Analysis
-
max time kernel
103s -
max time network
111s -
platform
windows10-2004_x64 -
resource
win10v2004-20220414-en -
submitted
23-05-2022 19:08
Static task
static1
Behavioral task
behavioral1
Sample
018eb3894f7c2e9a51c97ebb23fd7e05b2ce6e73eb22977484757c452cc40de7.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
018eb3894f7c2e9a51c97ebb23fd7e05b2ce6e73eb22977484757c452cc40de7.exe
Resource
win10v2004-20220414-en
General
-
Target
018eb3894f7c2e9a51c97ebb23fd7e05b2ce6e73eb22977484757c452cc40de7.exe
-
Size
341KB
-
MD5
4c29b2d5000284111a55d53ee169b083
-
SHA1
7702bef4c838c764232974fe662f04750f950113
-
SHA256
018eb3894f7c2e9a51c97ebb23fd7e05b2ce6e73eb22977484757c452cc40de7
-
SHA512
ccdff7c22fdc18c1a7a8d568626fbd8a6daa01f31ab2fc87c3f1ae93564bbf0bf88d1d9af5d6ef44bf19df2c9af89b6e555082412745818c5843803dcd28b689
Malware Config
Signatures
-
Enumerates connected drives 3 TTPs 22 IoCs
Attempts to read the root path of hard drives other than the default C: drive.
Processes:
018eb3894f7c2e9a51c97ebb23fd7e05b2ce6e73eb22977484757c452cc40de7.exedescription ioc process File opened (read-only) \??\p: 018eb3894f7c2e9a51c97ebb23fd7e05b2ce6e73eb22977484757c452cc40de7.exe File opened (read-only) \??\x: 018eb3894f7c2e9a51c97ebb23fd7e05b2ce6e73eb22977484757c452cc40de7.exe File opened (read-only) \??\y: 018eb3894f7c2e9a51c97ebb23fd7e05b2ce6e73eb22977484757c452cc40de7.exe File opened (read-only) \??\f: 018eb3894f7c2e9a51c97ebb23fd7e05b2ce6e73eb22977484757c452cc40de7.exe File opened (read-only) \??\g: 018eb3894f7c2e9a51c97ebb23fd7e05b2ce6e73eb22977484757c452cc40de7.exe File opened (read-only) \??\h: 018eb3894f7c2e9a51c97ebb23fd7e05b2ce6e73eb22977484757c452cc40de7.exe File opened (read-only) \??\k: 018eb3894f7c2e9a51c97ebb23fd7e05b2ce6e73eb22977484757c452cc40de7.exe File opened (read-only) \??\m: 018eb3894f7c2e9a51c97ebb23fd7e05b2ce6e73eb22977484757c452cc40de7.exe File opened (read-only) \??\l: 018eb3894f7c2e9a51c97ebb23fd7e05b2ce6e73eb22977484757c452cc40de7.exe File opened (read-only) \??\o: 018eb3894f7c2e9a51c97ebb23fd7e05b2ce6e73eb22977484757c452cc40de7.exe File opened (read-only) \??\q: 018eb3894f7c2e9a51c97ebb23fd7e05b2ce6e73eb22977484757c452cc40de7.exe File opened (read-only) \??\s: 018eb3894f7c2e9a51c97ebb23fd7e05b2ce6e73eb22977484757c452cc40de7.exe File opened (read-only) \??\v: 018eb3894f7c2e9a51c97ebb23fd7e05b2ce6e73eb22977484757c452cc40de7.exe File opened (read-only) \??\e: 018eb3894f7c2e9a51c97ebb23fd7e05b2ce6e73eb22977484757c452cc40de7.exe File opened (read-only) \??\i: 018eb3894f7c2e9a51c97ebb23fd7e05b2ce6e73eb22977484757c452cc40de7.exe File opened (read-only) \??\j: 018eb3894f7c2e9a51c97ebb23fd7e05b2ce6e73eb22977484757c452cc40de7.exe File opened (read-only) \??\r: 018eb3894f7c2e9a51c97ebb23fd7e05b2ce6e73eb22977484757c452cc40de7.exe File opened (read-only) \??\n: 018eb3894f7c2e9a51c97ebb23fd7e05b2ce6e73eb22977484757c452cc40de7.exe File opened (read-only) \??\t: 018eb3894f7c2e9a51c97ebb23fd7e05b2ce6e73eb22977484757c452cc40de7.exe File opened (read-only) \??\u: 018eb3894f7c2e9a51c97ebb23fd7e05b2ce6e73eb22977484757c452cc40de7.exe File opened (read-only) \??\w: 018eb3894f7c2e9a51c97ebb23fd7e05b2ce6e73eb22977484757c452cc40de7.exe File opened (read-only) \??\z: 018eb3894f7c2e9a51c97ebb23fd7e05b2ce6e73eb22977484757c452cc40de7.exe -
Writes to the Master Boot Record (MBR) 1 TTPs 1 IoCs
Bootkits write to the MBR to gain persistence at a level below the operating system.
Processes:
018eb3894f7c2e9a51c97ebb23fd7e05b2ce6e73eb22977484757c452cc40de7.exedescription ioc process File opened for modification \??\PhysicalDrive0 018eb3894f7c2e9a51c97ebb23fd7e05b2ce6e73eb22977484757c452cc40de7.exe