Analysis
-
max time kernel
43s -
max time network
50s -
platform
windows7_x64 -
resource
win7-20220414-en -
submitted
20-05-2022 03:00
Static task
static1
Behavioral task
behavioral1
Sample
制作纯DOS启动U盘刷新BIOS/DOS/COMMAND.com
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
制作纯DOS启动U盘刷新BIOS/DOS/COMMAND.com
Resource
win10v2004-20220414-en
Behavioral task
behavioral3
Sample
制作纯DOS启动U盘刷新BIOS/HP优盘格式化工具HPUSBFW 2.20.exe
Resource
win7-20220414-en
Behavioral task
behavioral4
Sample
制作纯DOS启动U盘刷新BIOS/HP优盘格式化工具HPUSBFW 2.20.exe
Resource
win10v2004-20220414-en
Behavioral task
behavioral5
Sample
制作纯DOS启动U盘刷新BIOS/af10_bios/AFUDOS.exe
Resource
win7-20220414-en
Behavioral task
behavioral6
Sample
制作纯DOS启动U盘刷新BIOS/af10_bios/AFUDOS.exe
Resource
win10v2004-20220414-en
Behavioral task
behavioral7
Sample
制作纯DOS启动U盘刷新BIOS/af10_bios/af10.bat
Resource
win7-20220414-en
Behavioral task
behavioral8
Sample
制作纯DOS启动U盘刷新BIOS/af10_bios/af10.bat
Resource
win10v2004-20220414-en
General
-
Target
制作纯DOS启动U盘刷新BIOS/HP优盘格式化工具HPUSBFW 2.20.exe
-
Size
96KB
-
MD5
f109b8ed3b703f7765eb7e1bc6975d29
-
SHA1
05753b015d84d236e36c3aef40d9d22add05bf72
-
SHA256
3e01af95f9b5b1b939b64241613fd91b2a738f66c5d1173df24e9e74faf1fc5e
-
SHA512
580497f012a0045eb678373e53f6aad6709786e3aaf74a558384574edcd7c544152f9197264ba2c60c4d02c4dd8ce4e978291ae7ee9477ffaccb2b162d34dc1a
Malware Config
Signatures
-
Maps connected drives based on registry 3 TTPs 3 IoCs
Disk information is often read in order to detect sandboxing environments.
Processes:
HP优盘格式化工具HPUSBFW 2.20.exedescription ioc process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\Disk\Enum HP优盘格式化工具HPUSBFW 2.20.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\services\Disk\Enum\NextInstance HP优盘格式化工具HPUSBFW 2.20.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\services\Disk\Enum\0 HP优盘格式化工具HPUSBFW 2.20.exe -
Writes to the Master Boot Record (MBR) 1 TTPs 1 IoCs
Bootkits write to the MBR to gain persistence at a level below the operating system.
Processes:
HP优盘格式化工具HPUSBFW 2.20.exedescription ioc process File opened for modification \??\PhysicalDrive0 HP优盘格式化工具HPUSBFW 2.20.exe
Processes
Network
MITRE ATT&CK Matrix ATT&CK v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/1296-54-0x0000000075741000-0x0000000075743000-memory.dmpFilesize
8KB