Triage | Behavioral Report

Analysis

max time kernel
36s
max time network
46s
platform
windows7_x64
resource
win7-20220414-en
submitted
21-05-2022 00:04

Sharing

Report Files Registry Network Processes Mutex Misc

General

Target

109d1e60db795c10248ca36921d92725b1cdf3e5e7b28e42dea12d4e11538688.exe
Size

168KB
MD5

bbff0152e26275598487dc38866fca4e
SHA1

40a55b93459dcfd43252492e55099952411a70eb
SHA256

109d1e60db795c10248ca36921d92725b1cdf3e5e7b28e42dea12d4e11538688
SHA512

852e819398dafb052f289c2e949ca6844db8375a6306abe463cbf070ce9f273d98dec30d29350dcb349674c54015bd3b28e0d13628c3df5f25d779c388d7dc9e

Score

6^/10

bootkit persistence

Malware Config

Signatures

Writes to the Master Boot Record (MBR) ⋅ 1 TTPs 1 IoCs
Bootkits write to the MBR to gain persistence at a level below the operating system.
bootkit persistence

TTPs:

Bootkit

Processes:

109d1e60db795c10248ca36921d92725b1cdf3e5e7b28e42dea12d4e11538688.exe

description ioc process

File opened for modification \??\PhysicalDrive0 109d1e60db795c10248ca36921d92725b1cdf3e5e7b28e42dea12d4e11538688.exe

C:\Users\Admin\AppData\Local\Temp\109d1e60db795c10248ca36921d92725b1cdf3e5e7b28e42dea12d4e11538688.exe

"C:\Users\Admin\AppData\Local\Temp\109d1e60db795c10248ca36921d92725b1cdf3e5e7b28e42dea12d4e11538688.exe"

Writes to the Master Boot Record (MBR)

PID:1868

MITRE ATT&CK Matrix

Collection

Command and Control

Credential Access

Defense Evasion

Discovery

Execution

Exfiltration

Impact

Initial Access

Lateral Movement

Persistence

Bootkit

Privilege Escalation

Replay Monitor

00:00 00:00

Downloads

memory/1868-54-0x00000000002E0000-0x0000000000310000-memory.dmp

Download
memory/1868-55-0x0000000075541000-0x0000000075543000-memory.dmp

Download
memory/1868-56-0x0000000002205000-0x0000000002216000-memory.dmp

Download