General
Target
Filesize
Completed
Task
2e8a83ceff559f8df9b5bea70ea2224a6fe93edbd19b75db8c6e512d3c5eb35e.exe
893KB
21-05-2022 12:40
behavioral2
Score
6/10
MD5
SHA1
SHA256
SHA256
32020b2dffc1a7f9d4166be24f92bac9
56cb28de7e4f7f0972b5514f00afb2c56d1a2450
2e8a83ceff559f8df9b5bea70ea2224a6fe93edbd19b75db8c6e512d3c5eb35e
56fc1adbfcc9ace262182256b63f379e062fe9aa947bcfb017dea984d7ac2aad0bdb6d748a1f459fd7bf40d8e54904971aec5a4f11ab512b7868af531bb18b8f
Malware Config
Signatures 2
Filter: none
Persistence
-
Writes to the Master Boot Record (MBR)2e8a83ceff559f8df9b5bea70ea2224a6fe93edbd19b75db8c6e512d3c5eb35e.exe
Description
Bootkits write to the MBR to gain persistence at a level below the operating system.
Tags
TTPs
Reported IOCs
description ioc process File opened for modification \??\PhysicalDrive0 2e8a83ceff559f8df9b5bea70ea2224a6fe93edbd19b75db8c6e512d3c5eb35e.exe -
Suspicious behavior: EnumeratesProcesses2e8a83ceff559f8df9b5bea70ea2224a6fe93edbd19b75db8c6e512d3c5eb35e.exe
Reported IOCs
pid process 2628 2e8a83ceff559f8df9b5bea70ea2224a6fe93edbd19b75db8c6e512d3c5eb35e.exe 2628 2e8a83ceff559f8df9b5bea70ea2224a6fe93edbd19b75db8c6e512d3c5eb35e.exe
Processes 1
-
C:\Users\Admin\AppData\Local\Temp\2e8a83ceff559f8df9b5bea70ea2224a6fe93edbd19b75db8c6e512d3c5eb35e.exe"C:\Users\Admin\AppData\Local\Temp\2e8a83ceff559f8df9b5bea70ea2224a6fe93edbd19b75db8c6e512d3c5eb35e.exe"Writes to the Master Boot Record (MBR)Suspicious behavior: EnumeratesProcesses
Network
MITRE ATT&CK Matrix
Collection
Command and Control
Credential Access
Defense Evasion
Discovery
Execution
Exfiltration
Impact
Initial Access
Lateral Movement
Persistence
Privilege Escalation
Replay Monitor
00:00
00:00
Downloads
Title
Loading data