address:8.8.8.8:53Requestg.bing.comIN AResponseg.bing.comIN CNAMEg-bing-com.dual-a-0034.a-msedge.netg-bing-com.dual-a-0034.a-msedge.netIN CNAMEdual-a-0034.a-msedge.netdual-a-0034.a-msedge.netIN A204.79.197.237dual-a-0034.a-msedge.netIN A13.107.21.237
-
Remote address:8.8.8.8:53Request8.8.8.8.in-addr.arpaIN PTRResponse8.8.8.8.in-addr.arpaIN PTRdnsgoogle
-
Remote address:8.8.8.8:53Request69.31.126.40.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Request79.190.18.2.in-addr.arpaIN PTRResponse79.190.18.2.in-addr.arpaIN PTRa2-18-190-79deploystaticakamaitechnologiescom
-
Remote address:8.8.8.8:53Requestnexusrules.officeapps.live.comIN AResponsenexusrules.officeapps.live.comIN CNAMEprod.nexusrules.live.com.akadns.netprod.nexusrules.live.com.akadns.netIN A52.111.229.19
-
Remote address:8.8.8.8:53Request237.197.79.204.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Request26.35.223.20.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Request187.83.221.88.in-addr.arpaIN PTRResponse187.83.221.88.in-addr.arpaIN PTRa88-221-83-187deploystaticakamaitechnologiescom
-
Remote address:8.8.8.8:53Request103.169.127.40.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Request206.23.85.13.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Request24.121.18.2.in-addr.arpaIN PTRResponse24.121.18.2.in-addr.arpaIN PTRa2-18-121-24deploystaticakamaitechnologiescom
-
Remote address:8.8.8.8:53Request24.121.18.2.in-addr.arpaIN PTR
-
Remote address:8.8.8.8:53Request19.229.111.52.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Request172.210.232.199.in-addr.arpaIN PTRResponse
-
2.0kB 9.2kB 21 17
-
1.5kB 6.4kB 16 12
-
56 B 151 B 1 1
DNS Request
g.bing.com
DNS Response
204.79.197.23713.107.21.237
-
66 B 90 B 1 1
DNS Request
8.8.8.8.in-addr.arpa
-
71 B 157 B 1 1
DNS Request
69.31.126.40.in-addr.arpa
-
146 B 274 B 2 2
DNS Request
79.190.18.2.in-addr.arpa
DNS Request
nexusrules.officeapps.live.com
DNS Response
52.111.229.19
-
73 B 143 B 1 1
DNS Request
237.197.79.204.in-addr.arpa
-
71 B 157 B 1 1
DNS Request
26.35.223.20.in-addr.arpa
-
72 B 137 B 1 1
DNS Request
187.83.221.88.in-addr.arpa
-
73 B 147 B 1 1
DNS Request
103.169.127.40.in-addr.arpa
-
71 B 145 B 1 1
DNS Request
206.23.85.13.in-addr.arpa
-
140 B 133 B 2 1
DNS Request
24.121.18.2.in-addr.arpa
DNS Request
24.121.18.2.in-addr.arpa
-
72 B 158 B 1 1
DNS Request
19.229.111.52.in-addr.arpa
-
74 B 128 B 1 1
DNS Request
172.210.232.199.in-addr.arpa