Analysis
-
max time kernel
42s -
max time network
45s -
platform
windows7_x64 -
resource
win7-20220414-en -
submitted
23-05-2022 18:44
Static task
static1
Behavioral task
behavioral1
Sample
01a3286168b1d040318a0da75fc9f4e9532f303fc3e5492f4a7ebc88014cb673.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
01a3286168b1d040318a0da75fc9f4e9532f303fc3e5492f4a7ebc88014cb673.exe
Resource
win10v2004-20220414-en
General
-
Target
01a3286168b1d040318a0da75fc9f4e9532f303fc3e5492f4a7ebc88014cb673.exe
-
Size
724KB
-
MD5
215b0d00078ac8228f971020fc615df2
-
SHA1
a477a08bb43ebf76215d7a747e43efa77f24aeea
-
SHA256
01a3286168b1d040318a0da75fc9f4e9532f303fc3e5492f4a7ebc88014cb673
-
SHA512
8225efbe2af3f779a6064255c294d729e6efc2ae69c5edff5b522aaee4d31e53a261c88ac8457475bc3d28f89b7c9cdee11558630d503a1def2ae4a62d9d32f4
Malware Config
Signatures
-
Enumerates connected drives 3 TTPs 22 IoCs
Attempts to read the root path of hard drives other than the default C: drive.
Processes:
01a3286168b1d040318a0da75fc9f4e9532f303fc3e5492f4a7ebc88014cb673.exedescription ioc process File opened (read-only) \??\f: 01a3286168b1d040318a0da75fc9f4e9532f303fc3e5492f4a7ebc88014cb673.exe File opened (read-only) \??\g: 01a3286168b1d040318a0da75fc9f4e9532f303fc3e5492f4a7ebc88014cb673.exe File opened (read-only) \??\i: 01a3286168b1d040318a0da75fc9f4e9532f303fc3e5492f4a7ebc88014cb673.exe File opened (read-only) \??\p: 01a3286168b1d040318a0da75fc9f4e9532f303fc3e5492f4a7ebc88014cb673.exe File opened (read-only) \??\w: 01a3286168b1d040318a0da75fc9f4e9532f303fc3e5492f4a7ebc88014cb673.exe File opened (read-only) \??\z: 01a3286168b1d040318a0da75fc9f4e9532f303fc3e5492f4a7ebc88014cb673.exe File opened (read-only) \??\j: 01a3286168b1d040318a0da75fc9f4e9532f303fc3e5492f4a7ebc88014cb673.exe File opened (read-only) \??\s: 01a3286168b1d040318a0da75fc9f4e9532f303fc3e5492f4a7ebc88014cb673.exe File opened (read-only) \??\v: 01a3286168b1d040318a0da75fc9f4e9532f303fc3e5492f4a7ebc88014cb673.exe File opened (read-only) \??\h: 01a3286168b1d040318a0da75fc9f4e9532f303fc3e5492f4a7ebc88014cb673.exe File opened (read-only) \??\k: 01a3286168b1d040318a0da75fc9f4e9532f303fc3e5492f4a7ebc88014cb673.exe File opened (read-only) \??\n: 01a3286168b1d040318a0da75fc9f4e9532f303fc3e5492f4a7ebc88014cb673.exe File opened (read-only) \??\o: 01a3286168b1d040318a0da75fc9f4e9532f303fc3e5492f4a7ebc88014cb673.exe File opened (read-only) \??\r: 01a3286168b1d040318a0da75fc9f4e9532f303fc3e5492f4a7ebc88014cb673.exe File opened (read-only) \??\y: 01a3286168b1d040318a0da75fc9f4e9532f303fc3e5492f4a7ebc88014cb673.exe File opened (read-only) \??\e: 01a3286168b1d040318a0da75fc9f4e9532f303fc3e5492f4a7ebc88014cb673.exe File opened (read-only) \??\l: 01a3286168b1d040318a0da75fc9f4e9532f303fc3e5492f4a7ebc88014cb673.exe File opened (read-only) \??\m: 01a3286168b1d040318a0da75fc9f4e9532f303fc3e5492f4a7ebc88014cb673.exe File opened (read-only) \??\q: 01a3286168b1d040318a0da75fc9f4e9532f303fc3e5492f4a7ebc88014cb673.exe File opened (read-only) \??\t: 01a3286168b1d040318a0da75fc9f4e9532f303fc3e5492f4a7ebc88014cb673.exe File opened (read-only) \??\u: 01a3286168b1d040318a0da75fc9f4e9532f303fc3e5492f4a7ebc88014cb673.exe File opened (read-only) \??\x: 01a3286168b1d040318a0da75fc9f4e9532f303fc3e5492f4a7ebc88014cb673.exe -
Writes to the Master Boot Record (MBR) 1 TTPs 1 IoCs
Bootkits write to the MBR to gain persistence at a level below the operating system.
Processes:
01a3286168b1d040318a0da75fc9f4e9532f303fc3e5492f4a7ebc88014cb673.exedescription ioc process File opened for modification \??\PhysicalDrive0 01a3286168b1d040318a0da75fc9f4e9532f303fc3e5492f4a7ebc88014cb673.exe