00b3d2418be2096b065c190a7f1ca3001176693a52f79153a8a2d42369dffebe

General

Target

00b3d2418be2096b065c190a7f1ca3001176693a52f79153a8a2d42369dffebe.exe
Size

327KB
MD5

06a103d618a6f462e83542c0485e4891
SHA1

87d8f56d5b1c15713ad386e27491b5d36314f40f
SHA256

00b3d2418be2096b065c190a7f1ca3001176693a52f79153a8a2d42369dffebe
SHA512

769d30464dfdb92c812fcade061d3a9b01d6b24c3d5de0265687043da2fc130c8bed2c72bc8d4a1482b35545b937f48b9b9c7fdfda0292a04eecaec6973a342d

Score

6^/10

bootkit persistence

Malware Config

Signatures

Enumerates connected drives 3 TTPs 22 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

Processes:

00b3d2418be2096b065c190a7f1ca3001176693a52f79153a8a2d42369dffebe.exe

description	ioc	process
File opened (read-only)	\??\n:	00b3d2418be2096b065c190a7f1ca3001176693a52f79153a8a2d42369dffebe.exe
File opened (read-only)	\??\z:	00b3d2418be2096b065c190a7f1ca3001176693a52f79153a8a2d42369dffebe.exe
File opened (read-only)	\??\j:	00b3d2418be2096b065c190a7f1ca3001176693a52f79153a8a2d42369dffebe.exe
File opened (read-only)	\??\m:	00b3d2418be2096b065c190a7f1ca3001176693a52f79153a8a2d42369dffebe.exe
File opened (read-only)	\??\q:	00b3d2418be2096b065c190a7f1ca3001176693a52f79153a8a2d42369dffebe.exe
File opened (read-only)	\??\r:	00b3d2418be2096b065c190a7f1ca3001176693a52f79153a8a2d42369dffebe.exe
File opened (read-only)	\??\s:	00b3d2418be2096b065c190a7f1ca3001176693a52f79153a8a2d42369dffebe.exe
File opened (read-only)	\??\y:	00b3d2418be2096b065c190a7f1ca3001176693a52f79153a8a2d42369dffebe.exe
File opened (read-only)	\??\e:	00b3d2418be2096b065c190a7f1ca3001176693a52f79153a8a2d42369dffebe.exe
File opened (read-only)	\??\o:	00b3d2418be2096b065c190a7f1ca3001176693a52f79153a8a2d42369dffebe.exe
File opened (read-only)	\??\t:	00b3d2418be2096b065c190a7f1ca3001176693a52f79153a8a2d42369dffebe.exe
File opened (read-only)	\??\v:	00b3d2418be2096b065c190a7f1ca3001176693a52f79153a8a2d42369dffebe.exe
File opened (read-only)	\??\w:	00b3d2418be2096b065c190a7f1ca3001176693a52f79153a8a2d42369dffebe.exe
File opened (read-only)	\??\g:	00b3d2418be2096b065c190a7f1ca3001176693a52f79153a8a2d42369dffebe.exe
File opened (read-only)	\??\k:	00b3d2418be2096b065c190a7f1ca3001176693a52f79153a8a2d42369dffebe.exe
File opened (read-only)	\??\i:	00b3d2418be2096b065c190a7f1ca3001176693a52f79153a8a2d42369dffebe.exe
File opened (read-only)	\??\l:	00b3d2418be2096b065c190a7f1ca3001176693a52f79153a8a2d42369dffebe.exe
File opened (read-only)	\??\p:	00b3d2418be2096b065c190a7f1ca3001176693a52f79153a8a2d42369dffebe.exe
File opened (read-only)	\??\u:	00b3d2418be2096b065c190a7f1ca3001176693a52f79153a8a2d42369dffebe.exe
File opened (read-only)	\??\x:	00b3d2418be2096b065c190a7f1ca3001176693a52f79153a8a2d42369dffebe.exe
File opened (read-only)	\??\f:	00b3d2418be2096b065c190a7f1ca3001176693a52f79153a8a2d42369dffebe.exe
File opened (read-only)	\??\h:	00b3d2418be2096b065c190a7f1ca3001176693a52f79153a8a2d42369dffebe.exe

Writes to the Master Boot Record (MBR) 1 TTPs 1 IoCs
Bootkits write to the MBR to gain persistence at a level below the operating system.
bootkit persistence

Bootkit
T1067

Processes:

00b3d2418be2096b065c190a7f1ca3001176693a52f79153a8a2d42369dffebe.exe

description ioc process

File opened for modification \??\PhysicalDrive0 00b3d2418be2096b065c190a7f1ca3001176693a52f79153a8a2d42369dffebe.exe

description	ioc	process
File opened for modification	\??\PhysicalDrive0	00b3d2418be2096b065c190a7f1ca3001176693a52f79153a8a2d42369dffebe.exe

C:\Users\Admin\AppData\Local\Temp\00b3d2418be2096b065c190a7f1ca3001176693a52f79153a8a2d42369dffebe.exe
"C:\Users\Admin\AppData\Local\Temp\00b3d2418be2096b065c190a7f1ca3001176693a52f79153a8a2d42369dffebe.exe"
1⤵
- Enumerates connected drives
- Writes to the Master Boot Record (MBR)
PID:2564