General
Target

109d1e60db795c10248ca36921d92725b1cdf3e5e7b28e42dea12d4e11538688.exe

Filesize

168KB

Completed

21-05-2022 00:07

Task

behavioral2

Score
6/10
MD5

bbff0152e26275598487dc38866fca4e

SHA1

40a55b93459dcfd43252492e55099952411a70eb

SHA256

109d1e60db795c10248ca36921d92725b1cdf3e5e7b28e42dea12d4e11538688

SHA256

852e819398dafb052f289c2e949ca6844db8375a6306abe463cbf070ce9f273d98dec30d29350dcb349674c54015bd3b28e0d13628c3df5f25d779c388d7dc9e

Malware Config
Signatures 1

Filter: none

Persistence
  • Writes to the Master Boot Record (MBR)
    109d1e60db795c10248ca36921d92725b1cdf3e5e7b28e42dea12d4e11538688.exe

    Description

    Bootkits write to the MBR to gain persistence at a level below the operating system.

    TTPs

    Bootkit

    Reported IOCs

    descriptioniocprocess
    File opened for modification\??\PhysicalDrive0109d1e60db795c10248ca36921d92725b1cdf3e5e7b28e42dea12d4e11538688.exe
Processes 1
  • C:\Users\Admin\AppData\Local\Temp\109d1e60db795c10248ca36921d92725b1cdf3e5e7b28e42dea12d4e11538688.exe
    "C:\Users\Admin\AppData\Local\Temp\109d1e60db795c10248ca36921d92725b1cdf3e5e7b28e42dea12d4e11538688.exe"
    Writes to the Master Boot Record (MBR)
    PID:2512
Network
MITRE ATT&CK Matrix
Collection
    Command and Control
      Credential Access
        Defense Evasion
          Discovery
            Execution
              Exfiltration
                Impact
                  Initial Access
                    Lateral Movement
                      Persistence
                      Privilege Escalation
                        Replay Monitor
                        00:00 00:00
                        Downloads
                        • memory/2512-130-0x0000000000130000-0x0000000000160000-memory.dmp

                        • memory/2512-131-0x0000000005050000-0x00000000055F4000-memory.dmp

                        • memory/2512-132-0x0000000004B40000-0x0000000004BD2000-memory.dmp

                        • memory/2512-133-0x0000000004B20000-0x0000000004B2A000-memory.dmp