1de7c5e6b6005acbc13e4d31cf0d0ac0f5b1e85125e340594467028861e97f5c | Triage

Analysis

max time kernel
52s
max time network
73s
platform
windows10_x64
resource
win10-20220414-en
submitted
26-05-2022 05:15

Sharing

Report Analysis Logs

General

Target

1de7c5e6b6005acbc13e4d31cf0d0ac0f5b1e85125e340594467028861e97f5c.exe
Size

627KB
MD5

c7419936f5da5ecaea2f788259db122b
SHA1

ba6951d1840adabcb43928ef1ac88147b4c440d7
SHA256

1de7c5e6b6005acbc13e4d31cf0d0ac0f5b1e85125e340594467028861e97f5c
SHA512

3b41242c33b3de103cecc723b05df840ae9fd2b2f97f1290bae79ccebe6714707823b93d2d06d23327b535dee8987a764ad778dcd7307a737d933e0c468341e0

Score

6^/10

bootkit persistence

Malware Config

Signatures

Writes to the Master Boot Record (MBR) 1 TTPs 1 IoCs
Bootkits write to the MBR to gain persistence at a level below the operating system.
bootkit persistence

Bootkit
T1067

Processes:

1de7c5e6b6005acbc13e4d31cf0d0ac0f5b1e85125e340594467028861e97f5c.exe

description ioc process

File opened for modification \??\PHYSICALDRIVE0 1de7c5e6b6005acbc13e4d31cf0d0ac0f5b1e85125e340594467028861e97f5c.exe

C:\Users\Admin\AppData\Local\Temp\1de7c5e6b6005acbc13e4d31cf0d0ac0f5b1e85125e340594467028861e97f5c.exe
"C:\Users\Admin\AppData\Local\Temp\1de7c5e6b6005acbc13e4d31cf0d0ac0f5b1e85125e340594467028861e97f5c.exe"
1⤵
- Writes to the Master Boot Record (MBR)
PID:1184

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Bootkit

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1184-117-0x0000000000400000-0x0000000000966000-memory.dmp

Filesize
5.4MB

Download
memory/1184-118-0x0000000000A70000-0x0000000000BBA000-memory.dmp

Filesize
1.3MB

Download
memory/1184-119-0x00000000025B0000-0x000000000261B000-memory.dmp

Filesize
428KB

Download
memory/1184-120-0x0000000000400000-0x0000000000966000-memory.dmp

Filesize
5.4MB

Download