0558263c4d60cdfafea2d1725385218d1eb26219ed1646008ce571bb89809c7d | Triage

Analysis

max time kernel
26s
max time network
47s
platform
windows7_x64
resource
win7-20220414-en
submitted
20-05-2022 03:16

Sharing

Report Analysis Logs

General

Target

0558263c4d60cdfafea2d1725385218d1eb26219ed1646008ce571bb89809c7d.exe
Size

115KB
MD5

1c2e8e747cc72b83515852b41d269203
SHA1

23b760af0496c012ecb4c56074f19bf225b22282
SHA256

0558263c4d60cdfafea2d1725385218d1eb26219ed1646008ce571bb89809c7d
SHA512

305d174d7341c476f470f923be0ff980878ef650e7bd0a7b800e84101d002cdddcc8739c4e30ae09966596e602f43905bc8e575d252a7b5383e4bc02c7782bb4

Score

6^/10

bootkit persistence

Malware Config

Signatures

Writes to the Master Boot Record (MBR) 1 TTPs 1 IoCs
Bootkits write to the MBR to gain persistence at a level below the operating system.
bootkit persistence

Bootkit
T1067

Processes:

0558263c4d60cdfafea2d1725385218d1eb26219ed1646008ce571bb89809c7d.exe

description ioc process

File opened for modification \??\PhysicalDrive0 0558263c4d60cdfafea2d1725385218d1eb26219ed1646008ce571bb89809c7d.exe

C:\Users\Admin\AppData\Local\Temp\0558263c4d60cdfafea2d1725385218d1eb26219ed1646008ce571bb89809c7d.exe
"C:\Users\Admin\AppData\Local\Temp\0558263c4d60cdfafea2d1725385218d1eb26219ed1646008ce571bb89809c7d.exe"
1⤵
- Writes to the Master Boot Record (MBR)
PID:1904

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Bootkit

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Replay Monitor

Loading Replay Monitor...