Analysis

  • max time kernel
    148s
  • max time network
    154s
  • platform
    windows7_x64
  • resource
    win7-20220414-en
  • submitted
    20-05-2022 22:52

General

  • Target

    c8aeab9d69faff3486bbd01383f76f837ef7ac7f25d1b0088add95c8ec35a247.exe

  • Size

    815KB

  • MD5

    21ce894ccbef788a1b2af896e2aaf2a0

  • SHA1

    7ca645c7855bff3e2f1575d50f89a516b870d6de

  • SHA256

    c8aeab9d69faff3486bbd01383f76f837ef7ac7f25d1b0088add95c8ec35a247

  • SHA512

    6fa7a28936d70d2b94a89443988d8a81fe3c3cf6a91500ebf02c6c3962126e0c2e1a219c485c5dc90bc7d815f15533414d184056e675e348061e11cb82e22993

Score
6/10

Malware Config

Signatures

  • Writes to the Master Boot Record (MBR) ⋅ 1 TTPs 1 IoCs

    Bootkits write to the MBR to gain persistence at a level below the operating system.

  • Modifies Internet Explorer settings ⋅ 1 TTPs 12 IoCs
  • Suspicious behavior: EnumeratesProcesses ⋅ 2 IoCs
  • Suspicious use of FindShellTrayWindow ⋅ 1 IoCs
  • Suspicious use of SetWindowsHookEx ⋅ 7 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\c8aeab9d69faff3486bbd01383f76f837ef7ac7f25d1b0088add95c8ec35a247.exe
    "C:\Users\Admin\AppData\Local\Temp\c8aeab9d69faff3486bbd01383f76f837ef7ac7f25d1b0088add95c8ec35a247.exe"
    Writes to the Master Boot Record (MBR)
    Modifies Internet Explorer settings
    Suspicious behavior: EnumeratesProcesses
    Suspicious use of FindShellTrayWindow
    Suspicious use of SetWindowsHookEx
    PID:1788

Network

MITRE ATT&CK Matrix

Collection

    Command and Control

      Credential Access

        Defense Evasion

        Discovery

          Execution

            Exfiltration

              Impact

                Initial Access

                  Lateral Movement

                    Persistence

                    Privilege Escalation

                      Replay Monitor

                      00:00 00:00

                      Downloads

                      • memory/1788-54-0x0000000075DB1000-0x0000000075DB3000-memory.dmp