Analysis

  • max time kernel
    143s
  • max time network
    19s
  • platform
    windows7_x64
  • resource
    win7-20240704-en
  • resource tags

    arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
  • submitted
    26-07-2024 07:32

General

  • Target

    fdm_x64_setup.exe

  • Size

    38.5MB

  • MD5

    dded481da831784a00d556a1280c124c

  • SHA1

    48b40f82f66dd678f1c2f4c1298eaae2875f75e6

  • SHA256

    2937de2eb7763851d644e637cb7d7375fd69b218beeaceedc46254ac388203c7

  • SHA512

    78dd1b42e918e9670edaaecd1765fb26e349ab7a5bc7b4dc3b85bd387f073a8ac0a4abc6b8a50d5b3cc6cce753cc8745b26bd47b42953723b21b949e7956cbcd

  • SSDEEP

    786432:jketduUzNdogfpTmDvwLIDH8StVQFkatYPexssk:jkiuUtpTmDvwE78+IHUe

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 1 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of WriteProcessMemory 7 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\fdm_x64_setup.exe
    "C:\Users\Admin\AppData\Local\Temp\fdm_x64_setup.exe"
    1⤵
    • Loads dropped DLL
    • System Location Discovery: System Language Discovery
    • Suspicious use of WriteProcessMemory
    PID:2948
    • C:\Users\Admin\AppData\Local\Temp\is-S28FF.tmp\fdm_x64_setup.tmp
      "C:\Users\Admin\AppData\Local\Temp\is-S28FF.tmp\fdm_x64_setup.tmp" /SL5="$40216,39406194,832512,C:\Users\Admin\AppData\Local\Temp\fdm_x64_setup.exe"
      2⤵
      • Executes dropped EXE
      • System Location Discovery: System Language Discovery
      • Suspicious behavior: GetForegroundWindowSpam
      PID:604

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • \Users\Admin\AppData\Local\Temp\is-S28FF.tmp\fdm_x64_setup.tmp

    Filesize

    3.1MB

    MD5

    60f76f6e78d966f31d9c574c7465899d

    SHA1

    2c231f5a57d294ab2b6c1fc6f7902fb453fbeac7

    SHA256

    ced610b7c01111d289a511d35ada43d94fb4b2537ccfc0317a23e1d3eecd3bf8

    SHA512

    59b67dd82d6f3cee823d7fba1722455c52479413664f816c6756e42bee877ba854844b10c90d22e63b3631e3b8b83dbf35912507b7fedd7fda4f2724888e2cf0

  • memory/604-8-0x0000000000400000-0x000000000071C000-memory.dmp

    Filesize

    3.1MB

  • memory/604-9-0x0000000000400000-0x000000000071C000-memory.dmp

    Filesize

    3.1MB

  • memory/2948-0-0x0000000000400000-0x00000000004D8000-memory.dmp

    Filesize

    864KB

  • memory/2948-2-0x0000000000401000-0x00000000004B7000-memory.dmp

    Filesize

    728KB

  • memory/2948-10-0x0000000000400000-0x00000000004D8000-memory.dmp

    Filesize

    864KB