Analysis
-
max time kernel
12s -
max time network
106s -
platform
windows7_x64 -
resource
win7-20220414-en -
submitted
23-05-2022 18:51
Static task
static1
Behavioral task
behavioral1
Sample
019d31c99a7d8b1e7ee5331c4d9c39ca9ed5e7704bbf9702c5f8063fc11d9760.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
019d31c99a7d8b1e7ee5331c4d9c39ca9ed5e7704bbf9702c5f8063fc11d9760.exe
Resource
win10v2004-20220414-en
General
-
Target
019d31c99a7d8b1e7ee5331c4d9c39ca9ed5e7704bbf9702c5f8063fc11d9760.exe
-
Size
242KB
-
MD5
0dab5b6a1b1f3ca627df7ae82d643524
-
SHA1
f799e2e96b966073e53503261747040ae1a0399b
-
SHA256
019d31c99a7d8b1e7ee5331c4d9c39ca9ed5e7704bbf9702c5f8063fc11d9760
-
SHA512
a8527be10f3da1f48650faca223ca8b1176bcef0da71c38d2565093d0ac2bc79f563ce59bafca94182d7cd0b0386b35cb1dc11f966921afd56a4f1c9c31986ba
Malware Config
Signatures
-
Enumerates connected drives 3 TTPs 22 IoCs
Attempts to read the root path of hard drives other than the default C: drive.
Processes:
019d31c99a7d8b1e7ee5331c4d9c39ca9ed5e7704bbf9702c5f8063fc11d9760.exedescription ioc process File opened (read-only) \??\t: 019d31c99a7d8b1e7ee5331c4d9c39ca9ed5e7704bbf9702c5f8063fc11d9760.exe File opened (read-only) \??\u: 019d31c99a7d8b1e7ee5331c4d9c39ca9ed5e7704bbf9702c5f8063fc11d9760.exe File opened (read-only) \??\y: 019d31c99a7d8b1e7ee5331c4d9c39ca9ed5e7704bbf9702c5f8063fc11d9760.exe File opened (read-only) \??\i: 019d31c99a7d8b1e7ee5331c4d9c39ca9ed5e7704bbf9702c5f8063fc11d9760.exe File opened (read-only) \??\l: 019d31c99a7d8b1e7ee5331c4d9c39ca9ed5e7704bbf9702c5f8063fc11d9760.exe File opened (read-only) \??\m: 019d31c99a7d8b1e7ee5331c4d9c39ca9ed5e7704bbf9702c5f8063fc11d9760.exe File opened (read-only) \??\n: 019d31c99a7d8b1e7ee5331c4d9c39ca9ed5e7704bbf9702c5f8063fc11d9760.exe File opened (read-only) \??\o: 019d31c99a7d8b1e7ee5331c4d9c39ca9ed5e7704bbf9702c5f8063fc11d9760.exe File opened (read-only) \??\q: 019d31c99a7d8b1e7ee5331c4d9c39ca9ed5e7704bbf9702c5f8063fc11d9760.exe File opened (read-only) \??\x: 019d31c99a7d8b1e7ee5331c4d9c39ca9ed5e7704bbf9702c5f8063fc11d9760.exe File opened (read-only) \??\e: 019d31c99a7d8b1e7ee5331c4d9c39ca9ed5e7704bbf9702c5f8063fc11d9760.exe File opened (read-only) \??\f: 019d31c99a7d8b1e7ee5331c4d9c39ca9ed5e7704bbf9702c5f8063fc11d9760.exe File opened (read-only) \??\g: 019d31c99a7d8b1e7ee5331c4d9c39ca9ed5e7704bbf9702c5f8063fc11d9760.exe File opened (read-only) \??\h: 019d31c99a7d8b1e7ee5331c4d9c39ca9ed5e7704bbf9702c5f8063fc11d9760.exe File opened (read-only) \??\j: 019d31c99a7d8b1e7ee5331c4d9c39ca9ed5e7704bbf9702c5f8063fc11d9760.exe File opened (read-only) \??\s: 019d31c99a7d8b1e7ee5331c4d9c39ca9ed5e7704bbf9702c5f8063fc11d9760.exe File opened (read-only) \??\w: 019d31c99a7d8b1e7ee5331c4d9c39ca9ed5e7704bbf9702c5f8063fc11d9760.exe File opened (read-only) \??\k: 019d31c99a7d8b1e7ee5331c4d9c39ca9ed5e7704bbf9702c5f8063fc11d9760.exe File opened (read-only) \??\p: 019d31c99a7d8b1e7ee5331c4d9c39ca9ed5e7704bbf9702c5f8063fc11d9760.exe File opened (read-only) \??\r: 019d31c99a7d8b1e7ee5331c4d9c39ca9ed5e7704bbf9702c5f8063fc11d9760.exe File opened (read-only) \??\v: 019d31c99a7d8b1e7ee5331c4d9c39ca9ed5e7704bbf9702c5f8063fc11d9760.exe File opened (read-only) \??\z: 019d31c99a7d8b1e7ee5331c4d9c39ca9ed5e7704bbf9702c5f8063fc11d9760.exe -
Writes to the Master Boot Record (MBR) 1 TTPs 1 IoCs
Bootkits write to the MBR to gain persistence at a level below the operating system.
Processes:
019d31c99a7d8b1e7ee5331c4d9c39ca9ed5e7704bbf9702c5f8063fc11d9760.exedescription ioc process File opened for modification \??\PhysicalDrive0 019d31c99a7d8b1e7ee5331c4d9c39ca9ed5e7704bbf9702c5f8063fc11d9760.exe
Processes
Network
MITRE ATT&CK Matrix ATT&CK v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/916-54-0x00000000753B1000-0x00000000753B3000-memory.dmpFilesize
8KB