fea935d2d0fb1abadb900f009b4c40bb8a91fd9e25cc76ed4f9dae08960566d5 | Triage

Analysis

max time kernel
45s
max time network
49s
platform
windows7_x64
resource
win7-20220414-en
submitted
25-05-2022 22:05

Sharing

Report Analysis Logs

General

Target

max.exe
Size

647KB
MD5

bc7fc83ce9762eb97dc28ed1b79a0a10
SHA1

54df8f078ea7d43b25daea54e4f0a30da530289e
SHA256

fea935d2d0fb1abadb900f009b4c40bb8a91fd9e25cc76ed4f9dae08960566d5
SHA512

3b83de962fe1eae9362e659bd5efa61598da94983d0889e0859fd3488444e4d75ad295dc8089ef1ff37db0ce0bc3a2cb1e42f7e038d7b7d907d63e1633541ff2

Score

6^/10

bootkit persistence

Malware Config

Signatures

Writes to the Master Boot Record (MBR) 1 TTPs 1 IoCs
Bootkits write to the MBR to gain persistence at a level below the operating system.
bootkit persistence

Bootkit
T1067

Processes:

max.exe

description ioc process

File opened for modification \??\PhysicalDrive0 max.exe

C:\Users\Admin\AppData\Local\Temp\max.exe
"C:\Users\Admin\AppData\Local\Temp\max.exe"
1⤵
- Writes to the Master Boot Record (MBR)
PID:872

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Bootkit

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

memory/872-54-0x00000000002F0000-0x0000000000350000-memory.dmp

Filesize
384KB

Download
memory/872-55-0x0000000003190000-0x0000000003193000-memory.dmp

Filesize
12KB

Download