6af6fac0ec5a17969be51057f12bc26a43d7611bdcfd3e26c48eb26012f61d57

General

Target

6af6fac0ec5a17969be51057f12bc26a43d7611bdcfd3e26c48eb26012f61d57.exe
Size

2.8MB
MD5

caa059208f1428b831e456bbe489f382
SHA1

1c62f1db4badcbb65d9d9192a5d5facdf30ce49c
SHA256

6af6fac0ec5a17969be51057f12bc26a43d7611bdcfd3e26c48eb26012f61d57
SHA512

e51581e153fe9515b93486a499291fc48ac6eb89f9eac9148c168e63940995a6bb2aee48a65181cf5e15caae471f34375ccb41e2a9e6692850d87bff83221477

Score

6^/10

bootkit persistence

Malware Config

Signatures

Writes to the Master Boot Record (MBR) 1 TTPs 1 IoCs
Bootkits write to the MBR to gain persistence at a level below the operating system.
bootkit persistence

Bootkit
T1067

Processes:

6af6fac0ec5a17969be51057f12bc26a43d7611bdcfd3e26c48eb26012f61d57.exe

description ioc process

File opened for modification \??\PhysicalDrive0 6af6fac0ec5a17969be51057f12bc26a43d7611bdcfd3e26c48eb26012f61d57.exe

description	ioc	process
File opened for modification	\??\PhysicalDrive0	6af6fac0ec5a17969be51057f12bc26a43d7611bdcfd3e26c48eb26012f61d57.exe

Suspicious behavior: EnumeratesProcesses 64 IoCs

Processes:

6af6fac0ec5a17969be51057f12bc26a43d7611bdcfd3e26c48eb26012f61d57.exe

pid	process
1216	6af6fac0ec5a17969be51057f12bc26a43d7611bdcfd3e26c48eb26012f61d57.exe
1216	6af6fac0ec5a17969be51057f12bc26a43d7611bdcfd3e26c48eb26012f61d57.exe
1216	6af6fac0ec5a17969be51057f12bc26a43d7611bdcfd3e26c48eb26012f61d57.exe
1216	6af6fac0ec5a17969be51057f12bc26a43d7611bdcfd3e26c48eb26012f61d57.exe
1216	6af6fac0ec5a17969be51057f12bc26a43d7611bdcfd3e26c48eb26012f61d57.exe
1216	6af6fac0ec5a17969be51057f12bc26a43d7611bdcfd3e26c48eb26012f61d57.exe
1216	6af6fac0ec5a17969be51057f12bc26a43d7611bdcfd3e26c48eb26012f61d57.exe
1216	6af6fac0ec5a17969be51057f12bc26a43d7611bdcfd3e26c48eb26012f61d57.exe
1216	6af6fac0ec5a17969be51057f12bc26a43d7611bdcfd3e26c48eb26012f61d57.exe
1216	6af6fac0ec5a17969be51057f12bc26a43d7611bdcfd3e26c48eb26012f61d57.exe
1216	6af6fac0ec5a17969be51057f12bc26a43d7611bdcfd3e26c48eb26012f61d57.exe
1216	6af6fac0ec5a17969be51057f12bc26a43d7611bdcfd3e26c48eb26012f61d57.exe
1216	6af6fac0ec5a17969be51057f12bc26a43d7611bdcfd3e26c48eb26012f61d57.exe
1216	6af6fac0ec5a17969be51057f12bc26a43d7611bdcfd3e26c48eb26012f61d57.exe
1216	6af6fac0ec5a17969be51057f12bc26a43d7611bdcfd3e26c48eb26012f61d57.exe
1216	6af6fac0ec5a17969be51057f12bc26a43d7611bdcfd3e26c48eb26012f61d57.exe
1216	6af6fac0ec5a17969be51057f12bc26a43d7611bdcfd3e26c48eb26012f61d57.exe
1216	6af6fac0ec5a17969be51057f12bc26a43d7611bdcfd3e26c48eb26012f61d57.exe
1216	6af6fac0ec5a17969be51057f12bc26a43d7611bdcfd3e26c48eb26012f61d57.exe
1216	6af6fac0ec5a17969be51057f12bc26a43d7611bdcfd3e26c48eb26012f61d57.exe
1216	6af6fac0ec5a17969be51057f12bc26a43d7611bdcfd3e26c48eb26012f61d57.exe
1216	6af6fac0ec5a17969be51057f12bc26a43d7611bdcfd3e26c48eb26012f61d57.exe
1216	6af6fac0ec5a17969be51057f12bc26a43d7611bdcfd3e26c48eb26012f61d57.exe
1216	6af6fac0ec5a17969be51057f12bc26a43d7611bdcfd3e26c48eb26012f61d57.exe
1216	6af6fac0ec5a17969be51057f12bc26a43d7611bdcfd3e26c48eb26012f61d57.exe
1216	6af6fac0ec5a17969be51057f12bc26a43d7611bdcfd3e26c48eb26012f61d57.exe
1216	6af6fac0ec5a17969be51057f12bc26a43d7611bdcfd3e26c48eb26012f61d57.exe
1216	6af6fac0ec5a17969be51057f12bc26a43d7611bdcfd3e26c48eb26012f61d57.exe
1216	6af6fac0ec5a17969be51057f12bc26a43d7611bdcfd3e26c48eb26012f61d57.exe
1216	6af6fac0ec5a17969be51057f12bc26a43d7611bdcfd3e26c48eb26012f61d57.exe
1216	6af6fac0ec5a17969be51057f12bc26a43d7611bdcfd3e26c48eb26012f61d57.exe
1216	6af6fac0ec5a17969be51057f12bc26a43d7611bdcfd3e26c48eb26012f61d57.exe
1216	6af6fac0ec5a17969be51057f12bc26a43d7611bdcfd3e26c48eb26012f61d57.exe
1216	6af6fac0ec5a17969be51057f12bc26a43d7611bdcfd3e26c48eb26012f61d57.exe
1216	6af6fac0ec5a17969be51057f12bc26a43d7611bdcfd3e26c48eb26012f61d57.exe
1216	6af6fac0ec5a17969be51057f12bc26a43d7611bdcfd3e26c48eb26012f61d57.exe
1216	6af6fac0ec5a17969be51057f12bc26a43d7611bdcfd3e26c48eb26012f61d57.exe
1216	6af6fac0ec5a17969be51057f12bc26a43d7611bdcfd3e26c48eb26012f61d57.exe
1216	6af6fac0ec5a17969be51057f12bc26a43d7611bdcfd3e26c48eb26012f61d57.exe
1216	6af6fac0ec5a17969be51057f12bc26a43d7611bdcfd3e26c48eb26012f61d57.exe
1216	6af6fac0ec5a17969be51057f12bc26a43d7611bdcfd3e26c48eb26012f61d57.exe
1216	6af6fac0ec5a17969be51057f12bc26a43d7611bdcfd3e26c48eb26012f61d57.exe
1216	6af6fac0ec5a17969be51057f12bc26a43d7611bdcfd3e26c48eb26012f61d57.exe
1216	6af6fac0ec5a17969be51057f12bc26a43d7611bdcfd3e26c48eb26012f61d57.exe
1216	6af6fac0ec5a17969be51057f12bc26a43d7611bdcfd3e26c48eb26012f61d57.exe
1216	6af6fac0ec5a17969be51057f12bc26a43d7611bdcfd3e26c48eb26012f61d57.exe
1216	6af6fac0ec5a17969be51057f12bc26a43d7611bdcfd3e26c48eb26012f61d57.exe
1216	6af6fac0ec5a17969be51057f12bc26a43d7611bdcfd3e26c48eb26012f61d57.exe
1216	6af6fac0ec5a17969be51057f12bc26a43d7611bdcfd3e26c48eb26012f61d57.exe
1216	6af6fac0ec5a17969be51057f12bc26a43d7611bdcfd3e26c48eb26012f61d57.exe
1216	6af6fac0ec5a17969be51057f12bc26a43d7611bdcfd3e26c48eb26012f61d57.exe
1216	6af6fac0ec5a17969be51057f12bc26a43d7611bdcfd3e26c48eb26012f61d57.exe
1216	6af6fac0ec5a17969be51057f12bc26a43d7611bdcfd3e26c48eb26012f61d57.exe
1216	6af6fac0ec5a17969be51057f12bc26a43d7611bdcfd3e26c48eb26012f61d57.exe
1216	6af6fac0ec5a17969be51057f12bc26a43d7611bdcfd3e26c48eb26012f61d57.exe
1216	6af6fac0ec5a17969be51057f12bc26a43d7611bdcfd3e26c48eb26012f61d57.exe
1216	6af6fac0ec5a17969be51057f12bc26a43d7611bdcfd3e26c48eb26012f61d57.exe
1216	6af6fac0ec5a17969be51057f12bc26a43d7611bdcfd3e26c48eb26012f61d57.exe
1216	6af6fac0ec5a17969be51057f12bc26a43d7611bdcfd3e26c48eb26012f61d57.exe
1216	6af6fac0ec5a17969be51057f12bc26a43d7611bdcfd3e26c48eb26012f61d57.exe
1216	6af6fac0ec5a17969be51057f12bc26a43d7611bdcfd3e26c48eb26012f61d57.exe
1216	6af6fac0ec5a17969be51057f12bc26a43d7611bdcfd3e26c48eb26012f61d57.exe
1216	6af6fac0ec5a17969be51057f12bc26a43d7611bdcfd3e26c48eb26012f61d57.exe
1216	6af6fac0ec5a17969be51057f12bc26a43d7611bdcfd3e26c48eb26012f61d57.exe

Suspicious use of FindShellTrayWindow 64 IoCs

Processes:

6af6fac0ec5a17969be51057f12bc26a43d7611bdcfd3e26c48eb26012f61d57.exe

pid	process
1216	6af6fac0ec5a17969be51057f12bc26a43d7611bdcfd3e26c48eb26012f61d57.exe
1216	6af6fac0ec5a17969be51057f12bc26a43d7611bdcfd3e26c48eb26012f61d57.exe
1216	6af6fac0ec5a17969be51057f12bc26a43d7611bdcfd3e26c48eb26012f61d57.exe
1216	6af6fac0ec5a17969be51057f12bc26a43d7611bdcfd3e26c48eb26012f61d57.exe
1216	6af6fac0ec5a17969be51057f12bc26a43d7611bdcfd3e26c48eb26012f61d57.exe
1216	6af6fac0ec5a17969be51057f12bc26a43d7611bdcfd3e26c48eb26012f61d57.exe
1216	6af6fac0ec5a17969be51057f12bc26a43d7611bdcfd3e26c48eb26012f61d57.exe
1216	6af6fac0ec5a17969be51057f12bc26a43d7611bdcfd3e26c48eb26012f61d57.exe
1216	6af6fac0ec5a17969be51057f12bc26a43d7611bdcfd3e26c48eb26012f61d57.exe
1216	6af6fac0ec5a17969be51057f12bc26a43d7611bdcfd3e26c48eb26012f61d57.exe
1216	6af6fac0ec5a17969be51057f12bc26a43d7611bdcfd3e26c48eb26012f61d57.exe
1216	6af6fac0ec5a17969be51057f12bc26a43d7611bdcfd3e26c48eb26012f61d57.exe
1216	6af6fac0ec5a17969be51057f12bc26a43d7611bdcfd3e26c48eb26012f61d57.exe
1216	6af6fac0ec5a17969be51057f12bc26a43d7611bdcfd3e26c48eb26012f61d57.exe
1216	6af6fac0ec5a17969be51057f12bc26a43d7611bdcfd3e26c48eb26012f61d57.exe
1216	6af6fac0ec5a17969be51057f12bc26a43d7611bdcfd3e26c48eb26012f61d57.exe
1216	6af6fac0ec5a17969be51057f12bc26a43d7611bdcfd3e26c48eb26012f61d57.exe
1216	6af6fac0ec5a17969be51057f12bc26a43d7611bdcfd3e26c48eb26012f61d57.exe
1216	6af6fac0ec5a17969be51057f12bc26a43d7611bdcfd3e26c48eb26012f61d57.exe
1216	6af6fac0ec5a17969be51057f12bc26a43d7611bdcfd3e26c48eb26012f61d57.exe
1216	6af6fac0ec5a17969be51057f12bc26a43d7611bdcfd3e26c48eb26012f61d57.exe
1216	6af6fac0ec5a17969be51057f12bc26a43d7611bdcfd3e26c48eb26012f61d57.exe
1216	6af6fac0ec5a17969be51057f12bc26a43d7611bdcfd3e26c48eb26012f61d57.exe
1216	6af6fac0ec5a17969be51057f12bc26a43d7611bdcfd3e26c48eb26012f61d57.exe
1216	6af6fac0ec5a17969be51057f12bc26a43d7611bdcfd3e26c48eb26012f61d57.exe
1216	6af6fac0ec5a17969be51057f12bc26a43d7611bdcfd3e26c48eb26012f61d57.exe
1216	6af6fac0ec5a17969be51057f12bc26a43d7611bdcfd3e26c48eb26012f61d57.exe
1216	6af6fac0ec5a17969be51057f12bc26a43d7611bdcfd3e26c48eb26012f61d57.exe
1216	6af6fac0ec5a17969be51057f12bc26a43d7611bdcfd3e26c48eb26012f61d57.exe
1216	6af6fac0ec5a17969be51057f12bc26a43d7611bdcfd3e26c48eb26012f61d57.exe
1216	6af6fac0ec5a17969be51057f12bc26a43d7611bdcfd3e26c48eb26012f61d57.exe
1216	6af6fac0ec5a17969be51057f12bc26a43d7611bdcfd3e26c48eb26012f61d57.exe
1216	6af6fac0ec5a17969be51057f12bc26a43d7611bdcfd3e26c48eb26012f61d57.exe
1216	6af6fac0ec5a17969be51057f12bc26a43d7611bdcfd3e26c48eb26012f61d57.exe
1216	6af6fac0ec5a17969be51057f12bc26a43d7611bdcfd3e26c48eb26012f61d57.exe
1216	6af6fac0ec5a17969be51057f12bc26a43d7611bdcfd3e26c48eb26012f61d57.exe
1216	6af6fac0ec5a17969be51057f12bc26a43d7611bdcfd3e26c48eb26012f61d57.exe
1216	6af6fac0ec5a17969be51057f12bc26a43d7611bdcfd3e26c48eb26012f61d57.exe
1216	6af6fac0ec5a17969be51057f12bc26a43d7611bdcfd3e26c48eb26012f61d57.exe
1216	6af6fac0ec5a17969be51057f12bc26a43d7611bdcfd3e26c48eb26012f61d57.exe
1216	6af6fac0ec5a17969be51057f12bc26a43d7611bdcfd3e26c48eb26012f61d57.exe
1216	6af6fac0ec5a17969be51057f12bc26a43d7611bdcfd3e26c48eb26012f61d57.exe
1216	6af6fac0ec5a17969be51057f12bc26a43d7611bdcfd3e26c48eb26012f61d57.exe
1216	6af6fac0ec5a17969be51057f12bc26a43d7611bdcfd3e26c48eb26012f61d57.exe
1216	6af6fac0ec5a17969be51057f12bc26a43d7611bdcfd3e26c48eb26012f61d57.exe
1216	6af6fac0ec5a17969be51057f12bc26a43d7611bdcfd3e26c48eb26012f61d57.exe
1216	6af6fac0ec5a17969be51057f12bc26a43d7611bdcfd3e26c48eb26012f61d57.exe
1216	6af6fac0ec5a17969be51057f12bc26a43d7611bdcfd3e26c48eb26012f61d57.exe
1216	6af6fac0ec5a17969be51057f12bc26a43d7611bdcfd3e26c48eb26012f61d57.exe
1216	6af6fac0ec5a17969be51057f12bc26a43d7611bdcfd3e26c48eb26012f61d57.exe
1216	6af6fac0ec5a17969be51057f12bc26a43d7611bdcfd3e26c48eb26012f61d57.exe
1216	6af6fac0ec5a17969be51057f12bc26a43d7611bdcfd3e26c48eb26012f61d57.exe
1216	6af6fac0ec5a17969be51057f12bc26a43d7611bdcfd3e26c48eb26012f61d57.exe
1216	6af6fac0ec5a17969be51057f12bc26a43d7611bdcfd3e26c48eb26012f61d57.exe
1216	6af6fac0ec5a17969be51057f12bc26a43d7611bdcfd3e26c48eb26012f61d57.exe
1216	6af6fac0ec5a17969be51057f12bc26a43d7611bdcfd3e26c48eb26012f61d57.exe
1216	6af6fac0ec5a17969be51057f12bc26a43d7611bdcfd3e26c48eb26012f61d57.exe
1216	6af6fac0ec5a17969be51057f12bc26a43d7611bdcfd3e26c48eb26012f61d57.exe
1216	6af6fac0ec5a17969be51057f12bc26a43d7611bdcfd3e26c48eb26012f61d57.exe
1216	6af6fac0ec5a17969be51057f12bc26a43d7611bdcfd3e26c48eb26012f61d57.exe
1216	6af6fac0ec5a17969be51057f12bc26a43d7611bdcfd3e26c48eb26012f61d57.exe
1216	6af6fac0ec5a17969be51057f12bc26a43d7611bdcfd3e26c48eb26012f61d57.exe
1216	6af6fac0ec5a17969be51057f12bc26a43d7611bdcfd3e26c48eb26012f61d57.exe
1216	6af6fac0ec5a17969be51057f12bc26a43d7611bdcfd3e26c48eb26012f61d57.exe

Suspicious use of SendNotifyMessage 64 IoCs

Processes:

6af6fac0ec5a17969be51057f12bc26a43d7611bdcfd3e26c48eb26012f61d57.exe

pid	process
1216	6af6fac0ec5a17969be51057f12bc26a43d7611bdcfd3e26c48eb26012f61d57.exe
1216	6af6fac0ec5a17969be51057f12bc26a43d7611bdcfd3e26c48eb26012f61d57.exe
1216	6af6fac0ec5a17969be51057f12bc26a43d7611bdcfd3e26c48eb26012f61d57.exe
1216	6af6fac0ec5a17969be51057f12bc26a43d7611bdcfd3e26c48eb26012f61d57.exe
1216	6af6fac0ec5a17969be51057f12bc26a43d7611bdcfd3e26c48eb26012f61d57.exe
1216	6af6fac0ec5a17969be51057f12bc26a43d7611bdcfd3e26c48eb26012f61d57.exe
1216	6af6fac0ec5a17969be51057f12bc26a43d7611bdcfd3e26c48eb26012f61d57.exe
1216	6af6fac0ec5a17969be51057f12bc26a43d7611bdcfd3e26c48eb26012f61d57.exe
1216	6af6fac0ec5a17969be51057f12bc26a43d7611bdcfd3e26c48eb26012f61d57.exe
1216	6af6fac0ec5a17969be51057f12bc26a43d7611bdcfd3e26c48eb26012f61d57.exe
1216	6af6fac0ec5a17969be51057f12bc26a43d7611bdcfd3e26c48eb26012f61d57.exe
1216	6af6fac0ec5a17969be51057f12bc26a43d7611bdcfd3e26c48eb26012f61d57.exe
1216	6af6fac0ec5a17969be51057f12bc26a43d7611bdcfd3e26c48eb26012f61d57.exe
1216	6af6fac0ec5a17969be51057f12bc26a43d7611bdcfd3e26c48eb26012f61d57.exe
1216	6af6fac0ec5a17969be51057f12bc26a43d7611bdcfd3e26c48eb26012f61d57.exe
1216	6af6fac0ec5a17969be51057f12bc26a43d7611bdcfd3e26c48eb26012f61d57.exe
1216	6af6fac0ec5a17969be51057f12bc26a43d7611bdcfd3e26c48eb26012f61d57.exe
1216	6af6fac0ec5a17969be51057f12bc26a43d7611bdcfd3e26c48eb26012f61d57.exe
1216	6af6fac0ec5a17969be51057f12bc26a43d7611bdcfd3e26c48eb26012f61d57.exe
1216	6af6fac0ec5a17969be51057f12bc26a43d7611bdcfd3e26c48eb26012f61d57.exe
1216	6af6fac0ec5a17969be51057f12bc26a43d7611bdcfd3e26c48eb26012f61d57.exe
1216	6af6fac0ec5a17969be51057f12bc26a43d7611bdcfd3e26c48eb26012f61d57.exe
1216	6af6fac0ec5a17969be51057f12bc26a43d7611bdcfd3e26c48eb26012f61d57.exe
1216	6af6fac0ec5a17969be51057f12bc26a43d7611bdcfd3e26c48eb26012f61d57.exe
1216	6af6fac0ec5a17969be51057f12bc26a43d7611bdcfd3e26c48eb26012f61d57.exe
1216	6af6fac0ec5a17969be51057f12bc26a43d7611bdcfd3e26c48eb26012f61d57.exe
1216	6af6fac0ec5a17969be51057f12bc26a43d7611bdcfd3e26c48eb26012f61d57.exe
1216	6af6fac0ec5a17969be51057f12bc26a43d7611bdcfd3e26c48eb26012f61d57.exe
1216	6af6fac0ec5a17969be51057f12bc26a43d7611bdcfd3e26c48eb26012f61d57.exe
1216	6af6fac0ec5a17969be51057f12bc26a43d7611bdcfd3e26c48eb26012f61d57.exe
1216	6af6fac0ec5a17969be51057f12bc26a43d7611bdcfd3e26c48eb26012f61d57.exe
1216	6af6fac0ec5a17969be51057f12bc26a43d7611bdcfd3e26c48eb26012f61d57.exe
1216	6af6fac0ec5a17969be51057f12bc26a43d7611bdcfd3e26c48eb26012f61d57.exe
1216	6af6fac0ec5a17969be51057f12bc26a43d7611bdcfd3e26c48eb26012f61d57.exe
1216	6af6fac0ec5a17969be51057f12bc26a43d7611bdcfd3e26c48eb26012f61d57.exe
1216	6af6fac0ec5a17969be51057f12bc26a43d7611bdcfd3e26c48eb26012f61d57.exe
1216	6af6fac0ec5a17969be51057f12bc26a43d7611bdcfd3e26c48eb26012f61d57.exe
1216	6af6fac0ec5a17969be51057f12bc26a43d7611bdcfd3e26c48eb26012f61d57.exe
1216	6af6fac0ec5a17969be51057f12bc26a43d7611bdcfd3e26c48eb26012f61d57.exe
1216	6af6fac0ec5a17969be51057f12bc26a43d7611bdcfd3e26c48eb26012f61d57.exe
1216	6af6fac0ec5a17969be51057f12bc26a43d7611bdcfd3e26c48eb26012f61d57.exe
1216	6af6fac0ec5a17969be51057f12bc26a43d7611bdcfd3e26c48eb26012f61d57.exe
1216	6af6fac0ec5a17969be51057f12bc26a43d7611bdcfd3e26c48eb26012f61d57.exe
1216	6af6fac0ec5a17969be51057f12bc26a43d7611bdcfd3e26c48eb26012f61d57.exe
1216	6af6fac0ec5a17969be51057f12bc26a43d7611bdcfd3e26c48eb26012f61d57.exe
1216	6af6fac0ec5a17969be51057f12bc26a43d7611bdcfd3e26c48eb26012f61d57.exe
1216	6af6fac0ec5a17969be51057f12bc26a43d7611bdcfd3e26c48eb26012f61d57.exe
1216	6af6fac0ec5a17969be51057f12bc26a43d7611bdcfd3e26c48eb26012f61d57.exe
1216	6af6fac0ec5a17969be51057f12bc26a43d7611bdcfd3e26c48eb26012f61d57.exe
1216	6af6fac0ec5a17969be51057f12bc26a43d7611bdcfd3e26c48eb26012f61d57.exe
1216	6af6fac0ec5a17969be51057f12bc26a43d7611bdcfd3e26c48eb26012f61d57.exe
1216	6af6fac0ec5a17969be51057f12bc26a43d7611bdcfd3e26c48eb26012f61d57.exe
1216	6af6fac0ec5a17969be51057f12bc26a43d7611bdcfd3e26c48eb26012f61d57.exe
1216	6af6fac0ec5a17969be51057f12bc26a43d7611bdcfd3e26c48eb26012f61d57.exe
1216	6af6fac0ec5a17969be51057f12bc26a43d7611bdcfd3e26c48eb26012f61d57.exe
1216	6af6fac0ec5a17969be51057f12bc26a43d7611bdcfd3e26c48eb26012f61d57.exe
1216	6af6fac0ec5a17969be51057f12bc26a43d7611bdcfd3e26c48eb26012f61d57.exe
1216	6af6fac0ec5a17969be51057f12bc26a43d7611bdcfd3e26c48eb26012f61d57.exe
1216	6af6fac0ec5a17969be51057f12bc26a43d7611bdcfd3e26c48eb26012f61d57.exe
1216	6af6fac0ec5a17969be51057f12bc26a43d7611bdcfd3e26c48eb26012f61d57.exe
1216	6af6fac0ec5a17969be51057f12bc26a43d7611bdcfd3e26c48eb26012f61d57.exe
1216	6af6fac0ec5a17969be51057f12bc26a43d7611bdcfd3e26c48eb26012f61d57.exe
1216	6af6fac0ec5a17969be51057f12bc26a43d7611bdcfd3e26c48eb26012f61d57.exe
1216	6af6fac0ec5a17969be51057f12bc26a43d7611bdcfd3e26c48eb26012f61d57.exe

Suspicious use of SetWindowsHookEx 3 IoCs

Processes:

6af6fac0ec5a17969be51057f12bc26a43d7611bdcfd3e26c48eb26012f61d57.exe

pid	process
1216	6af6fac0ec5a17969be51057f12bc26a43d7611bdcfd3e26c48eb26012f61d57.exe
1216	6af6fac0ec5a17969be51057f12bc26a43d7611bdcfd3e26c48eb26012f61d57.exe
1216	6af6fac0ec5a17969be51057f12bc26a43d7611bdcfd3e26c48eb26012f61d57.exe

C:\Users\Admin\AppData\Local\Temp\6af6fac0ec5a17969be51057f12bc26a43d7611bdcfd3e26c48eb26012f61d57.exe
"C:\Users\Admin\AppData\Local\Temp\6af6fac0ec5a17969be51057f12bc26a43d7611bdcfd3e26c48eb26012f61d57.exe"
1⤵
- Writes to the Master Boot Record (MBR)
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
PID:1216

Network

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Bootkit

1

T1067

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1216-54-0x0000000075951000-0x0000000075953000-memory.dmp

Filesize
8KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix ATT&CK v6

Replay Monitor

Loading Replay Monitor...

Downloads