Dropped Files

Name 3e7ab248af0399a4_fyamff.exe
Download Submit file
Filepath C:\Users\Administrator\AppData\Roaming\Microsoft\fyamff.exe
Size 73.5KB
Processes 1576 (53997ac8a46f745d_fohbyc.exe)
Type PE32 executable (GUI) Intel 80386, for MS Windows
MD5 a46fbaf5607bc2c8fd43abee8dde113d
SHA1 7d77799292d1ff05547dbbd49fe4a1e690e58816
SHA256 3e7ab248af0399a4a5f6a012c88fdd9fe285e1db4983a58fc3d2a1f73d8e8b7a
CRC32 E3852942
ssdeep None
Yara
  • Gandcrab - Gandcrab Payload
  • CrowdStrike_CSIT_18151_01 - This rule detects GandCrab ransomware once it is in an unpacked state.
  • network_http - Communications over HTTP
  • win_mutex - Create or check mutex
  • win_registry - Affect system registries
  • win_files_operation - Affect private profile
VirusTotal Search for analysis
Cuckoo

We're processing your submission... This could take a few seconds.