Overview

overview

10

Static

static

10

TrashMalwa...in.exe

windows10-2004-x64

8

TrashMalwa...er.exe

windows10-2004-x64

8

TrashMalwa...nk.exe

windows10-2004-x64

8

TrashMalwa...oN.bat

windows10-2004-x64

8

TrashMalwa...zz.exe

windows10-2004-x64

6

TrashMalwa...de.exe

windows10-2004-x64

8

TrashMalwa...20.exe

windows10-2004-x64

7

TrashMalwa...ll.exe

windows10-2004-x64

8

TrashMalwa...le.exe

windows10-2004-x64

8

TrashMalwa...oe.bat

windows10-2004-x64

TrashMalwa....0.exe

windows10-2004-x64

7

TrashMalwa....0.exe

windows10-2004-x64

8

TrashMalwa....0.exe

windows10-2004-x64

8

TrashMalwa...ic.exe

windows10-2004-x64

6

TrashMalwa...OD.exe

windows10-2004-x64

10

TrashMalwa...um.exe

windows10-2004-x64

6

TrashMalwa...er.exe

windows10-2004-x64

8

TrashMalwa...MZ.exe

windows10-2004-x64

1

TrashMalwa...ch.exe

windows10-2004-x64

8

TrashMalwa....5.exe

windows10-2004-x64

8

TrashMalwa...ol.exe

windows10-2004-x64

8

TrashMalwa...hm.exe

windows10-2004-x64

10

TrashMalwa...10.exe

windows10-2004-x64

7

TrashMalwa...V6.exe

windows10-2004-x64

7

TrashMalwa.../x.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    127s
  • max time network
    179s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20220812-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
  • submitted
    18-09-2022 14:13

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    TrashMalwares-main/Fizz.exe

  • Size

    92KB

  • MD5

    9819bbffcb5a080decc8a82287c5b0e0

  • SHA1

    14141500777c63f0578711c0027f28376217e504

  • SHA256

    a1f6a55809b069d0c1895b2f6f5ef5a625cbb79a266b95f6c0fb6ac638ce33a8

  • SHA512

    e495367e2be9049aa347fff94dd8f5046d9696e894434d081965ca9c6dc956977f63b11bed146ba3e43765b57dc2f820d25d2f4338f54f60885ea367d3bd9088

  • SSDEEP

    1536:AHX12ic/eMRXdFsf3B3HR8STDBVog8S81/Lxbj3V7mTEyqp5aOsWPcdxhrHhNTeQ:AIi1mSfxtBVog8S81/+qp5cxh9NTe3

Score
6/10
bootkitpersistence

Malware Config

Signatures

  • Writes to the Master Boot Record (MBR) 1 TTPs 1 IoCs

    Bootkits write to the MBR to gain persistence at a level below the operating system.

    bootkitpersistence
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\TrashMalwares-main\Fizz.exe
    "C:\Users\Admin\AppData\Local\Temp\TrashMalwares-main\Fizz.exe"
    1⤵
    • Writes to the Master Boot Record (MBR)
    • Suspicious behavior: GetForegroundWindowSpam
    • Suspicious use of AdjustPrivilegeToken
    PID:4812
  • C:\Windows\system32\AUDIODG.EXE
    C:\Windows\system32\AUDIODG.EXE 0x2f4 0x308
    1⤵
    • Suspicious use of AdjustPrivilegeToken
    PID:1176

Network

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Bootkit

1
T1067

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Replay Monitor

Loading Replay Monitor...

Downloads