52c9a71f5f8f80172901a6b04c709cfa8ba500aa775ace32c9122ca7b680c112 | Triage

Analysis

max time kernel
78s
max time network
124s
platform
windows10_x64
resource
win10-en-20210920
submitted
21-10-2021 19:20

Sharing

Report Analysis Logs

General

Target

52c9a71f5f8f80172901a6b04c709cfa8ba500aa775ace32c9122ca7b680c112.exe
Size

584KB
MD5

b6e9d5aa996baea28c81bb4c38df2410
SHA1

fe729c720f71e62dbea514eff48fa7e907d40e5b
SHA256

52c9a71f5f8f80172901a6b04c709cfa8ba500aa775ace32c9122ca7b680c112
SHA512

b5fa6d6e2527a12d2eeedefa27607fb60b7f19af1e3baaa8f04ce1c0560ef31e9e2ebb122777a5756b7780a34c0afa1da66e2a84d9ef006054b361a6ac7b95e5

Score

6^/10

bootkit persistence

Malware Config

Signatures

Writes to the Master Boot Record (MBR) 1 TTPs 1 IoCs
Bootkits write to the MBR to gain persistence at a level below the operating system.
bootkit persistence

Bootkit
T1067

Processes:

52c9a71f5f8f80172901a6b04c709cfa8ba500aa775ace32c9122ca7b680c112.exe

description ioc process

File opened for modification \??\PHYSICALDRIVE0 52c9a71f5f8f80172901a6b04c709cfa8ba500aa775ace32c9122ca7b680c112.exe

C:\Users\Admin\AppData\Local\Temp\52c9a71f5f8f80172901a6b04c709cfa8ba500aa775ace32c9122ca7b680c112.exe
"C:\Users\Admin\AppData\Local\Temp\52c9a71f5f8f80172901a6b04c709cfa8ba500aa775ace32c9122ca7b680c112.exe"
1⤵
- Writes to the Master Boot Record (MBR)
PID:2704

Network

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Bootkit

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2704-116-0x0000000002F60000-0x00000000030AA000-memory.dmp

Filesize
1.3MB

Download
memory/2704-117-0x0000000004BD0000-0x0000000004C3B000-memory.dmp

Filesize
428KB

Download
memory/2704-118-0x0000000000400000-0x0000000002F58000-memory.dmp

Filesize
43.3MB

Download
memory/2704-115-0x0000000000400000-0x0000000002F58000-memory.dmp

Filesize
43.3MB

Download