Analysis

  • max time kernel
    38s
  • max time network
    47s
  • platform
    windows7_x64
  • resource
    win7-20220414-en
  • submitted
    20-05-2022 03:00

General

  • Target

    HPUSBFW/DOS1/制作纯DOS启动U盘刷新BIOS/HP优盘格式化工具HPUSBFW 2.20.exe

  • Size

    96KB

  • MD5

    f109b8ed3b703f7765eb7e1bc6975d29

  • SHA1

    05753b015d84d236e36c3aef40d9d22add05bf72

  • SHA256

    3e01af95f9b5b1b939b64241613fd91b2a738f66c5d1173df24e9e74faf1fc5e

  • SHA512

    580497f012a0045eb678373e53f6aad6709786e3aaf74a558384574edcd7c544152f9197264ba2c60c4d02c4dd8ce4e978291ae7ee9477ffaccb2b162d34dc1a

Score
6/10

Malware Config

Signatures

  • Maps connected drives based on registry 3 TTPs 3 IoCs

    Disk information is often read in order to detect sandboxing environments.

  • Writes to the Master Boot Record (MBR) 1 TTPs 1 IoCs

    Bootkits write to the MBR to gain persistence at a level below the operating system.

Processes

  • C:\Users\Admin\AppData\Local\Temp\HPUSBFW\DOS1\制作纯DOS启动U盘刷新BIOS\HP优盘格式化工具HPUSBFW 2.20.exe
    "C:\Users\Admin\AppData\Local\Temp\HPUSBFW\DOS1\制作纯DOS启动U盘刷新BIOS\HP优盘格式化工具HPUSBFW 2.20.exe"
    1⤵
    • Maps connected drives based on registry
    • Writes to the Master Boot Record (MBR)
    PID:552

Network

MITRE ATT&CK Matrix ATT&CK v6

Persistence

Bootkit

1
T1067

Discovery

Query Registry

1
T1012

Peripheral Device Discovery

1
T1120

System Information Discovery

1
T1082

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/552-54-0x0000000075501000-0x0000000075503000-memory.dmp
    Filesize

    8KB