0d2aa550e3d4a067756104651411ba28400c760c1c359ea4e0096907a045d3c3

Analysis

max time kernel
120s
max time network
93s
platform
windows11-21h2_x64
resource
win11-20240419-en
resource tags

arch:x64arch:x86image:win11-20240419-enlocale:en-usos:windows11-21h2-x64system
submitted
14-05-2024 19:22

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

fldigi-4.2.05_setup.exe
Size

6.6MB
MD5

2967b3cd5d6e93af3785b03ae64bc977
SHA1

bedb329986179e5a137f25e465a43ddf4b1ea326
SHA256

0d2aa550e3d4a067756104651411ba28400c760c1c359ea4e0096907a045d3c3
SHA512

4928fb757b444864cac44ed8dc370a3f02f306857319fb7c970edc6fa0cf3e72ba4cfdba463b6aff5b962b5601549cc997e411fa8f0b7048bb8c740c3098c2fd
SSDEEP

196608:XLthEjCMvo/df+HGi+8gn1sDyeQHRXNVrBn8wlxKvi:hhEWMva/1n1Xe+RXPrBnflxKa

Score

7^/10

discovery

Malware Config

Signatures

Executes dropped EXE 1 IoCs

Processes:

fldigi.exe

pid process

3080 fldigi.exe
Loads dropped DLL 1 IoCs

Processes:

fldigi-4.2.05_setup.exe

pid process

3520 fldigi-4.2.05_setup.exe
Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

pid	process
3080	fldigi.exe

pid	process
3520	fldigi-4.2.05_setup.exe

Drops file in Program Files directory 12 IoCs

Processes:

fldigi-4.2.05_setup.exe

description	ioc	process
File created	C:\Program Files\Fldigi-4.2.05\locale\ru\LC_MESSAGES\fldigi.mo	fldigi-4.2.05_setup.exe
File created	C:\Program Files\Fldigi-4.2.05\flarq.exe	fldigi-4.2.05_setup.exe
File created	C:\Program Files\Fldigi-4.2.05\locale\ca\LC_MESSAGES\fldigi.mo	fldigi-4.2.05_setup.exe
File created	C:\Program Files\Fldigi-4.2.05\locale\fr\LC_MESSAGES\fldigi.mo	fldigi-4.2.05_setup.exe
File created	C:\Program Files\Fldigi-4.2.05\locale\it\LC_MESSAGES\fldigi.mo	fldigi-4.2.05_setup.exe
File created	C:\Program Files\Fldigi-4.2.05\locale\nl\LC_MESSAGES\fldigi.mo	fldigi-4.2.05_setup.exe
File created	C:\Program Files\Fldigi-4.2.05\locale\pl\LC_MESSAGES\fldigi.mo	fldigi-4.2.05_setup.exe
File created	C:\Program Files\Fldigi-4.2.05\uninstall.exe	fldigi-4.2.05_setup.exe
File created	C:\Program Files\Fldigi-4.2.05\fldigi.exe	fldigi-4.2.05_setup.exe
File created	C:\Program Files\Fldigi-4.2.05\locale\de\LC_MESSAGES\fldigi.mo	fldigi-4.2.05_setup.exe
File created	C:\Program Files\Fldigi-4.2.05\locale\el\LC_MESSAGES\fldigi.mo	fldigi-4.2.05_setup.exe
File created	C:\Program Files\Fldigi-4.2.05\locale\es\LC_MESSAGES\fldigi.mo	fldigi-4.2.05_setup.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082
Suspicious behavior: GetForegroundWindowSpam 1 IoCs

Processes:

fldigi.exe

pid process

3080 fldigi.exe

pid	process
3080	fldigi.exe

C:\Users\Admin\AppData\Local\Temp\fldigi-4.2.05_setup.exe
"C:\Users\Admin\AppData\Local\Temp\fldigi-4.2.05_setup.exe"
1⤵
- Loads dropped DLL
- Drops file in Program Files directory
PID:3520

C:\Program Files\Fldigi-4.2.05\fldigi.exe
"C:\Program Files\Fldigi-4.2.05\fldigi.exe"
1⤵
- Executes dropped EXE
- Suspicious behavior: GetForegroundWindowSpam
PID:3080

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\Fldigi-4.2.05\flarq.exe
Filesize
3.7MB

MD5
de0f20ce958d501c96de056c8ea6cb59

SHA1
add93ebb9b26f4f5a21125d908e35ce077e41e3c

SHA256
24e2762efa001fa46d711d05335a837929593df571a4a11cae665320890a9d18

SHA512
70393810cecf5eab812df2f7f50c34e84ca4781cd97a31261bb42749218a09651d6cfbe6e42fd69d1dffeb9303d9970022465237fa59172beacaf55a6ea83d04

Download Submit
C:\Program Files\Fldigi-4.2.05\fldigi.exe
Filesize
21.5MB

MD5
96756feba7815427ac6d0e0700ea2dea

SHA1
f61095ad03ee9e4fed14ca47235dcef89b77e2a3

SHA256
ea1ed9b4af4a3eb996cfbc72c7f0ac6d6abb41869a8a4824d9e02dc81d84b6b2

SHA512
15505daa7aacb875074029db9f5721a42ccd1dda1e9ab32515673cebda66f253dbf298a249e5804f6abb0897f9a016c91a9e32458f320362bf9db151fd666a70

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsc732E.tmp\System.dll
Filesize
29KB

MD5
26c8a92678f1b970ac2a700bb844c309

SHA1
c821a5980c31b0b35f1505cde836d6769f45e3a3

SHA256
2a7b5d1cab96a5280b0694d0ed54510129626a1ba36a51bd34d546972b7d18b8

SHA512
fba6e371853fd6c27097eb7cce7ffc59d71e4f0a9b5e55de06472d094b70c44a409bd82f39d9a27a814e826ab8468c59e947401a3c3ead1f057cbac236588860

Download Submit
memory/3080-87-0x0000000000400000-0x00000000023C5000-memory.dmp

Filesize
31.8MB

Download
memory/3080-72-0x0000000000400000-0x00000000023C5000-memory.dmp

Filesize
31.8MB

Download
memory/3080-73-0x0000000000400000-0x00000000023C5000-memory.dmp

Filesize
31.8MB

Download
memory/3080-84-0x0000000000400000-0x00000000023C5000-memory.dmp

Filesize
31.8MB

Download
memory/3080-85-0x0000000000400000-0x00000000023C5000-memory.dmp

Filesize
31.8MB

Download
memory/3080-86-0x0000000000400000-0x00000000023C5000-memory.dmp

Filesize
31.8MB

Download
memory/3080-88-0x0000000000400000-0x00000000023C5000-memory.dmp

Filesize
31.8MB

Download
memory/3080-89-0x0000000000400000-0x00000000023C5000-memory.dmp

Filesize
31.8MB

Download
memory/3080-90-0x0000000000400000-0x00000000023C5000-memory.dmp

Filesize
31.8MB

Download
memory/3080-91-0x0000000000400000-0x00000000023C5000-memory.dmp

Filesize
31.8MB

Download
memory/3520-37-0x0000000000400000-0x000000000044D000-memory.dmp

Filesize
308KB

Download