3ec8bc64f586979417849f0ff2dcd849f30eeece2bd106c1526960e26327d359

Analysis

max time kernel
1738s
max time network
1749s
platform
windows11-21h2_x64
resource
win11-20240508-en
resource tags

arch:x64arch:x86image:win11-20240508-enlocale:en-usos:windows11-21h2-x64system
submitted
25-06-2024 05:18

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

FurMark_win64/credits.txt
Size

1KB
MD5

27898c7250b704d244b9d1594847cf7b
SHA1

98410172058ad697f15eebd9bc5fa5f7fd897b5d
SHA256

78a79f36dfea284268e5c0371c26430932e58247550e00472921daf6a272e23a
SHA512

ce498f83077dde95106d0458c1ae668a4404134696804a18a0bc0fa90298e841dc25be7e1c084d36717290037ea700d95a662035954c7c5f4dfd66953ba9c3ca

Score

3^/10

Malware Config

Signatures

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-1672260578-815027929-964132517-1000_Classes\Local Settings	cmd.exe

Opens file in notepad (likely ransom note) 1 IoCs

ransomware

pid	Process
2440	NOTEPAD.EXE

Suspicious use of WriteProcessMemory 2 IoCs

description	pid	Process	procid_target
PID 244 wrote to memory of 2440	244	cmd.exe	79
PID 244 wrote to memory of 2440	244	cmd.exe	79

C:\Windows\system32\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\FurMark_win64\credits.txt
1⤵
- Modifies registry class
- Suspicious use of WriteProcessMemory
PID:244
- C:\Windows\system32\NOTEPAD.EXE
  "C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\AppData\Local\Temp\FurMark_win64\credits.txt
  2⤵
  - Opens file in notepad (likely ransom note)
  PID:2440

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads