c133acf840167eef7513795fdc1677b14880d8f6e00ca9f1835b84a4f91a396b | Triage

Analysis

max time kernel
114s
max time network
123s
platform
windows10_x64
resource
win10-en-20211014
submitted
21-10-2021 10:00

Sharing

Report Analysis Logs

General

Target

c133acf840167eef7513795fdc1677b14880d8f6e00ca9f1835b84a4f91a396b.exe
Size

583KB
MD5

db2535395dbe38121960dceb69f65915
SHA1

80058cde91a3ea9d0b8e3332b443bcc5462dd5e2
SHA256

c133acf840167eef7513795fdc1677b14880d8f6e00ca9f1835b84a4f91a396b
SHA512

7bf816a37082cfb26572f0f262b5d1974adc487efb3ce50bafe18eb0acda043ebbd9c57e02f077f0f52fca5d0812cd7e0ff5fcc894bb2c596ee3cbb43f0123f5

Score

6^/10

bootkit persistence

Malware Config

Signatures

Writes to the Master Boot Record (MBR) 1 TTPs 1 IoCs
Bootkits write to the MBR to gain persistence at a level below the operating system.
bootkit persistence

Bootkit
T1067

Processes:

c133acf840167eef7513795fdc1677b14880d8f6e00ca9f1835b84a4f91a396b.exe

description ioc process

File opened for modification \??\PHYSICALDRIVE0 c133acf840167eef7513795fdc1677b14880d8f6e00ca9f1835b84a4f91a396b.exe

C:\Users\Admin\AppData\Local\Temp\c133acf840167eef7513795fdc1677b14880d8f6e00ca9f1835b84a4f91a396b.exe
"C:\Users\Admin\AppData\Local\Temp\c133acf840167eef7513795fdc1677b14880d8f6e00ca9f1835b84a4f91a396b.exe"
1⤵
- Writes to the Master Boot Record (MBR)
PID:2716

Network

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Bootkit

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2716-116-0x0000000004CF0000-0x0000000004D5B000-memory.dmp

Filesize
428KB

Download
memory/2716-115-0x0000000004C90000-0x0000000004CF0000-memory.dmp

Filesize
384KB

Download
memory/2716-118-0x0000000000400000-0x0000000002F58000-memory.dmp

Filesize
43.3MB

Download
memory/2716-117-0x0000000000400000-0x0000000002F58000-memory.dmp

Filesize
43.3MB

Download