2a0ce8239387c614b1728bd9ec954e1e9ab985dde87e5976519ee1cfca1ee896

Analysis

max time kernel
116s
max time network
115s
platform
windows10_x64
resource
win10
submitted
12-07-2020 04:08

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

winosntkrnl.exe
Size

2.1MB
MD5

23959126c21fdda02365352cd3e03d28
SHA1

05a025b6ad3f4b88084624234312767e9402202a
SHA256

2a0ce8239387c614b1728bd9ec954e1e9ab985dde87e5976519ee1cfca1ee896
SHA512

ad5326da158a3701aeb827084a425ab7e2633ca59837241da449b03d4be7b8f77c336748dc1cf0f7d4fd4928f6258c83c7fbda9a5b28686f36e0666f07c42084

Score

6^/10

bootkit persistence

Malware Config

Signatures

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
3588	winosntkrnl.exe

Writes to the Master Boot Record (MBR) 1 TTPs 1 IoCs

Bootkits write to the MBR to gain persistence at a level below the operating system.

bootkit persistence

Bootkit

T1067

description	ioc	Process
File opened for modification	\??\PhysicalDrive0	winosntkrnl.exe

C:\Users\Admin\AppData\Local\Temp\winosntkrnl.exe
"C:\Users\Admin\AppData\Local\Temp\winosntkrnl.exe"
1⤵
- Suspicious use of FindShellTrayWindow
- Writes to the Master Boot Record (MBR)
PID:3588

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Bootkit

T1067

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads