Analysis
-
max time kernel
147s -
max time network
166s -
platform
windows10-2004_x64 -
resource
win10v2004-20220414-en -
submitted
23-05-2022 20:37
Static task
static1
Behavioral task
behavioral1
Sample
01469776924091f125e2d55aea94f5f48b4e0f32200175451a3991a99287d19e.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
01469776924091f125e2d55aea94f5f48b4e0f32200175451a3991a99287d19e.exe
Resource
win10v2004-20220414-en
General
-
Target
01469776924091f125e2d55aea94f5f48b4e0f32200175451a3991a99287d19e.exe
-
Size
247KB
-
MD5
d1ada8c49c8e8b5fe935b8fbca4e8bde
-
SHA1
408ad8e3b2a2c51a88a65b2aade3a1274d3cd019
-
SHA256
01469776924091f125e2d55aea94f5f48b4e0f32200175451a3991a99287d19e
-
SHA512
9b76dbfd413b37e0d82f836deef97deb63a38cf118cfddbe4867d772e93c4b1b5f4d7c57f0bb501423c03a83365b895ec8758499955a23a327bd43bcfd585d99
Malware Config
Signatures
-
suricata: ET MALWARE Suspicious User-Agent (GenericHttp/VER_STR_COMMA)
suricata: ET MALWARE Suspicious User-Agent (GenericHttp/VER_STR_COMMA)
-
Writes to the Master Boot Record (MBR) 1 TTPs 1 IoCs
Bootkits write to the MBR to gain persistence at a level below the operating system.
Processes:
01469776924091f125e2d55aea94f5f48b4e0f32200175451a3991a99287d19e.exedescription ioc process File opened for modification \??\PhysicalDrive0 01469776924091f125e2d55aea94f5f48b4e0f32200175451a3991a99287d19e.exe