Analysis
-
max time kernel
36s -
max time network
41s -
platform
windows7_x64 -
resource
win7-20220414-en -
submitted
24-05-2022 16:06
Static task
static1
Behavioral task
behavioral1
Sample
daa617feb892ad4f794401b91e0b0f6e09522b7eeec94504844da313f6ccf042.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
daa617feb892ad4f794401b91e0b0f6e09522b7eeec94504844da313f6ccf042.exe
Resource
win10v2004-20220414-en
General
-
Target
daa617feb892ad4f794401b91e0b0f6e09522b7eeec94504844da313f6ccf042.exe
-
Size
956KB
-
MD5
f79132562e29883e95fe358912d747bd
-
SHA1
8c7044ca6cd59e051cc7ac21b54a697dd9b503a6
-
SHA256
daa617feb892ad4f794401b91e0b0f6e09522b7eeec94504844da313f6ccf042
-
SHA512
dd7ed92834e6b16ce7af6384a4d467716ef57f122d5d5d7db1bd5d087aab29dd0063edcd83308f81866d062232f53760ca51990e211933d27bcf2fff66f52515
Malware Config
Signatures
-
Processes:
resource yara_rule behavioral1/memory/2000-55-0x0000000010000000-0x000000001000B000-memory.dmp upx behavioral1/memory/2000-56-0x0000000010000000-0x000000001000B000-memory.dmp upx -
Writes to the Master Boot Record (MBR) 1 TTPs 1 IoCs
Bootkits write to the MBR to gain persistence at a level below the operating system.
Processes:
daa617feb892ad4f794401b91e0b0f6e09522b7eeec94504844da313f6ccf042.exedescription ioc process File opened for modification \??\PhysicalDrive0 daa617feb892ad4f794401b91e0b0f6e09522b7eeec94504844da313f6ccf042.exe