c333a1fb1507b21e227c297b7a44022bacaafd6dcf002c54611cc07104242492

Analysis

max time kernel
150s
max time network
119s
platform
windows7_x64
resource
win7-20240220-en
resource tags

arch:x64arch:x86image:win7-20240220-enlocale:en-usos:windows7-x64system
submitted
30/06/2024, 06:56

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

fonedog-ios-toolkit.exe
Size

1.8MB
MD5

bb91d1c94f353d98f2897d5cc16ed431
SHA1

db776232c5d135cc21c99547864380144cb5534d
SHA256

c333a1fb1507b21e227c297b7a44022bacaafd6dcf002c54611cc07104242492
SHA512

0102f6ba4f5e1cc6f60ad9ffc88ad3f605d280261a5b825aa7f23ead8cbed2c4e2fdbc57be1ae31b0b3c91b3c82eafab2c41be485a31d61738c4c46602b9d58e
SSDEEP

49152:WZ66BjSylwL4eTtPfbThmnZjC7CTWKGMPYR1:WLO2wJTNbThmnYbSYR1

Score

4^/10

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
2228	fonedog-ios-toolkit.tmp

Loads dropped DLL 6 IoCs

pid	Process
2908	fonedog-ios-toolkit.exe
2228	fonedog-ios-toolkit.tmp
2228	fonedog-ios-toolkit.tmp
2228	fonedog-ios-toolkit.tmp
2228	fonedog-ios-toolkit.tmp
2228	fonedog-ios-toolkit.tmp

Modifies registry class 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000_CLASSES\CLSID\{9B53745B-7332-4BBF-ABFD-83CECBD748AA}	fonedog-ios-toolkit.tmp
Set value (str)	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000_CLASSES\CLSID\{9B53745B-7332-4BBF-ABFD-83CECBD748AA}\CEIPIdentifier = "07C14687-6AC6-4a0d-BF72-F97765AFDDB7"	fonedog-ios-toolkit.tmp

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2908 wrote to memory of 2228	2908	fonedog-ios-toolkit.exe	28
PID 2908 wrote to memory of 2228	2908	fonedog-ios-toolkit.exe	28
PID 2908 wrote to memory of 2228	2908	fonedog-ios-toolkit.exe	28
PID 2908 wrote to memory of 2228	2908	fonedog-ios-toolkit.exe	28
PID 2908 wrote to memory of 2228	2908	fonedog-ios-toolkit.exe	28
PID 2908 wrote to memory of 2228	2908	fonedog-ios-toolkit.exe	28
PID 2908 wrote to memory of 2228	2908	fonedog-ios-toolkit.exe	28

C:\Users\Admin\AppData\Local\Temp\fonedog-ios-toolkit.exe
"C:\Users\Admin\AppData\Local\Temp\fonedog-ios-toolkit.exe"
1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:2908
- C:\Users\Admin\AppData\Local\Temp\is-LHFNO.tmp\fonedog-ios-toolkit.tmp
  "C:\Users\Admin\AppData\Local\Temp\is-LHFNO.tmp\fonedog-ios-toolkit.tmp" /SL5="$400F8,1334348,166912,C:\Users\Admin\AppData\Local\Temp\fonedog-ios-toolkit.exe"
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Modifies registry class
  PID:2228

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

\Users\Admin\AppData\Local\Temp\is-4PDR8.tmp\DownloadManager.dll

Filesize
371KB

MD5
ff4ee5e136524609b4f135da1b6e5efd

SHA1
25302caffd66ada3dfc86db58db4c1ed1d760748

SHA256
b94ba346cd557598cac1326eb102cc606b3eeacd26abc597269af7140d57b92e

SHA512
11a1ead4cdf6ba3b5c311d1cc492f73c5846a40b3f195cf9780243976c0cda0f4b9a082527afd026eee63e6df8d9435a1994c6c59d7951bb16884325321ca5f1

Download Submit
\Users\Admin\AppData\Local\Temp\is-4PDR8.tmp\DuiLib_u.dll

Filesize
564KB

MD5
1bfee521dcc0be0a8d17e5399dee5251

SHA1
e39b4df59973b3d36c9720485d1f29c44e363fea

SHA256
6fe485ce1df3032e76cbd75bf04ecadbb8f319d25fb7baced64aabc7ded28982

SHA512
26c6e2cb2d8c66ef3b04c5ca3ed7d44db99e7962ecd69321537138255fdd3f16d5966dfe29d17f8f5ed1e618f368c250e239998293ccc61350b05400a678d82d

Download Submit
\Users\Admin\AppData\Local\Temp\is-4PDR8.tmp\OnlineInstall_u.dll

Filesize
547KB

MD5
463fe0ce5a490df2cc70d8a737246004

SHA1
eaf40fb0c7db7d1eea90d820da0ed949c2c21b44

SHA256
55162c7b0ecbc05518e84d015b6ebe1b431937f687bb98cc63ef48e5fac87efe

SHA512
ed97f76ceb1ef79beac1daaa1a3110e19762639db7621a8a350e2bc6e101203af1dd591278582ff522a4d06635225a9ed0a475414baaa4bcaf1c381f35f3efb0

Download Submit
\Users\Admin\AppData\Local\Temp\is-4PDR8.tmp\libcurl.dll

Filesize
417KB

MD5
bd2df6210b137f37db811e7884593a94

SHA1
907e1155e6440804909c10e512324f7bdb290874

SHA256
81ab0820bca394ac025c40d02142636c222a6d1921faeae808a8abe5c94145a9

SHA512
f04c2a05182d2ff1c0649e09fbc6a8b9d694e8d1f93ea7a574fb50340d6c66959c69b6359c36cc9bc380f76e5a512c81ebfbfb3a035201f65818ae84657c3673

Download Submit
\Users\Admin\AppData\Local\Temp\is-4PDR8.tmp\zlib1.dll

Filesize
175KB

MD5
4a41af21a70d3af262623ecd1d2fe805

SHA1
a52d66a91abc49392e2c9b1464439d1e2d7e4a42

SHA256
3724caf44fe477a8b98d174d83d0fb8102fda70809640f45bac22cdc2698a478

SHA512
fe98d3274b08eda8563e3b1b2cb4f7e457ac1bbbbe09c164fef2e4adcabc6e44afca8724d77ac97259edd4d81db37182ed26325c43d44693d1140d85e2fdf432

Download Submit
\Users\Admin\AppData\Local\Temp\is-LHFNO.tmp\fonedog-ios-toolkit.tmp

Filesize
1.5MB

MD5
033dcd28ef17a115265b0bd1e523410e

SHA1
8072532eab7399db8589f06f1bac13d715292aa5

SHA256
bf896621fed068b52beb9855542972820453ff43c326ad837183bce6ebbe6bc9

SHA512
5f6b232cc7f181017bed2fb9dff0cb05d2e37d66c021b4120cb15266a0c5a5ca3c4b6992d6b3999260dc9a368d1b3e240171f1cc23dc4d0ee2ebe4866ac3dce3

Download Submit
memory/2228-9-0x0000000000400000-0x0000000000585000-memory.dmp

Filesize
1.5MB

Download
memory/2228-155-0x0000000000400000-0x0000000000585000-memory.dmp

Filesize
1.5MB

Download
memory/2908-2-0x0000000000401000-0x0000000000418000-memory.dmp

Filesize
92KB

Download
memory/2908-0-0x0000000000400000-0x0000000000432000-memory.dmp

Filesize
200KB

Download
memory/2908-154-0x0000000000400000-0x0000000000432000-memory.dmp

Filesize
200KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads