Overview

overview

10

Static

static

4

#Pa$$w0rD_...#$.zip

windows7-x64

10

#Pa$$w0rD_...#$.zip

windows10-2004-x64

1

#Pa$$w0rD_...p#$.7z

windows7-x64

1

#Pa$$w0rD_...p#$.7z

windows10-2004-x64

1

Resources/...w.phpt

windows7-x64

3

Resources/...w.phpt

windows10-2004-x64

3

Resources/...1.phpt

windows7-x64

3

Resources/...1.phpt

windows10-2004-x64

3

Resources/...8.phpt

windows7-x64

3

Resources/...8.phpt

windows10-2004-x64

3

Resources/...g.phpt

windows7-x64

3

Resources/...g.phpt

windows10-2004-x64

3

Resources/...007.js

windows7-x64

3

Resources/...007.js

windows10-2004-x64

3

Resources/...3.phpt

windows7-x64

3

Resources/...3.phpt

windows10-2004-x64

3

Resources/...007.js

windows7-x64

3

Resources/...007.js

windows10-2004-x64

3

Resources/...4.phpt

windows7-x64

3

Resources/...4.phpt

windows10-2004-x64

3

Resources/...01.ps1

windows7-x64

3

Resources/...01.ps1

windows10-2004-x64

3

Resources/...oard.h

windows7-x64

3

Resources/...oard.h

windows10-2004-x64

3

Resources/...6.phpt

windows7-x64

3

Resources/...6.phpt

windows10-2004-x64

3

Resources/...8.phpt

windows7-x64

3

Resources/...8.phpt

windows10-2004-x64

3

Resources/...1.phpt

windows7-x64

3

Resources/...1.phpt

windows10-2004-x64

3

Resources/...6/htwj

windows7-x64

1

Resources/...6/htwj

windows10-2004-x64

1

Resubmissions

06-01-2025 08:53

250106-ktfaravkfl 5

06-01-2025 08:49

250106-kreansskgv 10

Analysis

  • max time kernel
    15s
  • max time network
    16s
  • platform
    windows7_x64
  • resource
    win7-20240729-en
  • resource tags

    arch:x64arch:x86image:win7-20240729-enlocale:en-usos:windows7-x64system
  • submitted
    06-01-2025 08:49

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Resources/Data/x64/x86/fpm_scoreboard.h

  • Size

    3KB

  • MD5

    604bbea166975472c09ca3ecaeb2ed91

  • SHA1

    be0587b54393050203692c5236eab204e82ab6ac

  • SHA256

    cc2aeed6f2e108f12d47d1409c6fcf53b6749534e435ef8622234335f3c21558

  • SHA512

    c5a4b221ba4591812c4fd02eab6bbb5db78ca90cdd779b76ba70f4efbb1c650ed9b6fee91c8ac883b6c4f98bdf62735131717c6eaa5f1c608953020953c9528e

Score
3/10

Malware Config

Signatures

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies registry class 1 IoCs
  • Opens file in notepad (likely ransom note) 1 IoCs
    ransomware
  • Suspicious use of WriteProcessMemory 6 IoCs

Processes

  • C:\Windows\system32\cmd.exe
    cmd /c C:\Users\Admin\AppData\Local\Temp\Resources\Data\x64\x86\fpm_scoreboard.h
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:908
    • C:\Windows\system32\rundll32.exe
      "C:\Windows\system32\rundll32.exe" C:\Windows\system32\shell32.dll,OpenAs_RunDLL C:\Users\Admin\AppData\Local\Temp\Resources\Data\x64\x86\fpm_scoreboard.h
      2⤵
      • Modifies registry class
      • Suspicious use of WriteProcessMemory
      PID:2816
      • C:\Windows\system32\NOTEPAD.EXE
        "C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\AppData\Local\Temp\Resources\Data\x64\x86\fpm_scoreboard.h
        3⤵
        • Opens file in notepad (likely ransom note)
        PID:2868

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads