f8e35ada103eae2edb782f046feb0557b6c2c0ea0d36459f549916e0ba12b708 | Triage

Submit
Reports

Overview

overview

8

Static

static

tmp.exe

windows7_x64

8

tmp.exe

windows10-2004_x64

8

Sharing

General

Target

tmp
Size

4.4MB
Sample

220521-rrxwcahfd9
MD5

dff5313b59c0e94087e4bc9240cfc6f9
SHA1

c838c95ed8f85f3169800b7f3bd3bb50d0541f86
SHA256

f8e35ada103eae2edb782f046feb0557b6c2c0ea0d36459f549916e0ba12b708
SHA512

a2a922e341b50c7a019f5f5758e8644f013933a5ffc17acfbbbe33b02cd06e07d94b57b4cd9b0e248e5300f4baea99a0108b87d731c311ead87d63947300eacc

Score

8^/10

bootkit persistence

Static task

static1

Behavioral task

behavioral1

Sample

tmp.exe

Resource

win7-20220414-en

bootkit persistence

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

tmp.exe

Resource

win10v2004-20220414-en

bootkit persistence

windows10-2004_x64

0 signatures

0 seconds

Malware Config

Targets

- Target
  
  tmp
- Size
  
  4.4MB
- MD5
  
  dff5313b59c0e94087e4bc9240cfc6f9
- SHA1
  
  c838c95ed8f85f3169800b7f3bd3bb50d0541f86
- SHA256
  
  f8e35ada103eae2edb782f046feb0557b6c2c0ea0d36459f549916e0ba12b708
- SHA512
  
  a2a922e341b50c7a019f5f5758e8644f013933a5ffc17acfbbbe33b02cd06e07d94b57b4cd9b0e248e5300f4baea99a0108b87d731c311ead87d63947300eacc
Score

8^/10

bootkit persistence
- Executes dropped EXE
- Loads dropped DLL
- Writes to the Master Boot Record (MBR)
  Bootkits write to the MBR to gain persistence at a level below the operating system.
  bootkit persistence
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Bootkit

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

bootkitpersistence

behavioral2

bootkitpersistence

© 2018-2024

Terms | Privacy