Overview

overview

7

Static

static

3

FX20GM/SETUP.exe

windows7-x64

7

FX20GM/SETUP.exe

windows10-2004-x64

7

FX20GM/SETUP.exe

windows7-x64

7

FX20GM/SETUP.exe

windows10-2004-x64

7

FX20GM/_ISDEL.exe

windows7-x64

3

FX20GM/_ISDEL.exe

windows10-2004-x64

3

FX20GM/_ISDEL.exe

windows7-x64

3

FX20GM/_ISDEL.exe

windows10-2004-x64

3

FX20GM/_SETUP.dll

windows7-x64

3

FX20GM/_SETUP.dll

windows10-2004-x64

3

FX20GM/lpk.dll

windows7-x64

7

FX20GM/lpk.dll

windows10-2004-x64

7

Analysis

  • max time kernel
    93s
  • max time network
    152s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240802-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
  • submitted
    07/09/2024, 13:10

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    FX20GM/lpk.dll

  • Size

    45KB

  • MD5

    162f79fe4179ef30d72c5c0bdb55958c

  • SHA1

    311a48bab53428b7e04edf252f978672411ec634

  • SHA256

    013483068f0a2108099a073933013824ebfce5173c36bf812afa27a2853bd601

  • SHA512

    0a71a3358cadb21ac976349d5076ec317634b87455e17d82658a2b5781726bc615bd93779a169e1e9688e6d27a2d47a853417f0276d7528eef91df2e98deace5

  • SSDEEP

    768:zojY9Pw68uUCS77GhGLhLpms1RPo9yHHojY9P:Gm46BS7LL18Uo9yHSm

Score
7/10
discovery

Malware Config

Signatures

  • Executes dropped EXE 2 IoCs
  • Drops file in System32 directory 2 IoCs
  • Suspicious use of SetThreadContext 1 IoCs
  • Program crash 1 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 3 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Suspicious use of WriteProcessMemory 11 IoCs

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\FX20GM\lpk.dll,#1
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2204
    • C:\Windows\SysWOW64\rundll32.exe
      rundll32.exe C:\Users\Admin\AppData\Local\Temp\FX20GM\lpk.dll,#1
      2⤵
      • System Location Discovery: System Language Discovery
      • Suspicious use of WriteProcessMemory
      PID:4240
      • C:\Users\Admin\AppData\Local\Temp\hrl6169.tmp
        C:\Users\Admin\AppData\Local\Temp\hrl6169.tmp
        3⤵
        • Executes dropped EXE
        • Drops file in System32 directory
        • System Location Discovery: System Language Discovery
        PID:4788
  • C:\Windows\SysWOW64\skwigk.exe
    C:\Windows\SysWOW64\skwigk.exe
    1⤵
    • Executes dropped EXE
    • Suspicious use of SetThreadContext
    • System Location Discovery: System Language Discovery
    • Suspicious use of WriteProcessMemory
    PID:2480
    • C:\Windows\SysWOW64\svchost.exe
      svchost.exe
      2⤵
        PID:3620
        • C:\Windows\SysWOW64\WerFault.exe
          C:\Windows\SysWOW64\WerFault.exe -u -p 3620 -s 12
          3⤵
          • Program crash
          PID:4004
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -pss -s 432 -p 3620 -ip 3620
      1⤵
        PID:976

      Network

            MITRE ATT&CK Enterprise v15

            Replay Monitor

            Loading Replay Monitor...

            Downloads

            • C:\Users\Admin\AppData\Local\Temp\hrl6169.tmp
              Filesize

              38KB

              MD5

              7f0d34d040b495d00901ef4d34bd67d4

              SHA1

              d776c1703723dcee77c1ea8a33de6aff9273fe03

              SHA256

              953069a5332c058224df36634c8e887557a0d6e023bb2bbeda32bf054fe63d6f

              SHA512

              8f1da9ef9d3ecf8a319eb0e9568b61b45599be7b8b85f6d5a40783546db5688d5c8e6475a4e3a88088c6be004822d08d5a5a938592bf7a85c77067688b781106

              Download Submit

            • memory/3620-7-0x0000000000400000-0x000000000040D000-memory.dmp

              Filesize

              52KB

              Download

            • memory/4788-8-0x0000000000400000-0x000000000040D000-memory.dmp

              Filesize

              52KB

              Download