Analysis
-
max time kernel
2s -
max time network
5s -
platform
windows10-2004_x64 -
resource
win10v2004-en-20220113 -
submitted
23-01-2022 07:30
Static task
static1
Behavioral task
behavioral1
Sample
360TS_Setup_Mini.exe
Resource
win10v2004-en-20220113
General
-
Target
360TS_Setup_Mini.exe
-
Size
1.5MB
-
MD5
858ee6ceb590822f57d2d98a32e3c5af
-
SHA1
0cd9e539e919dd0367c1d04e2644bc3e8ad109e5
-
SHA256
3d505dd5081824da4517fbdc2a4da8c6133538b72171e260f59d10be5ed20acb
-
SHA512
ad624bba251a6131471a662e31a676c6facb335aef433b0c2313adb57c2ca4701590845c3c237d190a1817fa43daeaaeb3731c91e19045691523cccf9cbbd198
Malware Config
Signatures
-
Loads dropped DLL 1 IoCs
Processes:
360TS_Setup_Mini.exepid process 1192 360TS_Setup_Mini.exe -
Writes to the Master Boot Record (MBR) 1 TTPs 1 IoCs
Bootkits write to the MBR to gain persistence at a level below the operating system.
Processes:
360TS_Setup_Mini.exedescription ioc process File opened for modification \??\PhysicalDrive0 360TS_Setup_Mini.exe -
Suspicious use of AdjustPrivilegeToken 1 IoCs
Processes:
360TS_Setup_Mini.exedescription pid process Token: SeManageVolumePrivilege 1192 360TS_Setup_Mini.exe
Processes
Network
MITRE ATT&CK Matrix ATT&CK v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\Local\Temp\{C577A5A2-9A9D-4ac4-9BF7-FCA9CA08B976}.tmp\360P2SP.dllMD5
fc1796add9491ee757e74e65cedd6ae7
SHA1603e87ab8cb45f62ecc7a9ef52d5dedd261ea812
SHA256bf1b96f5b56be51e24d6314bc7ec25f1bdba2435f4dfc5be87de164fe5de9e60
SHA5128fa2e4ff5cbc05034051261c778fec1f998ceb2d5e8dea16b26b91056a989fdc58f33767687b393f32a5aff7c2b8d6df300b386f608abd0ad193068aa9251e0d