2799c417fb8911fb2b1e7d68248bb8adadf827754b74de5903a622c6993a138a

Analysis

max time kernel
36s
max time network
39s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
24/02/2025, 23:37

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

FPilot.exe
Size

1.8MB
MD5

8c4dbebe326da4d66d52708ac5d8b82f
SHA1

3e0de4c535d214b56e0dc60cebe22b1c6f19ab36
SHA256

2799c417fb8911fb2b1e7d68248bb8adadf827754b74de5903a622c6993a138a
SHA512

23d284301a2febd4edc0d91ce2cfcbacabb114bb27bed4387fa3db08c1d5d971434f35c1f1b7390ef6deb6a5355c9fc27401d34ef55158de688587b99b64dacd
SSDEEP

24576:q2mUId/VEO2+fUZUjXZWn27lIrItIdIpMIB2hHfXSqUCOFGLat4WX6IwS7wZU:qoIFVEZULYFPSqGI44WX6Iwmv

Score

6^/10

Malware Config

Signatures

Enumerates connected drives 3 TTPs 1 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
File opened (read-only)	\??\F:	FPilot.exe

C:\Users\Admin\AppData\Local\Temp\FPilot.exe
"C:\Users\Admin\AppData\Local\Temp\FPilot.exe"
1⤵
- Enumerates connected drives
PID:2036

C:\Windows\explorer.exe
"C:\Windows\explorer.exe"
1⤵
PID:2264

C:\Windows\system32\reg.exe
"C:\Windows\system32\reg.exe"
1⤵
PID:1512

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads