Analysis
-
max time kernel
3s -
max time network
18s -
platform
windows7_x64 -
resource
win7-20220414-en -
submitted
24-05-2022 13:19
Static task
static1
Behavioral task
behavioral1
Sample
00932e966d2894b0d6a66ba61b253e1e60508fa3c2a97ca42235237275eae352.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
00932e966d2894b0d6a66ba61b253e1e60508fa3c2a97ca42235237275eae352.exe
Resource
win10v2004-20220414-en
General
-
Target
00932e966d2894b0d6a66ba61b253e1e60508fa3c2a97ca42235237275eae352.exe
-
Size
341KB
-
MD5
1189dde8307b5d23ffb26c59ac8508d9
-
SHA1
99d1f1f837a05bb70b0c0577f6dd618999f4d7c4
-
SHA256
00932e966d2894b0d6a66ba61b253e1e60508fa3c2a97ca42235237275eae352
-
SHA512
bd53d3500560fbf83754f3c5150f0287262e51417b51cd5d120792904f1ca2b21a392c90db199572ff12618791c6aeaa4e8b992d4a781d54c8d2618718770abb
Malware Config
Signatures
-
Enumerates connected drives 3 TTPs 22 IoCs
Attempts to read the root path of hard drives other than the default C: drive.
Processes:
00932e966d2894b0d6a66ba61b253e1e60508fa3c2a97ca42235237275eae352.exedescription ioc process File opened (read-only) \??\g: 00932e966d2894b0d6a66ba61b253e1e60508fa3c2a97ca42235237275eae352.exe File opened (read-only) \??\k: 00932e966d2894b0d6a66ba61b253e1e60508fa3c2a97ca42235237275eae352.exe File opened (read-only) \??\m: 00932e966d2894b0d6a66ba61b253e1e60508fa3c2a97ca42235237275eae352.exe File opened (read-only) \??\f: 00932e966d2894b0d6a66ba61b253e1e60508fa3c2a97ca42235237275eae352.exe File opened (read-only) \??\o: 00932e966d2894b0d6a66ba61b253e1e60508fa3c2a97ca42235237275eae352.exe File opened (read-only) \??\p: 00932e966d2894b0d6a66ba61b253e1e60508fa3c2a97ca42235237275eae352.exe File opened (read-only) \??\t: 00932e966d2894b0d6a66ba61b253e1e60508fa3c2a97ca42235237275eae352.exe File opened (read-only) \??\y: 00932e966d2894b0d6a66ba61b253e1e60508fa3c2a97ca42235237275eae352.exe File opened (read-only) \??\h: 00932e966d2894b0d6a66ba61b253e1e60508fa3c2a97ca42235237275eae352.exe File opened (read-only) \??\i: 00932e966d2894b0d6a66ba61b253e1e60508fa3c2a97ca42235237275eae352.exe File opened (read-only) \??\n: 00932e966d2894b0d6a66ba61b253e1e60508fa3c2a97ca42235237275eae352.exe File opened (read-only) \??\q: 00932e966d2894b0d6a66ba61b253e1e60508fa3c2a97ca42235237275eae352.exe File opened (read-only) \??\r: 00932e966d2894b0d6a66ba61b253e1e60508fa3c2a97ca42235237275eae352.exe File opened (read-only) \??\v: 00932e966d2894b0d6a66ba61b253e1e60508fa3c2a97ca42235237275eae352.exe File opened (read-only) \??\w: 00932e966d2894b0d6a66ba61b253e1e60508fa3c2a97ca42235237275eae352.exe File opened (read-only) \??\x: 00932e966d2894b0d6a66ba61b253e1e60508fa3c2a97ca42235237275eae352.exe File opened (read-only) \??\e: 00932e966d2894b0d6a66ba61b253e1e60508fa3c2a97ca42235237275eae352.exe File opened (read-only) \??\j: 00932e966d2894b0d6a66ba61b253e1e60508fa3c2a97ca42235237275eae352.exe File opened (read-only) \??\l: 00932e966d2894b0d6a66ba61b253e1e60508fa3c2a97ca42235237275eae352.exe File opened (read-only) \??\s: 00932e966d2894b0d6a66ba61b253e1e60508fa3c2a97ca42235237275eae352.exe File opened (read-only) \??\u: 00932e966d2894b0d6a66ba61b253e1e60508fa3c2a97ca42235237275eae352.exe File opened (read-only) \??\z: 00932e966d2894b0d6a66ba61b253e1e60508fa3c2a97ca42235237275eae352.exe -
Writes to the Master Boot Record (MBR) 1 TTPs 1 IoCs
Bootkits write to the MBR to gain persistence at a level below the operating system.
Processes:
00932e966d2894b0d6a66ba61b253e1e60508fa3c2a97ca42235237275eae352.exedescription ioc process File opened for modification \??\PhysicalDrive0 00932e966d2894b0d6a66ba61b253e1e60508fa3c2a97ca42235237275eae352.exe
Processes
Network
MITRE ATT&CK Enterprise v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/1368-54-0x0000000076171000-0x0000000076173000-memory.dmpFilesize
8KB