2d1ce8037528ca32f3155729c0096ee9508a2df376f465a027a6c6dfba29bbd3 | Triage

Analysis

max time kernel
91s
max time network
147s
platform
windows10-2004_x64
resource
win10v2004-20220414-en
submitted
25-05-2022 23:45

Sharing

Report Analysis Logs

General

Target

2d1ce8037528ca32f3155729c0096ee9508a2df376f465a027a6c6dfba29bbd3.exe
Size

611KB
MD5

1e2d2591e1412560c17b1aa921513da5
SHA1

4db18f7093dbca03ed4d7eece56567dd996a3ea8
SHA256

2d1ce8037528ca32f3155729c0096ee9508a2df376f465a027a6c6dfba29bbd3
SHA512

d9ab70b0dfcc7d3214d14f0ea45768439966b7b4d6c7c28ed5ef16ebae78382fcaac4c44ecd3046fe055b51b3e56a143fd3e2328cef643cf78b033fe86227095

Score

6^/10

bootkit persistence

Malware Config

Signatures

Writes to the Master Boot Record (MBR) 1 TTPs 1 IoCs
Bootkits write to the MBR to gain persistence at a level below the operating system.
bootkit persistence

Bootkit
T1067

Processes:

2d1ce8037528ca32f3155729c0096ee9508a2df376f465a027a6c6dfba29bbd3.exe

description ioc process

File opened for modification \??\PHYSICALDRIVE0 2d1ce8037528ca32f3155729c0096ee9508a2df376f465a027a6c6dfba29bbd3.exe

C:\Users\Admin\AppData\Local\Temp\2d1ce8037528ca32f3155729c0096ee9508a2df376f465a027a6c6dfba29bbd3.exe
"C:\Users\Admin\AppData\Local\Temp\2d1ce8037528ca32f3155729c0096ee9508a2df376f465a027a6c6dfba29bbd3.exe"
1⤵
- Writes to the Master Boot Record (MBR)
PID:3280

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Bootkit

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

memory/3280-130-0x0000000000400000-0x00000000004DD000-memory.dmp

Filesize
884KB

Download
memory/3280-131-0x00000000007E2000-0x0000000000843000-memory.dmp

Filesize
388KB

Download
memory/3280-132-0x0000000002170000-0x00000000021DB000-memory.dmp

Filesize
428KB

Download
memory/3280-133-0x0000000000400000-0x00000000004DD000-memory.dmp

Filesize
884KB

Download