01cb7a773128af02dc97c2354495667f859df86846be8f443a8d5312d453091d | Triage

Analysis

max time kernel
91s
max time network
141s
platform
windows10-2004_x64
resource
win10v2004-20220414-en
submitted
23-05-2022 17:57

Sharing

Report Analysis Logs

General

Target

01cb7a773128af02dc97c2354495667f859df86846be8f443a8d5312d453091d.exe
Size

2KB
MD5

15349adacb23934add261d3608ec298c
SHA1

d1d01f97e5d5361fbc41519b83dee7c0279dc0a1
SHA256

01cb7a773128af02dc97c2354495667f859df86846be8f443a8d5312d453091d
SHA512

3dfb53f8a88c4c819073f0cab1c7c6e8e950fdee43e1f532377caacfbad581e5e860d14dd06e409395dfb767649041e4c569fdaa8e7ddd1d28eebb0dd7ebf5dd

Score

6^/10

bootkit persistence

Malware Config

Signatures

Writes to the Master Boot Record (MBR) 1 TTPs 1 IoCs
Bootkits write to the MBR to gain persistence at a level below the operating system.
bootkit persistence

Bootkit
T1067

Processes:

01cb7a773128af02dc97c2354495667f859df86846be8f443a8d5312d453091d.exe

description ioc process

File opened for modification \??\PHYSICALDRIVE0 01cb7a773128af02dc97c2354495667f859df86846be8f443a8d5312d453091d.exe

C:\Users\Admin\AppData\Local\Temp\01cb7a773128af02dc97c2354495667f859df86846be8f443a8d5312d453091d.exe
"C:\Users\Admin\AppData\Local\Temp\01cb7a773128af02dc97c2354495667f859df86846be8f443a8d5312d453091d.exe"
1⤵
- Writes to the Master Boot Record (MBR)
PID:3764

Network

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Bootkit

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Replay Monitor

Loading Replay Monitor...