109d1e60db795c10248ca36921d92725b1cdf3e5e7b28e42dea12d4e11538688 | Triage

Analysis

max time kernel
36s
max time network
46s
platform
windows7_x64
resource
win7-20220414-en
submitted
21-05-2022 00:04

Sharing

Report Analysis Logs

General

Target

109d1e60db795c10248ca36921d92725b1cdf3e5e7b28e42dea12d4e11538688.exe
Size

168KB
MD5

bbff0152e26275598487dc38866fca4e
SHA1

40a55b93459dcfd43252492e55099952411a70eb
SHA256

109d1e60db795c10248ca36921d92725b1cdf3e5e7b28e42dea12d4e11538688
SHA512

852e819398dafb052f289c2e949ca6844db8375a6306abe463cbf070ce9f273d98dec30d29350dcb349674c54015bd3b28e0d13628c3df5f25d779c388d7dc9e

Score

6^/10

bootkit persistence

Malware Config

Signatures

Writes to the Master Boot Record (MBR) 1 TTPs 1 IoCs
Bootkits write to the MBR to gain persistence at a level below the operating system.
bootkit persistence

Bootkit
T1067

Processes:

109d1e60db795c10248ca36921d92725b1cdf3e5e7b28e42dea12d4e11538688.exe

description ioc process

File opened for modification \??\PhysicalDrive0 109d1e60db795c10248ca36921d92725b1cdf3e5e7b28e42dea12d4e11538688.exe

C:\Users\Admin\AppData\Local\Temp\109d1e60db795c10248ca36921d92725b1cdf3e5e7b28e42dea12d4e11538688.exe
"C:\Users\Admin\AppData\Local\Temp\109d1e60db795c10248ca36921d92725b1cdf3e5e7b28e42dea12d4e11538688.exe"
1⤵
- Writes to the Master Boot Record (MBR)
PID:1868

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Bootkit

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1868-54-0x00000000002E0000-0x0000000000310000-memory.dmp

Filesize
192KB

Download
memory/1868-55-0x0000000075541000-0x0000000075543000-memory.dmp

Filesize
8KB

Download
memory/1868-56-0x0000000002205000-0x0000000002216000-memory.dmp

Filesize
68KB

Download