109d1e60db795c10248ca36921d92725b1cdf3e5e7b28e42dea12d4e11538688 | Triage

Analysis

max time kernel
135s
max time network
159s
platform
windows10-2004_x64
resource
win10v2004-20220414-en
submitted
21-05-2022 00:04

Sharing

Report Analysis Logs

General

Target

109d1e60db795c10248ca36921d92725b1cdf3e5e7b28e42dea12d4e11538688.exe
Size

168KB
MD5

bbff0152e26275598487dc38866fca4e
SHA1

40a55b93459dcfd43252492e55099952411a70eb
SHA256

109d1e60db795c10248ca36921d92725b1cdf3e5e7b28e42dea12d4e11538688
SHA512

852e819398dafb052f289c2e949ca6844db8375a6306abe463cbf070ce9f273d98dec30d29350dcb349674c54015bd3b28e0d13628c3df5f25d779c388d7dc9e

Score

6^/10

bootkit persistence

Malware Config

Signatures

Writes to the Master Boot Record (MBR) 1 TTPs 1 IoCs
Bootkits write to the MBR to gain persistence at a level below the operating system.
bootkit persistence

Bootkit
T1067

Processes:

109d1e60db795c10248ca36921d92725b1cdf3e5e7b28e42dea12d4e11538688.exe

description ioc process

File opened for modification \??\PhysicalDrive0 109d1e60db795c10248ca36921d92725b1cdf3e5e7b28e42dea12d4e11538688.exe

C:\Users\Admin\AppData\Local\Temp\109d1e60db795c10248ca36921d92725b1cdf3e5e7b28e42dea12d4e11538688.exe
"C:\Users\Admin\AppData\Local\Temp\109d1e60db795c10248ca36921d92725b1cdf3e5e7b28e42dea12d4e11538688.exe"
- Writes to the Master Boot Record (MBR)
PID:2512

Network

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Bootkit

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2512-130-0x0000000000130000-0x0000000000160000-memory.dmp

Filesize
192KB

Download
memory/2512-131-0x0000000005050000-0x00000000055F4000-memory.dmp

Filesize
5MB

Download
memory/2512-132-0x0000000004B40000-0x0000000004BD2000-memory.dmp

Filesize
584KB

Download
memory/2512-133-0x0000000004B20000-0x0000000004B2A000-memory.dmp

Filesize
40KB

Download