Analysis
-
max time kernel
150s -
max time network
51s -
platform
windows7_x64 -
resource
win7-20220414-en -
submitted
23-05-2022 21:19
Static task
static1
Behavioral task
behavioral1
Sample
a2a6365fcec51ced4d0442cb94df9c90bef8179977bbaa37878399226016776f.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
a2a6365fcec51ced4d0442cb94df9c90bef8179977bbaa37878399226016776f.exe
Resource
win10v2004-20220414-en
General
-
Target
a2a6365fcec51ced4d0442cb94df9c90bef8179977bbaa37878399226016776f.exe
-
Size
1.3MB
-
MD5
9c68970cbcd840aaa32e1fc059095baf
-
SHA1
958d5cce240a50e587a92d4b122f0eef547cae5e
-
SHA256
a2a6365fcec51ced4d0442cb94df9c90bef8179977bbaa37878399226016776f
-
SHA512
d5cb1cf2d489a1aa8d69de229ff977c7509bece2a2bbaaa8a2afe278223837320302bfef646e68f306754a49cb79c6baec2cc4b7aeceeb7c3f72ca79bc4c9bb4
Malware Config
Signatures
-
Writes to the Master Boot Record (MBR) 1 TTPs 1 IoCs
Bootkits write to the MBR to gain persistence at a level below the operating system.
Processes:
a2a6365fcec51ced4d0442cb94df9c90bef8179977bbaa37878399226016776f.exedescription ioc process File opened for modification \??\PhysicalDrive0 a2a6365fcec51ced4d0442cb94df9c90bef8179977bbaa37878399226016776f.exe -
Suspicious behavior: EnumeratesProcesses 64 IoCs
Processes:
a2a6365fcec51ced4d0442cb94df9c90bef8179977bbaa37878399226016776f.exepid process 1512 a2a6365fcec51ced4d0442cb94df9c90bef8179977bbaa37878399226016776f.exe 1512 a2a6365fcec51ced4d0442cb94df9c90bef8179977bbaa37878399226016776f.exe 1512 a2a6365fcec51ced4d0442cb94df9c90bef8179977bbaa37878399226016776f.exe 1512 a2a6365fcec51ced4d0442cb94df9c90bef8179977bbaa37878399226016776f.exe 1512 a2a6365fcec51ced4d0442cb94df9c90bef8179977bbaa37878399226016776f.exe 1512 a2a6365fcec51ced4d0442cb94df9c90bef8179977bbaa37878399226016776f.exe 1512 a2a6365fcec51ced4d0442cb94df9c90bef8179977bbaa37878399226016776f.exe 1512 a2a6365fcec51ced4d0442cb94df9c90bef8179977bbaa37878399226016776f.exe 1512 a2a6365fcec51ced4d0442cb94df9c90bef8179977bbaa37878399226016776f.exe 1512 a2a6365fcec51ced4d0442cb94df9c90bef8179977bbaa37878399226016776f.exe 1512 a2a6365fcec51ced4d0442cb94df9c90bef8179977bbaa37878399226016776f.exe 1512 a2a6365fcec51ced4d0442cb94df9c90bef8179977bbaa37878399226016776f.exe 1512 a2a6365fcec51ced4d0442cb94df9c90bef8179977bbaa37878399226016776f.exe 1512 a2a6365fcec51ced4d0442cb94df9c90bef8179977bbaa37878399226016776f.exe 1512 a2a6365fcec51ced4d0442cb94df9c90bef8179977bbaa37878399226016776f.exe 1512 a2a6365fcec51ced4d0442cb94df9c90bef8179977bbaa37878399226016776f.exe 1512 a2a6365fcec51ced4d0442cb94df9c90bef8179977bbaa37878399226016776f.exe 1512 a2a6365fcec51ced4d0442cb94df9c90bef8179977bbaa37878399226016776f.exe 1512 a2a6365fcec51ced4d0442cb94df9c90bef8179977bbaa37878399226016776f.exe 1512 a2a6365fcec51ced4d0442cb94df9c90bef8179977bbaa37878399226016776f.exe 1512 a2a6365fcec51ced4d0442cb94df9c90bef8179977bbaa37878399226016776f.exe 1512 a2a6365fcec51ced4d0442cb94df9c90bef8179977bbaa37878399226016776f.exe 1512 a2a6365fcec51ced4d0442cb94df9c90bef8179977bbaa37878399226016776f.exe 1512 a2a6365fcec51ced4d0442cb94df9c90bef8179977bbaa37878399226016776f.exe 1512 a2a6365fcec51ced4d0442cb94df9c90bef8179977bbaa37878399226016776f.exe 1512 a2a6365fcec51ced4d0442cb94df9c90bef8179977bbaa37878399226016776f.exe 1512 a2a6365fcec51ced4d0442cb94df9c90bef8179977bbaa37878399226016776f.exe 1512 a2a6365fcec51ced4d0442cb94df9c90bef8179977bbaa37878399226016776f.exe 1512 a2a6365fcec51ced4d0442cb94df9c90bef8179977bbaa37878399226016776f.exe 1512 a2a6365fcec51ced4d0442cb94df9c90bef8179977bbaa37878399226016776f.exe 1512 a2a6365fcec51ced4d0442cb94df9c90bef8179977bbaa37878399226016776f.exe 1512 a2a6365fcec51ced4d0442cb94df9c90bef8179977bbaa37878399226016776f.exe 1512 a2a6365fcec51ced4d0442cb94df9c90bef8179977bbaa37878399226016776f.exe 1512 a2a6365fcec51ced4d0442cb94df9c90bef8179977bbaa37878399226016776f.exe 1512 a2a6365fcec51ced4d0442cb94df9c90bef8179977bbaa37878399226016776f.exe 1512 a2a6365fcec51ced4d0442cb94df9c90bef8179977bbaa37878399226016776f.exe 1512 a2a6365fcec51ced4d0442cb94df9c90bef8179977bbaa37878399226016776f.exe 1512 a2a6365fcec51ced4d0442cb94df9c90bef8179977bbaa37878399226016776f.exe 1512 a2a6365fcec51ced4d0442cb94df9c90bef8179977bbaa37878399226016776f.exe 1512 a2a6365fcec51ced4d0442cb94df9c90bef8179977bbaa37878399226016776f.exe 1512 a2a6365fcec51ced4d0442cb94df9c90bef8179977bbaa37878399226016776f.exe 1512 a2a6365fcec51ced4d0442cb94df9c90bef8179977bbaa37878399226016776f.exe 1512 a2a6365fcec51ced4d0442cb94df9c90bef8179977bbaa37878399226016776f.exe 1512 a2a6365fcec51ced4d0442cb94df9c90bef8179977bbaa37878399226016776f.exe 1512 a2a6365fcec51ced4d0442cb94df9c90bef8179977bbaa37878399226016776f.exe 1512 a2a6365fcec51ced4d0442cb94df9c90bef8179977bbaa37878399226016776f.exe 1512 a2a6365fcec51ced4d0442cb94df9c90bef8179977bbaa37878399226016776f.exe 1512 a2a6365fcec51ced4d0442cb94df9c90bef8179977bbaa37878399226016776f.exe 1512 a2a6365fcec51ced4d0442cb94df9c90bef8179977bbaa37878399226016776f.exe 1512 a2a6365fcec51ced4d0442cb94df9c90bef8179977bbaa37878399226016776f.exe 1512 a2a6365fcec51ced4d0442cb94df9c90bef8179977bbaa37878399226016776f.exe 1512 a2a6365fcec51ced4d0442cb94df9c90bef8179977bbaa37878399226016776f.exe 1512 a2a6365fcec51ced4d0442cb94df9c90bef8179977bbaa37878399226016776f.exe 1512 a2a6365fcec51ced4d0442cb94df9c90bef8179977bbaa37878399226016776f.exe 1512 a2a6365fcec51ced4d0442cb94df9c90bef8179977bbaa37878399226016776f.exe 1512 a2a6365fcec51ced4d0442cb94df9c90bef8179977bbaa37878399226016776f.exe 1512 a2a6365fcec51ced4d0442cb94df9c90bef8179977bbaa37878399226016776f.exe 1512 a2a6365fcec51ced4d0442cb94df9c90bef8179977bbaa37878399226016776f.exe 1512 a2a6365fcec51ced4d0442cb94df9c90bef8179977bbaa37878399226016776f.exe 1512 a2a6365fcec51ced4d0442cb94df9c90bef8179977bbaa37878399226016776f.exe 1512 a2a6365fcec51ced4d0442cb94df9c90bef8179977bbaa37878399226016776f.exe 1512 a2a6365fcec51ced4d0442cb94df9c90bef8179977bbaa37878399226016776f.exe 1512 a2a6365fcec51ced4d0442cb94df9c90bef8179977bbaa37878399226016776f.exe 1512 a2a6365fcec51ced4d0442cb94df9c90bef8179977bbaa37878399226016776f.exe -
Suspicious use of FindShellTrayWindow 64 IoCs
Processes:
a2a6365fcec51ced4d0442cb94df9c90bef8179977bbaa37878399226016776f.exepid process 1512 a2a6365fcec51ced4d0442cb94df9c90bef8179977bbaa37878399226016776f.exe 1512 a2a6365fcec51ced4d0442cb94df9c90bef8179977bbaa37878399226016776f.exe 1512 a2a6365fcec51ced4d0442cb94df9c90bef8179977bbaa37878399226016776f.exe 1512 a2a6365fcec51ced4d0442cb94df9c90bef8179977bbaa37878399226016776f.exe 1512 a2a6365fcec51ced4d0442cb94df9c90bef8179977bbaa37878399226016776f.exe 1512 a2a6365fcec51ced4d0442cb94df9c90bef8179977bbaa37878399226016776f.exe 1512 a2a6365fcec51ced4d0442cb94df9c90bef8179977bbaa37878399226016776f.exe 1512 a2a6365fcec51ced4d0442cb94df9c90bef8179977bbaa37878399226016776f.exe 1512 a2a6365fcec51ced4d0442cb94df9c90bef8179977bbaa37878399226016776f.exe 1512 a2a6365fcec51ced4d0442cb94df9c90bef8179977bbaa37878399226016776f.exe 1512 a2a6365fcec51ced4d0442cb94df9c90bef8179977bbaa37878399226016776f.exe 1512 a2a6365fcec51ced4d0442cb94df9c90bef8179977bbaa37878399226016776f.exe 1512 a2a6365fcec51ced4d0442cb94df9c90bef8179977bbaa37878399226016776f.exe 1512 a2a6365fcec51ced4d0442cb94df9c90bef8179977bbaa37878399226016776f.exe 1512 a2a6365fcec51ced4d0442cb94df9c90bef8179977bbaa37878399226016776f.exe 1512 a2a6365fcec51ced4d0442cb94df9c90bef8179977bbaa37878399226016776f.exe 1512 a2a6365fcec51ced4d0442cb94df9c90bef8179977bbaa37878399226016776f.exe 1512 a2a6365fcec51ced4d0442cb94df9c90bef8179977bbaa37878399226016776f.exe 1512 a2a6365fcec51ced4d0442cb94df9c90bef8179977bbaa37878399226016776f.exe 1512 a2a6365fcec51ced4d0442cb94df9c90bef8179977bbaa37878399226016776f.exe 1512 a2a6365fcec51ced4d0442cb94df9c90bef8179977bbaa37878399226016776f.exe 1512 a2a6365fcec51ced4d0442cb94df9c90bef8179977bbaa37878399226016776f.exe 1512 a2a6365fcec51ced4d0442cb94df9c90bef8179977bbaa37878399226016776f.exe 1512 a2a6365fcec51ced4d0442cb94df9c90bef8179977bbaa37878399226016776f.exe 1512 a2a6365fcec51ced4d0442cb94df9c90bef8179977bbaa37878399226016776f.exe 1512 a2a6365fcec51ced4d0442cb94df9c90bef8179977bbaa37878399226016776f.exe 1512 a2a6365fcec51ced4d0442cb94df9c90bef8179977bbaa37878399226016776f.exe 1512 a2a6365fcec51ced4d0442cb94df9c90bef8179977bbaa37878399226016776f.exe 1512 a2a6365fcec51ced4d0442cb94df9c90bef8179977bbaa37878399226016776f.exe 1512 a2a6365fcec51ced4d0442cb94df9c90bef8179977bbaa37878399226016776f.exe 1512 a2a6365fcec51ced4d0442cb94df9c90bef8179977bbaa37878399226016776f.exe 1512 a2a6365fcec51ced4d0442cb94df9c90bef8179977bbaa37878399226016776f.exe 1512 a2a6365fcec51ced4d0442cb94df9c90bef8179977bbaa37878399226016776f.exe 1512 a2a6365fcec51ced4d0442cb94df9c90bef8179977bbaa37878399226016776f.exe 1512 a2a6365fcec51ced4d0442cb94df9c90bef8179977bbaa37878399226016776f.exe 1512 a2a6365fcec51ced4d0442cb94df9c90bef8179977bbaa37878399226016776f.exe 1512 a2a6365fcec51ced4d0442cb94df9c90bef8179977bbaa37878399226016776f.exe 1512 a2a6365fcec51ced4d0442cb94df9c90bef8179977bbaa37878399226016776f.exe 1512 a2a6365fcec51ced4d0442cb94df9c90bef8179977bbaa37878399226016776f.exe 1512 a2a6365fcec51ced4d0442cb94df9c90bef8179977bbaa37878399226016776f.exe 1512 a2a6365fcec51ced4d0442cb94df9c90bef8179977bbaa37878399226016776f.exe 1512 a2a6365fcec51ced4d0442cb94df9c90bef8179977bbaa37878399226016776f.exe 1512 a2a6365fcec51ced4d0442cb94df9c90bef8179977bbaa37878399226016776f.exe 1512 a2a6365fcec51ced4d0442cb94df9c90bef8179977bbaa37878399226016776f.exe 1512 a2a6365fcec51ced4d0442cb94df9c90bef8179977bbaa37878399226016776f.exe 1512 a2a6365fcec51ced4d0442cb94df9c90bef8179977bbaa37878399226016776f.exe 1512 a2a6365fcec51ced4d0442cb94df9c90bef8179977bbaa37878399226016776f.exe 1512 a2a6365fcec51ced4d0442cb94df9c90bef8179977bbaa37878399226016776f.exe 1512 a2a6365fcec51ced4d0442cb94df9c90bef8179977bbaa37878399226016776f.exe 1512 a2a6365fcec51ced4d0442cb94df9c90bef8179977bbaa37878399226016776f.exe 1512 a2a6365fcec51ced4d0442cb94df9c90bef8179977bbaa37878399226016776f.exe 1512 a2a6365fcec51ced4d0442cb94df9c90bef8179977bbaa37878399226016776f.exe 1512 a2a6365fcec51ced4d0442cb94df9c90bef8179977bbaa37878399226016776f.exe 1512 a2a6365fcec51ced4d0442cb94df9c90bef8179977bbaa37878399226016776f.exe 1512 a2a6365fcec51ced4d0442cb94df9c90bef8179977bbaa37878399226016776f.exe 1512 a2a6365fcec51ced4d0442cb94df9c90bef8179977bbaa37878399226016776f.exe 1512 a2a6365fcec51ced4d0442cb94df9c90bef8179977bbaa37878399226016776f.exe 1512 a2a6365fcec51ced4d0442cb94df9c90bef8179977bbaa37878399226016776f.exe 1512 a2a6365fcec51ced4d0442cb94df9c90bef8179977bbaa37878399226016776f.exe 1512 a2a6365fcec51ced4d0442cb94df9c90bef8179977bbaa37878399226016776f.exe 1512 a2a6365fcec51ced4d0442cb94df9c90bef8179977bbaa37878399226016776f.exe 1512 a2a6365fcec51ced4d0442cb94df9c90bef8179977bbaa37878399226016776f.exe 1512 a2a6365fcec51ced4d0442cb94df9c90bef8179977bbaa37878399226016776f.exe 1512 a2a6365fcec51ced4d0442cb94df9c90bef8179977bbaa37878399226016776f.exe -
Suspicious use of SendNotifyMessage 64 IoCs
Processes:
a2a6365fcec51ced4d0442cb94df9c90bef8179977bbaa37878399226016776f.exepid process 1512 a2a6365fcec51ced4d0442cb94df9c90bef8179977bbaa37878399226016776f.exe 1512 a2a6365fcec51ced4d0442cb94df9c90bef8179977bbaa37878399226016776f.exe 1512 a2a6365fcec51ced4d0442cb94df9c90bef8179977bbaa37878399226016776f.exe 1512 a2a6365fcec51ced4d0442cb94df9c90bef8179977bbaa37878399226016776f.exe 1512 a2a6365fcec51ced4d0442cb94df9c90bef8179977bbaa37878399226016776f.exe 1512 a2a6365fcec51ced4d0442cb94df9c90bef8179977bbaa37878399226016776f.exe 1512 a2a6365fcec51ced4d0442cb94df9c90bef8179977bbaa37878399226016776f.exe 1512 a2a6365fcec51ced4d0442cb94df9c90bef8179977bbaa37878399226016776f.exe 1512 a2a6365fcec51ced4d0442cb94df9c90bef8179977bbaa37878399226016776f.exe 1512 a2a6365fcec51ced4d0442cb94df9c90bef8179977bbaa37878399226016776f.exe 1512 a2a6365fcec51ced4d0442cb94df9c90bef8179977bbaa37878399226016776f.exe 1512 a2a6365fcec51ced4d0442cb94df9c90bef8179977bbaa37878399226016776f.exe 1512 a2a6365fcec51ced4d0442cb94df9c90bef8179977bbaa37878399226016776f.exe 1512 a2a6365fcec51ced4d0442cb94df9c90bef8179977bbaa37878399226016776f.exe 1512 a2a6365fcec51ced4d0442cb94df9c90bef8179977bbaa37878399226016776f.exe 1512 a2a6365fcec51ced4d0442cb94df9c90bef8179977bbaa37878399226016776f.exe 1512 a2a6365fcec51ced4d0442cb94df9c90bef8179977bbaa37878399226016776f.exe 1512 a2a6365fcec51ced4d0442cb94df9c90bef8179977bbaa37878399226016776f.exe 1512 a2a6365fcec51ced4d0442cb94df9c90bef8179977bbaa37878399226016776f.exe 1512 a2a6365fcec51ced4d0442cb94df9c90bef8179977bbaa37878399226016776f.exe 1512 a2a6365fcec51ced4d0442cb94df9c90bef8179977bbaa37878399226016776f.exe 1512 a2a6365fcec51ced4d0442cb94df9c90bef8179977bbaa37878399226016776f.exe 1512 a2a6365fcec51ced4d0442cb94df9c90bef8179977bbaa37878399226016776f.exe 1512 a2a6365fcec51ced4d0442cb94df9c90bef8179977bbaa37878399226016776f.exe 1512 a2a6365fcec51ced4d0442cb94df9c90bef8179977bbaa37878399226016776f.exe 1512 a2a6365fcec51ced4d0442cb94df9c90bef8179977bbaa37878399226016776f.exe 1512 a2a6365fcec51ced4d0442cb94df9c90bef8179977bbaa37878399226016776f.exe 1512 a2a6365fcec51ced4d0442cb94df9c90bef8179977bbaa37878399226016776f.exe 1512 a2a6365fcec51ced4d0442cb94df9c90bef8179977bbaa37878399226016776f.exe 1512 a2a6365fcec51ced4d0442cb94df9c90bef8179977bbaa37878399226016776f.exe 1512 a2a6365fcec51ced4d0442cb94df9c90bef8179977bbaa37878399226016776f.exe 1512 a2a6365fcec51ced4d0442cb94df9c90bef8179977bbaa37878399226016776f.exe 1512 a2a6365fcec51ced4d0442cb94df9c90bef8179977bbaa37878399226016776f.exe 1512 a2a6365fcec51ced4d0442cb94df9c90bef8179977bbaa37878399226016776f.exe 1512 a2a6365fcec51ced4d0442cb94df9c90bef8179977bbaa37878399226016776f.exe 1512 a2a6365fcec51ced4d0442cb94df9c90bef8179977bbaa37878399226016776f.exe 1512 a2a6365fcec51ced4d0442cb94df9c90bef8179977bbaa37878399226016776f.exe 1512 a2a6365fcec51ced4d0442cb94df9c90bef8179977bbaa37878399226016776f.exe 1512 a2a6365fcec51ced4d0442cb94df9c90bef8179977bbaa37878399226016776f.exe 1512 a2a6365fcec51ced4d0442cb94df9c90bef8179977bbaa37878399226016776f.exe 1512 a2a6365fcec51ced4d0442cb94df9c90bef8179977bbaa37878399226016776f.exe 1512 a2a6365fcec51ced4d0442cb94df9c90bef8179977bbaa37878399226016776f.exe 1512 a2a6365fcec51ced4d0442cb94df9c90bef8179977bbaa37878399226016776f.exe 1512 a2a6365fcec51ced4d0442cb94df9c90bef8179977bbaa37878399226016776f.exe 1512 a2a6365fcec51ced4d0442cb94df9c90bef8179977bbaa37878399226016776f.exe 1512 a2a6365fcec51ced4d0442cb94df9c90bef8179977bbaa37878399226016776f.exe 1512 a2a6365fcec51ced4d0442cb94df9c90bef8179977bbaa37878399226016776f.exe 1512 a2a6365fcec51ced4d0442cb94df9c90bef8179977bbaa37878399226016776f.exe 1512 a2a6365fcec51ced4d0442cb94df9c90bef8179977bbaa37878399226016776f.exe 1512 a2a6365fcec51ced4d0442cb94df9c90bef8179977bbaa37878399226016776f.exe 1512 a2a6365fcec51ced4d0442cb94df9c90bef8179977bbaa37878399226016776f.exe 1512 a2a6365fcec51ced4d0442cb94df9c90bef8179977bbaa37878399226016776f.exe 1512 a2a6365fcec51ced4d0442cb94df9c90bef8179977bbaa37878399226016776f.exe 1512 a2a6365fcec51ced4d0442cb94df9c90bef8179977bbaa37878399226016776f.exe 1512 a2a6365fcec51ced4d0442cb94df9c90bef8179977bbaa37878399226016776f.exe 1512 a2a6365fcec51ced4d0442cb94df9c90bef8179977bbaa37878399226016776f.exe 1512 a2a6365fcec51ced4d0442cb94df9c90bef8179977bbaa37878399226016776f.exe 1512 a2a6365fcec51ced4d0442cb94df9c90bef8179977bbaa37878399226016776f.exe 1512 a2a6365fcec51ced4d0442cb94df9c90bef8179977bbaa37878399226016776f.exe 1512 a2a6365fcec51ced4d0442cb94df9c90bef8179977bbaa37878399226016776f.exe 1512 a2a6365fcec51ced4d0442cb94df9c90bef8179977bbaa37878399226016776f.exe 1512 a2a6365fcec51ced4d0442cb94df9c90bef8179977bbaa37878399226016776f.exe 1512 a2a6365fcec51ced4d0442cb94df9c90bef8179977bbaa37878399226016776f.exe 1512 a2a6365fcec51ced4d0442cb94df9c90bef8179977bbaa37878399226016776f.exe -
Suspicious use of SetWindowsHookEx 3 IoCs
Processes:
a2a6365fcec51ced4d0442cb94df9c90bef8179977bbaa37878399226016776f.exepid process 1512 a2a6365fcec51ced4d0442cb94df9c90bef8179977bbaa37878399226016776f.exe 1512 a2a6365fcec51ced4d0442cb94df9c90bef8179977bbaa37878399226016776f.exe 1512 a2a6365fcec51ced4d0442cb94df9c90bef8179977bbaa37878399226016776f.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\a2a6365fcec51ced4d0442cb94df9c90bef8179977bbaa37878399226016776f.exe"C:\Users\Admin\AppData\Local\Temp\a2a6365fcec51ced4d0442cb94df9c90bef8179977bbaa37878399226016776f.exe"1⤵
- Writes to the Master Boot Record (MBR)
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
Network
MITRE ATT&CK Matrix ATT&CK v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/1512-54-0x0000000076421000-0x0000000076423000-memory.dmpFilesize
8KB