Analysis
-
max time kernel
25s -
max time network
92s -
platform
windows10-2004_x64 -
resource
win10v2004-20220414-en -
submitted
24-05-2022 12:43
Static task
static1
Behavioral task
behavioral1
Sample
00b3d2418be2096b065c190a7f1ca3001176693a52f79153a8a2d42369dffebe.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
00b3d2418be2096b065c190a7f1ca3001176693a52f79153a8a2d42369dffebe.exe
Resource
win10v2004-20220414-en
General
-
Target
00b3d2418be2096b065c190a7f1ca3001176693a52f79153a8a2d42369dffebe.exe
-
Size
327KB
-
MD5
06a103d618a6f462e83542c0485e4891
-
SHA1
87d8f56d5b1c15713ad386e27491b5d36314f40f
-
SHA256
00b3d2418be2096b065c190a7f1ca3001176693a52f79153a8a2d42369dffebe
-
SHA512
769d30464dfdb92c812fcade061d3a9b01d6b24c3d5de0265687043da2fc130c8bed2c72bc8d4a1482b35545b937f48b9b9c7fdfda0292a04eecaec6973a342d
Malware Config
Signatures
-
Enumerates connected drives 3 TTPs 22 IoCs
Attempts to read the root path of hard drives other than the default C: drive.
Processes:
00b3d2418be2096b065c190a7f1ca3001176693a52f79153a8a2d42369dffebe.exedescription ioc process File opened (read-only) \??\n: 00b3d2418be2096b065c190a7f1ca3001176693a52f79153a8a2d42369dffebe.exe File opened (read-only) \??\z: 00b3d2418be2096b065c190a7f1ca3001176693a52f79153a8a2d42369dffebe.exe File opened (read-only) \??\j: 00b3d2418be2096b065c190a7f1ca3001176693a52f79153a8a2d42369dffebe.exe File opened (read-only) \??\m: 00b3d2418be2096b065c190a7f1ca3001176693a52f79153a8a2d42369dffebe.exe File opened (read-only) \??\q: 00b3d2418be2096b065c190a7f1ca3001176693a52f79153a8a2d42369dffebe.exe File opened (read-only) \??\r: 00b3d2418be2096b065c190a7f1ca3001176693a52f79153a8a2d42369dffebe.exe File opened (read-only) \??\s: 00b3d2418be2096b065c190a7f1ca3001176693a52f79153a8a2d42369dffebe.exe File opened (read-only) \??\y: 00b3d2418be2096b065c190a7f1ca3001176693a52f79153a8a2d42369dffebe.exe File opened (read-only) \??\e: 00b3d2418be2096b065c190a7f1ca3001176693a52f79153a8a2d42369dffebe.exe File opened (read-only) \??\o: 00b3d2418be2096b065c190a7f1ca3001176693a52f79153a8a2d42369dffebe.exe File opened (read-only) \??\t: 00b3d2418be2096b065c190a7f1ca3001176693a52f79153a8a2d42369dffebe.exe File opened (read-only) \??\v: 00b3d2418be2096b065c190a7f1ca3001176693a52f79153a8a2d42369dffebe.exe File opened (read-only) \??\w: 00b3d2418be2096b065c190a7f1ca3001176693a52f79153a8a2d42369dffebe.exe File opened (read-only) \??\g: 00b3d2418be2096b065c190a7f1ca3001176693a52f79153a8a2d42369dffebe.exe File opened (read-only) \??\k: 00b3d2418be2096b065c190a7f1ca3001176693a52f79153a8a2d42369dffebe.exe File opened (read-only) \??\i: 00b3d2418be2096b065c190a7f1ca3001176693a52f79153a8a2d42369dffebe.exe File opened (read-only) \??\l: 00b3d2418be2096b065c190a7f1ca3001176693a52f79153a8a2d42369dffebe.exe File opened (read-only) \??\p: 00b3d2418be2096b065c190a7f1ca3001176693a52f79153a8a2d42369dffebe.exe File opened (read-only) \??\u: 00b3d2418be2096b065c190a7f1ca3001176693a52f79153a8a2d42369dffebe.exe File opened (read-only) \??\x: 00b3d2418be2096b065c190a7f1ca3001176693a52f79153a8a2d42369dffebe.exe File opened (read-only) \??\f: 00b3d2418be2096b065c190a7f1ca3001176693a52f79153a8a2d42369dffebe.exe File opened (read-only) \??\h: 00b3d2418be2096b065c190a7f1ca3001176693a52f79153a8a2d42369dffebe.exe -
Writes to the Master Boot Record (MBR) 1 TTPs 1 IoCs
Bootkits write to the MBR to gain persistence at a level below the operating system.
Processes:
00b3d2418be2096b065c190a7f1ca3001176693a52f79153a8a2d42369dffebe.exedescription ioc process File opened for modification \??\PhysicalDrive0 00b3d2418be2096b065c190a7f1ca3001176693a52f79153a8a2d42369dffebe.exe