e6519b812c285d6ad48df92a70e235a28ee05d7c87e3b6dd8d4f1a29a9b77856 | Triage

Analysis

max time kernel
154s
max time network
43s
platform
windows7_x64
resource
win7-20220414-en
submitted
16-05-2022 12:58

Sharing

Report Analysis Logs

General

Target

setup.exe
Size

668KB
MD5

10e4443ce2353752f039def6d498551d
SHA1

299fe4fe32de52b52371c88a9b58fb9493c4b2b2
SHA256

e6519b812c285d6ad48df92a70e235a28ee05d7c87e3b6dd8d4f1a29a9b77856
SHA512

57a3ee519b53c5ba93638b885d1cc519c601f99913044650c3ec4926df323b9379b06e57f8103582288776dee10532a4e25b6ce024995d20822c6b2784b8add6

Score

6^/10

bootkit persistence

Malware Config

Signatures

Writes to the Master Boot Record (MBR) 1 TTPs 1 IoCs
Bootkits write to the MBR to gain persistence at a level below the operating system.
bootkit persistence

Bootkit
T1067

Processes:

setup.exe

description ioc process

File opened for modification \??\PhysicalDrive0 setup.exe

C:\Users\Admin\AppData\Local\Temp\setup.exe
"C:\Users\Admin\AppData\Local\Temp\setup.exe"
1⤵
- Writes to the Master Boot Record (MBR)
PID:968

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Bootkit

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

memory/968-54-0x0000000076451000-0x0000000076453000-memory.dmp

Filesize
8KB

Download
memory/968-55-0x0000000000400000-0x00000000006BE000-memory.dmp

Filesize
2.7MB

Download
memory/968-56-0x0000000000250000-0x0000000000253000-memory.dmp

Filesize
12KB

Download