Analysis
-
max time kernel
137s -
max time network
140s -
platform
windows10-2004_x64 -
resource
win10v2004-20220414-en -
submitted
23-05-2022 17:19
Static task
static1
Behavioral task
behavioral1
Sample
01ed3cce4ce5fa2b3d02dc9fda132d384c6f7e59c783ca6f7ac3628151f7ee21.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
01ed3cce4ce5fa2b3d02dc9fda132d384c6f7e59c783ca6f7ac3628151f7ee21.exe
Resource
win10v2004-20220414-en
General
-
Target
01ed3cce4ce5fa2b3d02dc9fda132d384c6f7e59c783ca6f7ac3628151f7ee21.exe
-
Size
241KB
-
MD5
5aa42272736ce4b2f4827fd839737ac8
-
SHA1
d19b4be5486fcb3901cb6d9b33251cbad65da710
-
SHA256
01ed3cce4ce5fa2b3d02dc9fda132d384c6f7e59c783ca6f7ac3628151f7ee21
-
SHA512
3077c652007264cf7ffeeeaaddbdea44c03dfc16c7965845f536ac123506f2bebb263d1119d241db5eda79c004bfeb44e1a08610659197dac84eef8e11b6c43d
Malware Config
Signatures
-
Enumerates connected drives 3 TTPs 22 IoCs
Attempts to read the root path of hard drives other than the default C: drive.
Processes:
01ed3cce4ce5fa2b3d02dc9fda132d384c6f7e59c783ca6f7ac3628151f7ee21.exedescription ioc process File opened (read-only) \??\e: 01ed3cce4ce5fa2b3d02dc9fda132d384c6f7e59c783ca6f7ac3628151f7ee21.exe File opened (read-only) \??\i: 01ed3cce4ce5fa2b3d02dc9fda132d384c6f7e59c783ca6f7ac3628151f7ee21.exe File opened (read-only) \??\m: 01ed3cce4ce5fa2b3d02dc9fda132d384c6f7e59c783ca6f7ac3628151f7ee21.exe File opened (read-only) \??\p: 01ed3cce4ce5fa2b3d02dc9fda132d384c6f7e59c783ca6f7ac3628151f7ee21.exe File opened (read-only) \??\w: 01ed3cce4ce5fa2b3d02dc9fda132d384c6f7e59c783ca6f7ac3628151f7ee21.exe File opened (read-only) \??\g: 01ed3cce4ce5fa2b3d02dc9fda132d384c6f7e59c783ca6f7ac3628151f7ee21.exe File opened (read-only) \??\j: 01ed3cce4ce5fa2b3d02dc9fda132d384c6f7e59c783ca6f7ac3628151f7ee21.exe File opened (read-only) \??\o: 01ed3cce4ce5fa2b3d02dc9fda132d384c6f7e59c783ca6f7ac3628151f7ee21.exe File opened (read-only) \??\r: 01ed3cce4ce5fa2b3d02dc9fda132d384c6f7e59c783ca6f7ac3628151f7ee21.exe File opened (read-only) \??\t: 01ed3cce4ce5fa2b3d02dc9fda132d384c6f7e59c783ca6f7ac3628151f7ee21.exe File opened (read-only) \??\v: 01ed3cce4ce5fa2b3d02dc9fda132d384c6f7e59c783ca6f7ac3628151f7ee21.exe File opened (read-only) \??\z: 01ed3cce4ce5fa2b3d02dc9fda132d384c6f7e59c783ca6f7ac3628151f7ee21.exe File opened (read-only) \??\h: 01ed3cce4ce5fa2b3d02dc9fda132d384c6f7e59c783ca6f7ac3628151f7ee21.exe File opened (read-only) \??\k: 01ed3cce4ce5fa2b3d02dc9fda132d384c6f7e59c783ca6f7ac3628151f7ee21.exe File opened (read-only) \??\n: 01ed3cce4ce5fa2b3d02dc9fda132d384c6f7e59c783ca6f7ac3628151f7ee21.exe File opened (read-only) \??\q: 01ed3cce4ce5fa2b3d02dc9fda132d384c6f7e59c783ca6f7ac3628151f7ee21.exe File opened (read-only) \??\u: 01ed3cce4ce5fa2b3d02dc9fda132d384c6f7e59c783ca6f7ac3628151f7ee21.exe File opened (read-only) \??\x: 01ed3cce4ce5fa2b3d02dc9fda132d384c6f7e59c783ca6f7ac3628151f7ee21.exe File opened (read-only) \??\f: 01ed3cce4ce5fa2b3d02dc9fda132d384c6f7e59c783ca6f7ac3628151f7ee21.exe File opened (read-only) \??\l: 01ed3cce4ce5fa2b3d02dc9fda132d384c6f7e59c783ca6f7ac3628151f7ee21.exe File opened (read-only) \??\s: 01ed3cce4ce5fa2b3d02dc9fda132d384c6f7e59c783ca6f7ac3628151f7ee21.exe File opened (read-only) \??\y: 01ed3cce4ce5fa2b3d02dc9fda132d384c6f7e59c783ca6f7ac3628151f7ee21.exe -
Writes to the Master Boot Record (MBR) 1 TTPs 1 IoCs
Bootkits write to the MBR to gain persistence at a level below the operating system.
Processes:
01ed3cce4ce5fa2b3d02dc9fda132d384c6f7e59c783ca6f7ac3628151f7ee21.exedescription ioc process File opened for modification \??\PhysicalDrive0 01ed3cce4ce5fa2b3d02dc9fda132d384c6f7e59c783ca6f7ac3628151f7ee21.exe