Overview

overview

3

Static

static

1

iFOBS.pdb

windows10-1703-x64

3

Analysis

  • max time kernel
    0s
  • max time network
    116s
  • platform
    windows10-1703_x64
  • resource
    win10-20231215-en
  • resource tags

    arch:x64arch:x86image:win10-20231215-enlocale:en-usos:windows10-1703-x64system
  • submitted
    08-01-2024 06:52

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    iFOBS.pdb

  • Size

    53KB

  • MD5

    a862a1180df3da3f2f35a5464c9b5883

  • SHA1

    89bbb4574f20d74976661f07081630b202dd7b9a

  • SHA256

    65709c853dc766b1f497777248bdd6a733e9eb6fcd99e7355fd84008e2c96d93

  • SHA512

    1e67a2527124c298d5cc542c9ab760de758b69af5a0e56d986ce2529964883bdf257d9f5a803066d3750c5d420058861c6e081ff40ad3f883ada39ff44c9d385

  • SSDEEP

    768:ckVG+tExLPn7++KqpOUm1CDIB4U1dyhJ0Trr8nTm:YO5kIBj1dy/krr8Tm

Score
3/10

Malware Config

Signatures

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Opens file in notepad (likely ransom note) 1 IoCs
    ransomware

Processes

  • C:\Windows\system32\cmd.exe
    cmd /c C:\Users\Admin\AppData\Local\Temp\iFOBS.pdb
    1⤵
      PID:5096
    • C:\Windows\system32\OpenWith.exe
      C:\Windows\system32\OpenWith.exe -Embedding
      1⤵
        PID:4092
        • C:\Windows\system32\NOTEPAD.EXE
          "C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\AppData\Local\Temp\iFOBS.pdb
          2⤵
          • Opens file in notepad (likely ransom note)
          PID:4248

      Network

      MITRE ATT&CK Enterprise v15

      Replay Monitor

      Loading Replay Monitor...

      Downloads