74bb78354743cf5af1e40fa33e4afd693ddd6e202251e4f7e35bb5161100ba2b

Analysis

max time kernel
54s
max time network
146s
platform
windows10_x64
resource
win10-20220414-en
submitted
27-05-2022 06:38

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

74bb78354743cf5af1e40fa33e4afd693ddd6e202251e4f7e35bb5161100ba2b.exe
Size

625KB
MD5

058021d2ced25aa7acaf9859aba0c148
SHA1

d8927443a160a81c7091830867dabb32239df995
SHA256

74bb78354743cf5af1e40fa33e4afd693ddd6e202251e4f7e35bb5161100ba2b
SHA512

ed2f2c325f36c65473482340f1e69cb6266d1c856c2407b45c6291b44a2c44c33aac7a421056ccf8f63fde78b8e517f18ebfc717af582ebc06a9470fdb3cf9b4

Score

6^/10

bootkit persistence

Malware Config

Signatures

Writes to the Master Boot Record (MBR) 1 TTPs 1 IoCs
Bootkits write to the MBR to gain persistence at a level below the operating system.
bootkit persistence

Bootkit
T1067

Processes:

74bb78354743cf5af1e40fa33e4afd693ddd6e202251e4f7e35bb5161100ba2b.exe

description ioc process

File opened for modification \??\PHYSICALDRIVE0 74bb78354743cf5af1e40fa33e4afd693ddd6e202251e4f7e35bb5161100ba2b.exe

description	ioc	process
File opened for modification	\??\PHYSICALDRIVE0	74bb78354743cf5af1e40fa33e4afd693ddd6e202251e4f7e35bb5161100ba2b.exe

C:\Users\Admin\AppData\Local\Temp\74bb78354743cf5af1e40fa33e4afd693ddd6e202251e4f7e35bb5161100ba2b.exe
"C:\Users\Admin\AppData\Local\Temp\74bb78354743cf5af1e40fa33e4afd693ddd6e202251e4f7e35bb5161100ba2b.exe"
1⤵
- Writes to the Master Boot Record (MBR)
PID:1808

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Bootkit

T1067

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1808-117-0x0000000077B50000-0x0000000077CDE000-memory.dmp

Filesize
1.6MB

Download
memory/1808-118-0x0000000077B50000-0x0000000077CDE000-memory.dmp

Filesize
1.6MB

Download
memory/1808-119-0x0000000077B50000-0x0000000077CDE000-memory.dmp

Filesize
1.6MB

Download
memory/1808-120-0x0000000077B50000-0x0000000077CDE000-memory.dmp

Filesize
1.6MB

Download
memory/1808-121-0x0000000077B50000-0x0000000077CDE000-memory.dmp

Filesize
1.6MB

Download
memory/1808-122-0x0000000077B50000-0x0000000077CDE000-memory.dmp

Filesize
1.6MB

Download
memory/1808-123-0x0000000077B50000-0x0000000077CDE000-memory.dmp

Filesize
1.6MB

Download
memory/1808-124-0x0000000077B50000-0x0000000077CDE000-memory.dmp

Filesize
1.6MB

Download
memory/1808-125-0x0000000077B50000-0x0000000077CDE000-memory.dmp

Filesize
1.6MB

Download
memory/1808-126-0x0000000077B50000-0x0000000077CDE000-memory.dmp

Filesize
1.6MB

Download
memory/1808-127-0x0000000077B50000-0x0000000077CDE000-memory.dmp

Filesize
1.6MB

Download
memory/1808-128-0x0000000077B50000-0x0000000077CDE000-memory.dmp

Filesize
1.6MB

Download
memory/1808-129-0x0000000077B50000-0x0000000077CDE000-memory.dmp

Filesize
1.6MB

Download
memory/1808-130-0x0000000077B50000-0x0000000077CDE000-memory.dmp

Filesize
1.6MB

Download
memory/1808-131-0x0000000077B50000-0x0000000077CDE000-memory.dmp

Filesize
1.6MB

Download
memory/1808-132-0x0000000077B50000-0x0000000077CDE000-memory.dmp

Filesize
1.6MB

Download
memory/1808-133-0x0000000077B50000-0x0000000077CDE000-memory.dmp

Filesize
1.6MB

Download
memory/1808-134-0x0000000077B50000-0x0000000077CDE000-memory.dmp

Filesize
1.6MB

Download
memory/1808-135-0x0000000077B50000-0x0000000077CDE000-memory.dmp

Filesize
1.6MB

Download
memory/1808-136-0x0000000077B50000-0x0000000077CDE000-memory.dmp

Filesize
1.6MB

Download
memory/1808-137-0x0000000077B50000-0x0000000077CDE000-memory.dmp

Filesize
1.6MB

Download
memory/1808-138-0x0000000077B50000-0x0000000077CDE000-memory.dmp

Filesize
1.6MB

Download
memory/1808-139-0x0000000077B50000-0x0000000077CDE000-memory.dmp

Filesize
1.6MB

Download
memory/1808-140-0x0000000077B50000-0x0000000077CDE000-memory.dmp

Filesize
1.6MB

Download
memory/1808-141-0x0000000077B50000-0x0000000077CDE000-memory.dmp

Filesize
1.6MB

Download
memory/1808-142-0x0000000000C67000-0x0000000000CC7000-memory.dmp

Filesize
384KB

Download
memory/1808-144-0x0000000077B50000-0x0000000077CDE000-memory.dmp

Filesize
1.6MB

Download
memory/1808-143-0x0000000000AD0000-0x0000000000B3B000-memory.dmp

Filesize
428KB

Download
memory/1808-146-0x0000000077B50000-0x0000000077CDE000-memory.dmp

Filesize
1.6MB

Download
memory/1808-145-0x0000000077B50000-0x0000000077CDE000-memory.dmp

Filesize
1.6MB

Download
memory/1808-147-0x0000000077B50000-0x0000000077CDE000-memory.dmp

Filesize
1.6MB

Download
memory/1808-148-0x0000000077B50000-0x0000000077CDE000-memory.dmp

Filesize
1.6MB

Download
memory/1808-149-0x0000000077B50000-0x0000000077CDE000-memory.dmp

Filesize
1.6MB

Download
memory/1808-150-0x0000000077B50000-0x0000000077CDE000-memory.dmp

Filesize
1.6MB

Download
memory/1808-151-0x0000000077B50000-0x0000000077CDE000-memory.dmp

Filesize
1.6MB

Download
memory/1808-152-0x0000000077B50000-0x0000000077CDE000-memory.dmp

Filesize
1.6MB

Download
memory/1808-153-0x0000000077B50000-0x0000000077CDE000-memory.dmp

Filesize
1.6MB

Download
memory/1808-154-0x0000000077B50000-0x0000000077CDE000-memory.dmp

Filesize
1.6MB

Download
memory/1808-155-0x0000000077B50000-0x0000000077CDE000-memory.dmp

Filesize
1.6MB

Download
memory/1808-156-0x0000000000400000-0x0000000000965000-memory.dmp

Filesize
5.4MB

Download
memory/1808-157-0x0000000077B50000-0x0000000077CDE000-memory.dmp

Filesize
1.6MB

Download
memory/1808-158-0x0000000077B50000-0x0000000077CDE000-memory.dmp

Filesize
1.6MB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads