Analysis

  • max time kernel
    118s
  • max time network
    119s
  • platform
    windows7_x64
  • resource
    win7-20240729-en
  • resource tags

    arch:x64arch:x86image:win7-20240729-enlocale:en-usos:windows7-x64system
  • submitted
    04-08-2024 09:27

General

  • Target

    fdm_x64_setup.exe

  • Size

    38.5MB

  • MD5

    dded481da831784a00d556a1280c124c

  • SHA1

    48b40f82f66dd678f1c2f4c1298eaae2875f75e6

  • SHA256

    2937de2eb7763851d644e637cb7d7375fd69b218beeaceedc46254ac388203c7

  • SHA512

    78dd1b42e918e9670edaaecd1765fb26e349ab7a5bc7b4dc3b85bd387f073a8ac0a4abc6b8a50d5b3cc6cce753cc8745b26bd47b42953723b21b949e7956cbcd

  • SSDEEP

    786432:jketduUzNdogfpTmDvwLIDH8StVQFkatYPexssk:jkiuUtpTmDvwE78+IHUe

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 1 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

  • Suspicious use of WriteProcessMemory 7 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\fdm_x64_setup.exe
    "C:\Users\Admin\AppData\Local\Temp\fdm_x64_setup.exe"
    1⤵
    • Loads dropped DLL
    • System Location Discovery: System Language Discovery
    • Suspicious use of WriteProcessMemory
    PID:2500
    • C:\Users\Admin\AppData\Local\Temp\is-PC6JG.tmp\fdm_x64_setup.tmp
      "C:\Users\Admin\AppData\Local\Temp\is-PC6JG.tmp\fdm_x64_setup.tmp" /SL5="$40158,39406194,832512,C:\Users\Admin\AppData\Local\Temp\fdm_x64_setup.exe"
      2⤵
      • Executes dropped EXE
      • System Location Discovery: System Language Discovery
      PID:2796
  • C:\Windows\explorer.exe
    "C:\Windows\explorer.exe"
    1⤵
      PID:2816

    Network

    MITRE ATT&CK Matrix ATT&CK v13

    Discovery

    System Location Discovery

    1
    T1614

    System Language Discovery

    1
    T1614.001

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • \Users\Admin\AppData\Local\Temp\is-PC6JG.tmp\fdm_x64_setup.tmp
      Filesize

      3.1MB

      MD5

      60f76f6e78d966f31d9c574c7465899d

      SHA1

      2c231f5a57d294ab2b6c1fc6f7902fb453fbeac7

      SHA256

      ced610b7c01111d289a511d35ada43d94fb4b2537ccfc0317a23e1d3eecd3bf8

      SHA512

      59b67dd82d6f3cee823d7fba1722455c52479413664f816c6756e42bee877ba854844b10c90d22e63b3631e3b8b83dbf35912507b7fedd7fda4f2724888e2cf0

    • memory/2500-0-0x0000000000400000-0x00000000004D8000-memory.dmp
      Filesize

      864KB

    • memory/2500-2-0x0000000000401000-0x00000000004B7000-memory.dmp
      Filesize

      728KB

    • memory/2500-11-0x0000000000400000-0x00000000004D8000-memory.dmp
      Filesize

      864KB

    • memory/2796-8-0x0000000000400000-0x000000000071C000-memory.dmp
      Filesize

      3.1MB

    • memory/2796-9-0x0000000000400000-0x000000000071C000-memory.dmp
      Filesize

      3.1MB