Fanxiang SSD S770 firmware Version 3.W.J.1t
- kirill_deadless
-
- Не в сети
- Newbie
-
Enregistré
- Сообщений: 1
- Thanks: 0
- Tom
-
- Ушел
- The Best Poster
-
Enregistré
- Сообщений: 249
- Thanks: 338
- supermag
-
- Не в сети
- Newbie
-
Enregistré
- Сообщений: 1
- Thanks: 0
- pinopapi
-
- Не в сети
- Newbie
-
Enregistré
- Сообщений: 1
- Thanks: 1
Re: Fanxiang SSD S770 firmware Version 3.W.J.1t
6 мес. 2 дн. назад - 6 мес. 2 дн. назад
Recently ran into issues with this drive. Using anyrun for analysis since im feeling lazy to do it myself. Here are some screenshots and information regarding the analysis. DONT RUN IT.
So far I havent found a solution to getting my drive back. It simply disappeared one day after running into boot issues. I cant get to the legit drivers or this company sells SSD's to get malware out from their website. Or there is a common case of a watering hole attack.
Public anyrun analysis: app.any.run/tasks/d27d282c-d931-409f-9642-b3175b851c5a
Analysis:
This task involves the execution of an executable file named "SSDmanagement_1.0.35.exe" located in the user's temporary folder. The executable file is launched by the "cmd.exe" process, which is a common command-line interpreter in Windows. The executable file is then used to extract the contents of another file, "~9204951028391987741~.tmp", using the 7zG.exe utility.
Legitimate programs may use the command-line interpreter to execute other programs or scripts. In this case, the executable file "SSDmanagement_1.0.35.exe" may be a legitimate program that performs some specific function related to SSD management. The extraction of contents from the temporary file using the 7zG.exe utility could be a normal behavior for a program that needs to extract or decompress files.
However, the use of a temporary file and the execution of an executable file from the user's temporary folder can also be indicative of malicious behavior. Malware often uses temporary files to hide its presence or to store malicious payloads. The execution of an executable file from the temporary folder can be a way for malware to evade detection or to bypass security measures. Therefore, further analysis is needed to determine if this behavior is part of a legitimate program or if it is indicative of malicious activity.
So far I havent found a solution to getting my drive back. It simply disappeared one day after running into boot issues. I cant get to the legit drivers or this company sells SSD's to get malware out from their website. Or there is a common case of a watering hole attack.
Public anyrun analysis: app.any.run/tasks/d27d282c-d931-409f-9642-b3175b851c5a
Analysis:
This task involves the execution of an executable file named "SSDmanagement_1.0.35.exe" located in the user's temporary folder. The executable file is launched by the "cmd.exe" process, which is a common command-line interpreter in Windows. The executable file is then used to extract the contents of another file, "~9204951028391987741~.tmp", using the 7zG.exe utility.
Legitimate programs may use the command-line interpreter to execute other programs or scripts. In this case, the executable file "SSDmanagement_1.0.35.exe" may be a legitimate program that performs some specific function related to SSD management. The extraction of contents from the temporary file using the 7zG.exe utility could be a normal behavior for a program that needs to extract or decompress files.
However, the use of a temporary file and the execution of an executable file from the user's temporary folder can also be indicative of malicious behavior. Malware often uses temporary files to hide its presence or to store malicious payloads. The execution of an executable file from the temporary folder can be a way for malware to evade detection or to bypass security measures. Therefore, further analysis is needed to determine if this behavior is part of a legitimate program or if it is indicative of malicious activity.
Последнее редактирование: 6 мес. 2 дн. назад пользователем pinopapi.
Пожалуйста Войти или Регистрация, чтобы присоединиться к беседе.
- sdefrwggerg
-
- Не в сети
- regular poster
-
Enregistré
- Сообщений: 32
- Thanks: 21