f0e3f33f197acc669becc1ff52f046c8c1ade0e083e85afdc07078caf60ed1ee | Triage

Analysis

max time kernel
119s
max time network
135s
platform
windows10_x64
resource
win10-en-20210920
submitted
21-10-2021 18:39

Sharing

Report Analysis Logs

General

Target

f0e3f33f197acc669becc1ff52f046c8c1ade0e083e85afdc07078caf60ed1ee.exe
Size

583KB
MD5

9bf85b2db80f6954513a202f7b07e89d
SHA1

b629a945730960dc2d40adc9d61462cc99bbb6e6
SHA256

f0e3f33f197acc669becc1ff52f046c8c1ade0e083e85afdc07078caf60ed1ee
SHA512

558a5469c6ccc26c84637f2fc3751ff7985fbdd124893c9a8a241de2df631bfd005539f3b8f7c7751b6ddd0ec1ccc95de6a107279f03b62a966676a78ca75d42

Score

6^/10

bootkit persistence

Malware Config

Signatures

Writes to the Master Boot Record (MBR) 1 TTPs 1 IoCs
Bootkits write to the MBR to gain persistence at a level below the operating system.
bootkit persistence

Bootkit
T1067

Processes:

f0e3f33f197acc669becc1ff52f046c8c1ade0e083e85afdc07078caf60ed1ee.exe

description ioc process

File opened for modification \??\PHYSICALDRIVE0 f0e3f33f197acc669becc1ff52f046c8c1ade0e083e85afdc07078caf60ed1ee.exe

C:\Users\Admin\AppData\Local\Temp\f0e3f33f197acc669becc1ff52f046c8c1ade0e083e85afdc07078caf60ed1ee.exe
"C:\Users\Admin\AppData\Local\Temp\f0e3f33f197acc669becc1ff52f046c8c1ade0e083e85afdc07078caf60ed1ee.exe"
1⤵
- Writes to the Master Boot Record (MBR)
PID:4040

Network

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Bootkit

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

memory/4040-115-0x0000000004B40000-0x0000000004BA0000-memory.dmp

Filesize
384KB

Download
memory/4040-116-0x0000000004BA0000-0x0000000004C0B000-memory.dmp

Filesize
428KB

Download
memory/4040-117-0x0000000000400000-0x0000000002F58000-memory.dmp

Filesize
43.3MB

Download
memory/4040-118-0x0000000000400000-0x0000000002F58000-memory.dmp

Filesize
43.3MB

Download