1db032af76c84f74137d19adf5b05bb5928bdbbf322dbde9ec85eee50b6018c6 | Triage

Analysis

max time kernel
106s
max time network
122s
platform
windows10_x64
resource
win10-en-20211104
submitted
25-11-2021 16:27

Sharing

Report Analysis Logs

General

Target

1db032af76c84f74137d19adf5b05bb5928bdbbf322dbde9ec85eee50b6018c6.exe
Size

617KB
MD5

695edb46c270b930a39392b3d1731113
SHA1

890eb088e3257dee856beed994f7619869ae07dc
SHA256

1db032af76c84f74137d19adf5b05bb5928bdbbf322dbde9ec85eee50b6018c6
SHA512

1ee126de851868e26d45baf80a580373d30b9a99ef2cb967b0d28471268ea72efc82da7843289d3e6f7e8da47cce37b04230c30ccf34bfd9a55b1d2df02f4e7e

Score

6^/10

bootkit persistence

Malware Config

Signatures

Writes to the Master Boot Record (MBR) 1 TTPs 1 IoCs
Bootkits write to the MBR to gain persistence at a level below the operating system.
bootkit persistence

Bootkit
T1067

Processes:

1db032af76c84f74137d19adf5b05bb5928bdbbf322dbde9ec85eee50b6018c6.exe

description ioc process

File opened for modification \??\PHYSICALDRIVE0 1db032af76c84f74137d19adf5b05bb5928bdbbf322dbde9ec85eee50b6018c6.exe

C:\Users\Admin\AppData\Local\Temp\1db032af76c84f74137d19adf5b05bb5928bdbbf322dbde9ec85eee50b6018c6.exe
"C:\Users\Admin\AppData\Local\Temp\1db032af76c84f74137d19adf5b05bb5928bdbbf322dbde9ec85eee50b6018c6.exe"
1⤵
- Writes to the Master Boot Record (MBR)
PID:2380

Network

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Bootkit

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2380-118-0x0000000002009000-0x000000000206A000-memory.dmp

Filesize
388KB

Download
memory/2380-119-0x0000000003990000-0x00000000039FB000-memory.dmp

Filesize
428KB

Download
memory/2380-120-0x0000000000400000-0x0000000001C50000-memory.dmp

Filesize
24.3MB

Download
memory/2380-121-0x0000000000400000-0x0000000001C50000-memory.dmp

Filesize
24.3MB

Download