e91f299bd3558e1725fbd0074592fd27a63e855056d734ebf482aa4eab6baf38 | Triage

Analysis

max time kernel
119s
max time network
121s
platform
windows10_x64
resource
win10-en-20211014
submitted
21-10-2021 21:43

Sharing

Report Analysis Logs

General

Target

e91f299bd3558e1725fbd0074592fd27a63e855056d734ebf482aa4eab6baf38.exe
Size

584KB
MD5

d1e56eb29f3ff02ac443b8ffc7fe580e
SHA1

1f0bb1c31ad7c15c2949a46272610c967d7b9c39
SHA256

e91f299bd3558e1725fbd0074592fd27a63e855056d734ebf482aa4eab6baf38
SHA512

a5e9957db551b55b4a80d3ec054e25b0e05ef8c59907942d0efc5633925d68f61e44ec849dbe5999deb3b45b91747eeda1fd6b648e2d9b76b37c4065a6314368

Score

6^/10

bootkit persistence

Malware Config

Signatures

Writes to the Master Boot Record (MBR) 1 TTPs 1 IoCs
Bootkits write to the MBR to gain persistence at a level below the operating system.
bootkit persistence

Bootkit
T1067

Processes:

e91f299bd3558e1725fbd0074592fd27a63e855056d734ebf482aa4eab6baf38.exe

description ioc process

File opened for modification \??\PHYSICALDRIVE0 e91f299bd3558e1725fbd0074592fd27a63e855056d734ebf482aa4eab6baf38.exe

C:\Users\Admin\AppData\Local\Temp\e91f299bd3558e1725fbd0074592fd27a63e855056d734ebf482aa4eab6baf38.exe
"C:\Users\Admin\AppData\Local\Temp\e91f299bd3558e1725fbd0074592fd27a63e855056d734ebf482aa4eab6baf38.exe"
1⤵
- Writes to the Master Boot Record (MBR)
PID:2760

Network

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Bootkit

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2760-116-0x0000000004D40000-0x0000000004DAB000-memory.dmp

Filesize
428KB

Download
memory/2760-115-0x0000000004CE0000-0x0000000004D40000-memory.dmp

Filesize
384KB

Download
memory/2760-117-0x0000000000400000-0x0000000002F58000-memory.dmp

Filesize
43.3MB

Download
memory/2760-118-0x0000000000400000-0x0000000002F58000-memory.dmp

Filesize
43.3MB

Download