Resubmissions
24-07-2024 20:14
240724-y1a69sxfnb 8Analysis
-
max time kernel
118s -
max time network
137s -
platform
windows7_x64 -
resource
win7-20240708-en -
resource tags
arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system -
submitted
24-07-2024 20:14
Behavioral task
behavioral1
Sample
FastReporter3_64_Bit/Data1.cab
Resource
win7-20240704-en
Behavioral task
behavioral2
Sample
FastReporter3_64_Bit/Data1.cab
Resource
win10v2004-20240709-en
Behavioral task
behavioral3
Sample
FastReporter3_64_Bit/EXFO FastReporter 3 (64 Bit).msi
Resource
win7-20240705-en
Behavioral task
behavioral4
Sample
FastReporter3_64_Bit/EXFO FastReporter 3 (64 Bit).msi
Resource
win10v2004-20240709-en
Behavioral task
behavioral5
Sample
FastReporter3_64_Bit/setup.exe
Resource
win7-20240708-en
Behavioral task
behavioral6
Sample
FastReporter3_64_Bit/setup.exe
Resource
win10v2004-20240709-en
General
-
Target
FastReporter3_64_Bit/setup.exe
-
Size
151.5MB
-
MD5
ed35731f91fa9f827c03c8c247f3b69b
-
SHA1
04ac0c3cb70b498318425654bffed8125785441b
-
SHA256
9e86b6b9c86e0d3b50efbe26d81fc79b415227aa02fc1d59b1290f058d63711e
-
SHA512
098704f2ca0f28653e8c0bc8cfad06cafc90811fc01775b58ed98c20fc7809254a833279db5f4158bd55900cefc084be5ea0c07e7233755c4cae8e0ca555cf51
-
SSDEEP
3145728:4FKJ9voALH/20d1sb5AC38ylojtuaGL10KbX+za8:PzvBLfhalRoc710KbOG8
Malware Config
Signatures
-
Executes dropped EXE 1 IoCs
pid Process 804 setup.exe -
Loads dropped DLL 1 IoCs
pid Process 2516 setup.exe -
System Location Discovery: System Language Discovery 1 TTPs 2 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
description ioc Process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language setup.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language setup.exe -
Suspicious behavior: GetForegroundWindowSpam 1 IoCs
pid Process 804 setup.exe -
Suspicious use of WriteProcessMemory 7 IoCs
description pid Process procid_target PID 2516 wrote to memory of 804 2516 setup.exe 31 PID 2516 wrote to memory of 804 2516 setup.exe 31 PID 2516 wrote to memory of 804 2516 setup.exe 31 PID 2516 wrote to memory of 804 2516 setup.exe 31 PID 2516 wrote to memory of 804 2516 setup.exe 31 PID 2516 wrote to memory of 804 2516 setup.exe 31 PID 2516 wrote to memory of 804 2516 setup.exe 31
Processes
-
C:\Users\Admin\AppData\Local\Temp\FastReporter3_64_Bit\setup.exe"C:\Users\Admin\AppData\Local\Temp\FastReporter3_64_Bit\setup.exe"1⤵
- Loads dropped DLL
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
PID:2516 -
C:\Users\Admin\AppData\Local\Temp\{9573721E-3CEE-499D-9CD0-E0A276039392}\setup.exeC:\Users\Admin\AppData\Local\Temp\{9573721E-3CEE-499D-9CD0-E0A276039392}\setup.exe /q"C:\Users\Admin\AppData\Local\Temp\FastReporter3_64_Bit\setup.exe" /tempdisk1folder"C:\Users\Admin\AppData\Local\Temp\{9573721E-3CEE-499D-9CD0-E0A276039392}" /IS_temp2⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
- Suspicious behavior: GetForegroundWindowSpam
PID:804
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
21KB
MD5a108f0030a2cda00405281014f897241
SHA1d112325fa45664272b08ef5e8ff8c85382ebb991
SHA2568b76df0ffc9a226b532b60936765b852b89780c6e475c152f7c320e085e43948
SHA512d83894b039316c38915a789920758664257680dcb549a9b740cf5361addbee4d4a96a3ff2999b5d8acfb1d9336da055ec20012d29a9f83ee5459f103fbeec298
-
Filesize
5KB
MD58efeb9239e2d0474bbd5b3017a056886
SHA174e594d14bfde28c9722ac29888f0138682a4a88
SHA256e28e1a2ff079398438083f96eaa4bd30f2fe3169d4d19ba578a4c179e800b1d0
SHA5127a965db7d3c250d7b6578230933c60b6034cdf93ed382c780eebee2cf08f08049cdb2ef7a7640da7a0cdfee6f09766de7e46e81ae4756d19efb0648143e04a09
-
Filesize
592B
MD5e64cadaf2ff4c4335b15adc269127b33
SHA1f00d0481fea815a4b1e96b5d1feee53c343ad321
SHA256f1b87fe890b69a6a7bcb6aa8e383eadb56fa3e61f3b91bcc0d831cc99769965c
SHA512d84ed1bcbb05e491628419b794f5297e04c171946e40edc84c99a4561879894515e369b2ac4eb679bddd5f5d9d87d242c26743c1eb57763dd1c73e3fcbb5c155