Resubmissions

24-07-2024 20:14

240724-y1a69sxfnb 8

Analysis

  • max time kernel
    118s
  • max time network
    137s
  • platform
    windows7_x64
  • resource
    win7-20240708-en
  • resource tags

    arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
  • submitted
    24-07-2024 20:14

General

  • Target

    FastReporter3_64_Bit/setup.exe

  • Size

    151.5MB

  • MD5

    ed35731f91fa9f827c03c8c247f3b69b

  • SHA1

    04ac0c3cb70b498318425654bffed8125785441b

  • SHA256

    9e86b6b9c86e0d3b50efbe26d81fc79b415227aa02fc1d59b1290f058d63711e

  • SHA512

    098704f2ca0f28653e8c0bc8cfad06cafc90811fc01775b58ed98c20fc7809254a833279db5f4158bd55900cefc084be5ea0c07e7233755c4cae8e0ca555cf51

  • SSDEEP

    3145728:4FKJ9voALH/20d1sb5AC38ylojtuaGL10KbX+za8:PzvBLfhalRoc710KbOG8

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 1 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of WriteProcessMemory 7 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\FastReporter3_64_Bit\setup.exe
    "C:\Users\Admin\AppData\Local\Temp\FastReporter3_64_Bit\setup.exe"
    1⤵
    • Loads dropped DLL
    • System Location Discovery: System Language Discovery
    • Suspicious use of WriteProcessMemory
    PID:2516
    • C:\Users\Admin\AppData\Local\Temp\{9573721E-3CEE-499D-9CD0-E0A276039392}\setup.exe
      C:\Users\Admin\AppData\Local\Temp\{9573721E-3CEE-499D-9CD0-E0A276039392}\setup.exe /q"C:\Users\Admin\AppData\Local\Temp\FastReporter3_64_Bit\setup.exe" /tempdisk1folder"C:\Users\Admin\AppData\Local\Temp\{9573721E-3CEE-499D-9CD0-E0A276039392}" /IS_temp
      2⤵
      • Executes dropped EXE
      • System Location Discovery: System Language Discovery
      • Suspicious behavior: GetForegroundWindowSpam
      PID:804

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\{9573721E-3CEE-499D-9CD0-E0A276039392}\0x0409.ini

    Filesize

    21KB

    MD5

    a108f0030a2cda00405281014f897241

    SHA1

    d112325fa45664272b08ef5e8ff8c85382ebb991

    SHA256

    8b76df0ffc9a226b532b60936765b852b89780c6e475c152f7c320e085e43948

    SHA512

    d83894b039316c38915a789920758664257680dcb549a9b740cf5361addbee4d4a96a3ff2999b5d8acfb1d9336da055ec20012d29a9f83ee5459f103fbeec298

  • C:\Users\Admin\AppData\Local\Temp\{9573721E-3CEE-499D-9CD0-E0A276039392}\Setup.INI

    Filesize

    5KB

    MD5

    8efeb9239e2d0474bbd5b3017a056886

    SHA1

    74e594d14bfde28c9722ac29888f0138682a4a88

    SHA256

    e28e1a2ff079398438083f96eaa4bd30f2fe3169d4d19ba578a4c179e800b1d0

    SHA512

    7a965db7d3c250d7b6578230933c60b6034cdf93ed382c780eebee2cf08f08049cdb2ef7a7640da7a0cdfee6f09766de7e46e81ae4756d19efb0648143e04a09

  • C:\Users\Admin\AppData\Local\Temp\{9573721E-3CEE-499D-9CD0-E0A276039392}\_ISMSIDEL.INI

    Filesize

    592B

    MD5

    e64cadaf2ff4c4335b15adc269127b33

    SHA1

    f00d0481fea815a4b1e96b5d1feee53c343ad321

    SHA256

    f1b87fe890b69a6a7bcb6aa8e383eadb56fa3e61f3b91bcc0d831cc99769965c

    SHA512

    d84ed1bcbb05e491628419b794f5297e04c171946e40edc84c99a4561879894515e369b2ac4eb679bddd5f5d9d87d242c26743c1eb57763dd1c73e3fcbb5c155