775f13140a30692525973fc04b537a324d42112ef97582c893c31bda1873e3b7 | Triage

Analysis

max time kernel
121s
max time network
135s
platform
windows10_x64
resource
win10-en-20210920
submitted
21-10-2021 18:02

Sharing

Report Analysis Logs

General

Target

775f13140a30692525973fc04b537a324d42112ef97582c893c31bda1873e3b7.exe
Size

584KB
MD5

9fccb160e6cce43c1343f650d8c0677d
SHA1

f6213d188d0001396905265ba0f747e9a9b20241
SHA256

775f13140a30692525973fc04b537a324d42112ef97582c893c31bda1873e3b7
SHA512

4f4cb4f0fd65de77f26b7fd19bd2ba5bf69d18465998ec1d2f1654c12a8f86d5231c3861353cb010d29052f439e2ac3778d419a598910906ce746222e9334d24

Score

6^/10

bootkit persistence

Malware Config

Signatures

Writes to the Master Boot Record (MBR) 1 TTPs 1 IoCs
Bootkits write to the MBR to gain persistence at a level below the operating system.
bootkit persistence

Bootkit
T1067

Processes:

775f13140a30692525973fc04b537a324d42112ef97582c893c31bda1873e3b7.exe

description ioc process

File opened for modification \??\PHYSICALDRIVE0 775f13140a30692525973fc04b537a324d42112ef97582c893c31bda1873e3b7.exe

C:\Users\Admin\AppData\Local\Temp\775f13140a30692525973fc04b537a324d42112ef97582c893c31bda1873e3b7.exe
"C:\Users\Admin\AppData\Local\Temp\775f13140a30692525973fc04b537a324d42112ef97582c893c31bda1873e3b7.exe"
1⤵
- Writes to the Master Boot Record (MBR)
PID:2768

Network

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Bootkit

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2768-118-0x0000000004BD0000-0x0000000004C3B000-memory.dmp

Filesize
428KB

Download
memory/2768-119-0x0000000000400000-0x0000000002F58000-memory.dmp

Filesize
43.3MB

Download
memory/2768-116-0x0000000004B70000-0x0000000004BD0000-memory.dmp

Filesize
384KB

Download
memory/2768-117-0x0000000000400000-0x0000000002F58000-memory.dmp

Filesize
43.3MB

Download