Analysis
-
max time kernel
113s -
max time network
46s -
platform
windows7_x64 -
resource
win7-20220414-en -
submitted
12-05-2022 11:41
Static task
static1
Behavioral task
behavioral1
Sample
3c64fdd58eafb6e678a58f47e515b0cde3b39e98c32d6607d3c8e58a5eff8d72.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
3c64fdd58eafb6e678a58f47e515b0cde3b39e98c32d6607d3c8e58a5eff8d72.exe
Resource
win10v2004-20220414-en
General
-
Target
3c64fdd58eafb6e678a58f47e515b0cde3b39e98c32d6607d3c8e58a5eff8d72.exe
-
Size
455KB
-
MD5
7c9a17538efb839e11cb5542f9150032
-
SHA1
aec7672a7371185fe7dc623cf4eee76d2120702e
-
SHA256
3c64fdd58eafb6e678a58f47e515b0cde3b39e98c32d6607d3c8e58a5eff8d72
-
SHA512
6e4ddc09cb005903acc225e9dc3aa6d369b337952b1fc084892f77e3e050960a06c68be4748f989165e8d919ff9148d9c746dbbb22ee3e4cfd54564f99fec9c7
Malware Config
Signatures
-
Writes to the Master Boot Record (MBR) 1 TTPs 1 IoCs
Bootkits write to the MBR to gain persistence at a level below the operating system.
Processes:
3c64fdd58eafb6e678a58f47e515b0cde3b39e98c32d6607d3c8e58a5eff8d72.exedescription ioc process File opened for modification \??\PHYSICALDRIVE0 3c64fdd58eafb6e678a58f47e515b0cde3b39e98c32d6607d3c8e58a5eff8d72.exe -
Suspicious use of AdjustPrivilegeToken 1 IoCs
Processes:
3c64fdd58eafb6e678a58f47e515b0cde3b39e98c32d6607d3c8e58a5eff8d72.exedescription pid process Token: SeShutdownPrivilege 1792 3c64fdd58eafb6e678a58f47e515b0cde3b39e98c32d6607d3c8e58a5eff8d72.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\3c64fdd58eafb6e678a58f47e515b0cde3b39e98c32d6607d3c8e58a5eff8d72.exe"C:\Users\Admin\AppData\Local\Temp\3c64fdd58eafb6e678a58f47e515b0cde3b39e98c32d6607d3c8e58a5eff8d72.exe"1⤵
- Writes to the Master Boot Record (MBR)
- Suspicious use of AdjustPrivilegeToken
Network
MITRE ATT&CK Matrix ATT&CK v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/1792-54-0x0000000075AE1000-0x0000000075AE3000-memory.dmpFilesize
8KB
-
memory/1792-55-0x0000000000400000-0x0000000000FCF000-memory.dmpFilesize
11.8MB
-
memory/1792-56-0x00000000010DB000-0x000000000113C000-memory.dmpFilesize
388KB
-
memory/1792-57-0x0000000000320000-0x000000000038B000-memory.dmpFilesize
428KB
-
memory/1792-58-0x0000000000400000-0x0000000000FCF000-memory.dmpFilesize
11.8MB