b299b2f630524e0ea42cb0f74e3e459b63d10388a3cc22fe05ecb87c482ed589 | Triage

Analysis

max time kernel
112s
max time network
152s
platform
windows10-2004_x64
resource
win10v2004-20220414-en
submitted
20-05-2022 23:46

Sharing

Report Analysis Logs

General

Target

b299b2f630524e0ea42cb0f74e3e459b63d10388a3cc22fe05ecb87c482ed589.exe
Size

8KB
MD5

224c0a47ce4711f95367b56978519cd2
SHA1

f0669f14647702c3aadd5588c311b8c7b2455b0a
SHA256

b299b2f630524e0ea42cb0f74e3e459b63d10388a3cc22fe05ecb87c482ed589
SHA512

33efa835a010b472982728f9ff5a04fe2f4a6c3693317ea06a07bb593f431f8149ca224ce17d3e70b69ad1e93a802189c74f6fa8935c602e92d8cffd336ff66b

Score

6^/10

bootkit persistence

Malware Config

Signatures

Writes to the Master Boot Record (MBR) 1 TTPs 1 IoCs
Bootkits write to the MBR to gain persistence at a level below the operating system.
bootkit persistence

Bootkit
T1067

Processes:

b299b2f630524e0ea42cb0f74e3e459b63d10388a3cc22fe05ecb87c482ed589.exe

description ioc process

File opened for modification \??\PhysicalDrive0 b299b2f630524e0ea42cb0f74e3e459b63d10388a3cc22fe05ecb87c482ed589.exe

C:\Users\Admin\AppData\Local\Temp\b299b2f630524e0ea42cb0f74e3e459b63d10388a3cc22fe05ecb87c482ed589.exe
"C:\Users\Admin\AppData\Local\Temp\b299b2f630524e0ea42cb0f74e3e459b63d10388a3cc22fe05ecb87c482ed589.exe"
1⤵
- Writes to the Master Boot Record (MBR)
PID:3316

Network

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Bootkit

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Replay Monitor

Loading Replay Monitor...