208e039e805b8f6cb75ed4ccb181567cdf5e4e8abf3e288978f93b8066df8490 | Triage

Submit
Reports

Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

9

Static

static

3

fbi.exe

windows7-x64

7

fbi.exe

windows10-2004-x64

9

Resubmissions

19/08/2024, 01:20

240819-bp4ccawdph 9

19/08/2024, 00:00

240819-aakq1ssdph 9

Sharing

General

Target

fbi.exe
Size

155.0MB
Sample

240819-bp4ccawdph
MD5

de9c00a038d9a28a48436f8e31f29e92
SHA1

54cf3177088d4bf594c5096dbe442e637c44fbe1
SHA256

208e039e805b8f6cb75ed4ccb181567cdf5e4e8abf3e288978f93b8066df8490
SHA512

9145aa89299bd009e613e972c1e2cf14cf841047c572f24c0590cdbc555e0289fdcc0dbb193950efee554399fadac12a91b9200429187287d64e2625d4b95f27
SSDEEP

3145728:2Fg34LBZ13M/tQonZODQZgSSkB05awCHi1dY//1HoQPWEkih7BGth:wEGonksSAi8Rs+/tH7btbu

Score

9^/10

defense_evasion discovery pyinstaller ransomware upx

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

fbi.exe

Resource

win7-20240704-en

windows7-x64

3 signatures

150 seconds

Behavioral task

behavioral2

Sample

fbi.exe

Resource

win10v2004-20240802-en

defense_evasion discovery ransomware upx

windows10-2004-x64

20 signatures

150 seconds

Malware Config

Targets

- Target
  
  fbi.exe
- Size
  
  155.0MB
- MD5
  
  de9c00a038d9a28a48436f8e31f29e92
- SHA1
  
  54cf3177088d4bf594c5096dbe442e637c44fbe1
- SHA256
  
  208e039e805b8f6cb75ed4ccb181567cdf5e4e8abf3e288978f93b8066df8490
- SHA512
  
  9145aa89299bd009e613e972c1e2cf14cf841047c572f24c0590cdbc555e0289fdcc0dbb193950efee554399fadac12a91b9200429187287d64e2625d4b95f27
- SSDEEP
  
  3145728:2Fg34LBZ13M/tQonZODQZgSSkB05awCHi1dY//1HoQPWEkih7BGth:wEGonksSAi8Rs+/tH7btbu
Score

9^/10

upx defense_evasion discovery ransomware
- Renames multiple (111) files with added filename extension
  This suggests ransomware activity of encrypting all the files on the system.
  ransomware
- Executes dropped EXE
- Loads dropped DLL
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Legitimate hosting services abused for malware hosting/C2
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Hide Artifacts: Hidden Files and Directories
  defense_evasion
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Hide Artifacts

Hidden Files and Directories

Credential Access

Discovery

Browser Information Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

defense_evasiondiscoveryransomwareupx

© 2018-2025

Terms | Privacy