be88fd4614a634205229448e2931d13d1690f8484e7e81c13ebb5173b0cc7b1a | Triage

Analysis

max time kernel
90s
max time network
148s
platform
windows10-2004_x64
resource
win10v2004-20220414-en
submitted
26-05-2022 21:54

Sharing

Report Analysis Logs

General

Target

be88fd4614a634205229448e2931d13d1690f8484e7e81c13ebb5173b0cc7b1a.exe
Size

535KB
MD5

d5f13a08f9a3f674a4f11b7dc73684d0
SHA1

b79501febface8efcd1c81e381923aac4d881a56
SHA256

be88fd4614a634205229448e2931d13d1690f8484e7e81c13ebb5173b0cc7b1a
SHA512

66bedf8a803efdf3f1b88819ea3e712260fad36dab6ddf75e1f4b9495ae1410e8a85bcfb85874e00e2f49f9803c1b0b30e6d5be67e651645a5ca1183086be7d9

Score

6^/10

bootkit persistence

Malware Config

Signatures

Writes to the Master Boot Record (MBR) 1 TTPs 1 IoCs
Bootkits write to the MBR to gain persistence at a level below the operating system.
bootkit persistence

Bootkit
T1067

Processes:

be88fd4614a634205229448e2931d13d1690f8484e7e81c13ebb5173b0cc7b1a.exe

description ioc process

File opened for modification \??\PHYSICALDRIVE0 be88fd4614a634205229448e2931d13d1690f8484e7e81c13ebb5173b0cc7b1a.exe

C:\Users\Admin\AppData\Local\Temp\be88fd4614a634205229448e2931d13d1690f8484e7e81c13ebb5173b0cc7b1a.exe
"C:\Users\Admin\AppData\Local\Temp\be88fd4614a634205229448e2931d13d1690f8484e7e81c13ebb5173b0cc7b1a.exe"
1⤵
- Writes to the Master Boot Record (MBR)
PID:2288

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Bootkit

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2288-130-0x0000000000400000-0x000000000048C000-memory.dmp

Filesize
560KB

Download
memory/2288-131-0x000000000074E000-0x00000000007AE000-memory.dmp

Filesize
384KB

Download
memory/2288-132-0x00000000021D0000-0x000000000223B000-memory.dmp

Filesize
428KB

Download
memory/2288-133-0x0000000000400000-0x000000000048C000-memory.dmp

Filesize
560KB

Download