Analysis

  • max time kernel
    36s
  • max time network
    46s
  • platform
    windows7_x64
  • resource
    win7-20220414-en
  • submitted
    21-05-2022 00:04

General

  • Target

    109d1e60db795c10248ca36921d92725b1cdf3e5e7b28e42dea12d4e11538688.exe

  • Size

    168KB

  • MD5

    bbff0152e26275598487dc38866fca4e

  • SHA1

    40a55b93459dcfd43252492e55099952411a70eb

  • SHA256

    109d1e60db795c10248ca36921d92725b1cdf3e5e7b28e42dea12d4e11538688

  • SHA512

    852e819398dafb052f289c2e949ca6844db8375a6306abe463cbf070ce9f273d98dec30d29350dcb349674c54015bd3b28e0d13628c3df5f25d779c388d7dc9e

Score
6/10

Malware Config

Signatures

  • Writes to the Master Boot Record (MBR) ⋅ 1 TTPs 1 IoCs

    Bootkits write to the MBR to gain persistence at a level below the operating system.

Processes

  • C:\Users\Admin\AppData\Local\Temp\109d1e60db795c10248ca36921d92725b1cdf3e5e7b28e42dea12d4e11538688.exe
    "C:\Users\Admin\AppData\Local\Temp\109d1e60db795c10248ca36921d92725b1cdf3e5e7b28e42dea12d4e11538688.exe"
    Writes to the Master Boot Record (MBR)
    PID:1868

Network

MITRE ATT&CK Matrix

Collection

    Command and Control

      Credential Access

        Defense Evasion

          Discovery

            Execution

              Exfiltration

                Impact

                  Initial Access

                    Lateral Movement

                      Persistence

                      Privilege Escalation

                        Replay Monitor

                        00:00 00:00

                        Downloads

                        • memory/1868-54-0x00000000002E0000-0x0000000000310000-memory.dmp
                        • memory/1868-55-0x0000000075541000-0x0000000075543000-memory.dmp
                        • memory/1868-56-0x0000000002205000-0x0000000002216000-memory.dmp