Overview

overview

6

Static

static

c6460ac381...d4.exe

windows7_x64

6

c6460ac381...d4.exe

windows10_x64

6

Analysis

  • max time kernel
    121s
  • max time network
    121s
  • platform
    windows7_x64
  • resource
    win7-en-20210920
  • submitted
    14-10-2021 06:11

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    c6460ac381d08001d53e32039e6626d4.exe

  • Size

    632KB

  • MD5

    c6460ac381d08001d53e32039e6626d4

  • SHA1

    754641ee917dcfa35940626ab2d61fb25a2218c8

  • SHA256

    a09cbb1704807a612702a6fd63c2c58d096da4c99034be7fc1d92bc5ef7bfc1b

  • SHA512

    ba90957ca112838048e74c27c5ad638504d2c3e94eb47b4168d88ac5ba31da1540916ce30f45eefcde5294542de83f15739350aac8e9fc5210ba8f8eac4e7eb9

Score
6/10
bootkitpersistence

Malware Config

Signatures

  • Writes to the Master Boot Record (MBR) 1 TTPs 1 IoCs

    Bootkits write to the MBR to gain persistence at a level below the operating system.

    bootkitpersistence

Processes

  • C:\Users\Admin\AppData\Local\Temp\c6460ac381d08001d53e32039e6626d4.exe
    "C:\Users\Admin\AppData\Local\Temp\c6460ac381d08001d53e32039e6626d4.exe"
    1⤵
    • Writes to the Master Boot Record (MBR)
    PID:1596

Network

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Bootkit

1
T1067

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/1596-54-0x000000000026B000-0x00000000002CC000-memory.dmp
    Filesize

    388KB

    Download
  • memory/1596-55-0x00000000757B1000-0x00000000757B3000-memory.dmp
    Filesize

    8KB

    Download
  • memory/1596-57-0x0000000000400000-0x0000000001711000-memory.dmp
    Filesize

    19.1MB

    Download
  • memory/1596-56-0x0000000001720000-0x000000000178B000-memory.dmp
    Filesize

    428KB

    Download
  • memory/1596-58-0x0000000000400000-0x0000000001711000-memory.dmp
    Filesize

    19.1MB

    Download