a4f144ace97d87e5cfdd28256def1d7a8f6a0f1f2ebf84aaebdf847eb4512bdc | Triage

Analysis

max time kernel
119s
max time network
122s
platform
windows10_x64
resource
win10-en-20211014
submitted
25-11-2021 17:01

Sharing

Report Analysis Logs

General

Target

a4f144ace97d87e5cfdd28256def1d7a8f6a0f1f2ebf84aaebdf847eb4512bdc.exe
Size

617KB
MD5

5db36d0f1c5d3b4366e2c5ee0a8356c1
SHA1

dde977aa3350e424e75505fc3656986d627af77e
SHA256

a4f144ace97d87e5cfdd28256def1d7a8f6a0f1f2ebf84aaebdf847eb4512bdc
SHA512

98cb0a3193737cbacf13d1aa0820cfa74117f9a7c91b91405dd42e13487230dfd86f7a582683b172d6e22a938da2b153f8fee891e99369549fc88e742dd6a1c5

Score

6^/10

bootkit persistence

Malware Config

Signatures

Writes to the Master Boot Record (MBR) 1 TTPs 1 IoCs
Bootkits write to the MBR to gain persistence at a level below the operating system.
bootkit persistence

Bootkit
T1067

Processes:

a4f144ace97d87e5cfdd28256def1d7a8f6a0f1f2ebf84aaebdf847eb4512bdc.exe

description ioc process

File opened for modification \??\PHYSICALDRIVE0 a4f144ace97d87e5cfdd28256def1d7a8f6a0f1f2ebf84aaebdf847eb4512bdc.exe

C:\Users\Admin\AppData\Local\Temp\a4f144ace97d87e5cfdd28256def1d7a8f6a0f1f2ebf84aaebdf847eb4512bdc.exe
"C:\Users\Admin\AppData\Local\Temp\a4f144ace97d87e5cfdd28256def1d7a8f6a0f1f2ebf84aaebdf847eb4512bdc.exe"
1⤵
- Writes to the Master Boot Record (MBR)
PID:2756

Network

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Bootkit

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2756-116-0x0000000003990000-0x00000000039FB000-memory.dmp

Filesize
428KB

Download
memory/2756-117-0x0000000000400000-0x0000000001C50000-memory.dmp

Filesize
24.3MB

Download
memory/2756-118-0x0000000000400000-0x0000000001C50000-memory.dmp

Filesize
24.3MB

Download