0e7187f0168fe8130421944f5f70b3f0b7d799d3fd9c3156c14581577225311d | Triage

Resubmissions

18/09/2024, 18:59

240918-xm5y2sxfpf 3

18/09/2024, 18:58

240918-xmx87sybkk 3

Analysis

max time kernel
17s
max time network
18s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
18/09/2024, 18:59

Sharing

Report Analysis Logs

General

Target

FTA RansomWare _v1.exe
Size

934KB
MD5

76ee57540d780003d7d4703245866b01
SHA1

6ed6e61f936f93b7bf65c6ed3c78bbdff1dcaf90
SHA256

0e7187f0168fe8130421944f5f70b3f0b7d799d3fd9c3156c14581577225311d
SHA512

ab1f736c7b4456d1900169d66358467e8ef2ce64c86ea8d29d7faea905bbaa2b5526396dc804b8ad62b682bfbac82463db9143d88e4efefecf66915c225358b9
SSDEEP

12288:AaNB7Xct1stAoNygITuCdvs5yY75qbJ/ymOZFbMqcuJPE2TYgJay:XdXck1byY75qFaRZx5Ye

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 6 IoCs

description	pid	Process	procid_target
PID 1092 wrote to memory of 1376	1092	cmd.exe	101
PID 1092 wrote to memory of 1376	1092	cmd.exe	101
PID 1092 wrote to memory of 4752	1092	cmd.exe	104
PID 1092 wrote to memory of 4752	1092	cmd.exe	104
PID 1092 wrote to memory of 2288	1092	cmd.exe	107
PID 1092 wrote to memory of 2288	1092	cmd.exe	107

C:\Users\Admin\AppData\Local\Temp\FTA RansomWare _v1.exe
"C:\Users\Admin\AppData\Local\Temp\FTA RansomWare _v1.exe"
1⤵
PID:1836

C:\Windows\system32\cmd.exe
"C:\Windows\system32\cmd.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1092
- C:\Users\Admin\AppData\Local\Temp\FTA RansomWare _v1.exe
  "FTA RansomWare _v1.exe"
  2⤵
  PID:1376
- C:\Users\Admin\AppData\Local\Temp\FTA RansomWare _v1.exe
  "FTA RansomWare _v1.exe"
  2⤵
  PID:4752
- C:\Users\Admin\AppData\Local\Temp\FTA RansomWare _v1.exe
  "FTA RansomWare _v1.exe"
  2⤵
  PID:2288

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads