2d1ce8037528ca32f3155729c0096ee9508a2df376f465a027a6c6dfba29bbd3 | Triage

Analysis

max time kernel
136s
max time network
152s
platform
windows10-2004_x64
resource
win10v2004-20220414-en
submitted
25-05-2022 23:51

Sharing

Report Analysis Logs

General

Target

1e2d2591e1412560c17b1aa921513da5.exe
Size

611KB
MD5

1e2d2591e1412560c17b1aa921513da5
SHA1

4db18f7093dbca03ed4d7eece56567dd996a3ea8
SHA256

2d1ce8037528ca32f3155729c0096ee9508a2df376f465a027a6c6dfba29bbd3
SHA512

d9ab70b0dfcc7d3214d14f0ea45768439966b7b4d6c7c28ed5ef16ebae78382fcaac4c44ecd3046fe055b51b3e56a143fd3e2328cef643cf78b033fe86227095

Score

6^/10

bootkit persistence

Malware Config

Signatures

Writes to the Master Boot Record (MBR) 1 TTPs 1 IoCs
Bootkits write to the MBR to gain persistence at a level below the operating system.
bootkit persistence

Bootkit
T1067

Processes:

1e2d2591e1412560c17b1aa921513da5.exe

description ioc process

File opened for modification \??\PHYSICALDRIVE0 1e2d2591e1412560c17b1aa921513da5.exe

C:\Users\Admin\AppData\Local\Temp\1e2d2591e1412560c17b1aa921513da5.exe
"C:\Users\Admin\AppData\Local\Temp\1e2d2591e1412560c17b1aa921513da5.exe"
1⤵
- Writes to the Master Boot Record (MBR)
PID:2476

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k appmodel -p -s camsvc
1⤵
PID:4868

Network

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Bootkit

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2476-130-0x0000000000400000-0x00000000004DD000-memory.dmp

Filesize
884KB

Download
memory/2476-131-0x0000000000542000-0x00000000005A3000-memory.dmp

Filesize
388KB

Download
memory/2476-132-0x0000000000760000-0x00000000007CB000-memory.dmp

Filesize
428KB

Download
memory/2476-133-0x0000000000400000-0x00000000004DD000-memory.dmp

Filesize
884KB

Download