Analysis
-
max time kernel
4s -
max time network
5s -
platform
windows7_x64 -
resource
win7v20201028 -
submitted
07-03-2021 06:59
Static task
static1
Behavioral task
behavioral1
Sample
cf98c75ab336ef7984818017b906c3ab0d19931373d9e31a94070a590cca24a9.exe
Resource
win7v20201028
Behavioral task
behavioral2
Sample
cf98c75ab336ef7984818017b906c3ab0d19931373d9e31a94070a590cca24a9.exe
Resource
win10v20201028
Errors
General
-
Target
cf98c75ab336ef7984818017b906c3ab0d19931373d9e31a94070a590cca24a9.exe
-
Size
421KB
-
MD5
3d09e0981adb03816430e02654e2b23e
-
SHA1
5245fcf9fa5078d3861fd92b53b5361f63578381
-
SHA256
cf98c75ab336ef7984818017b906c3ab0d19931373d9e31a94070a590cca24a9
-
SHA512
a605baf71bdedeedd99cf6b5b9cb5015785668cf457a0f7112a6cef9c86a2c93a4a47732e4373a2d49321fa8b1713317478ff9c9f8c8a1ac3c098e9cf6eee2d9
Malware Config
Signatures
-
Writes to the Master Boot Record (MBR) 1 TTPs 1 IoCs
Bootkits write to the MBR to gain persistence at a level below the operating system.
Processes:
cf98c75ab336ef7984818017b906c3ab0d19931373d9e31a94070a590cca24a9.exedescription ioc process File opened for modification \??\PHYSICALDRIVE0 cf98c75ab336ef7984818017b906c3ab0d19931373d9e31a94070a590cca24a9.exe -
Suspicious use of AdjustPrivilegeToken 1 IoCs
Processes:
cf98c75ab336ef7984818017b906c3ab0d19931373d9e31a94070a590cca24a9.exedescription pid process Token: SeShutdownPrivilege 1152 cf98c75ab336ef7984818017b906c3ab0d19931373d9e31a94070a590cca24a9.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\cf98c75ab336ef7984818017b906c3ab0d19931373d9e31a94070a590cca24a9.exe"C:\Users\Admin\AppData\Local\Temp\cf98c75ab336ef7984818017b906c3ab0d19931373d9e31a94070a590cca24a9.exe"1⤵
- Writes to the Master Boot Record (MBR)
- Suspicious use of AdjustPrivilegeToken
Network
MITRE ATT&CK Matrix ATT&CK v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/1152-2-0x00000000760C1000-0x00000000760C3000-memory.dmpFilesize
8KB