dd63745d035a31e8ff92c9879560cd131f5eb809ff8bcaf4d52342d5ad7168b7 | Triage

Submit
Reports

Overview

overview

8

Static

static

dd63745d03...b7.exe

windows7-x64

8

dd63745d03...b7.exe

windows10-2004-x64

8

Sharing

General

Target

dd63745d035a31e8ff92c9879560cd131f5eb809ff8bcaf4d52342d5ad7168b7
Size

1.1MB
Sample

221002-2vgnmsfehr
MD5

63262d885b2d4bfd0418721df73dbb30
SHA1

55025d3677a63e50000e3ffbb98bfabf8c73b4ba
SHA256

dd63745d035a31e8ff92c9879560cd131f5eb809ff8bcaf4d52342d5ad7168b7
SHA512

2d43c3bb56102ebd07563d14b6c41f9101585e7519b190fe5ef50e9c7571fc56f7e3e43d77958ad944eb976976976406f71df6abf4165a039117c4db0e0c9293
SSDEEP

24576:ujmzp9dKb9R3n9Owg+3P5WV3CVZ9glt6Uqk5Dyw+m4eFAUWss0l:ujmVTSy+3PcV3K9qt6NkWJeFA3sh

Score

8^/10

bootkit discovery persistence

Static task

static1

Behavioral task

behavioral1

Sample

dd63745d035a31e8ff92c9879560cd131f5eb809ff8bcaf4d52342d5ad7168b7.exe

Resource

win7-20220812-en

bootkit discovery persistence

windows7-x64

15 signatures

150 seconds

Behavioral task

behavioral2

Sample

dd63745d035a31e8ff92c9879560cd131f5eb809ff8bcaf4d52342d5ad7168b7.exe

Resource

win10v2004-20220812-en

bootkit discovery persistence

windows10-2004-x64

14 signatures

150 seconds

Malware Config

Targets

- Target
  
  dd63745d035a31e8ff92c9879560cd131f5eb809ff8bcaf4d52342d5ad7168b7
- Size
  
  1.1MB
- MD5
  
  63262d885b2d4bfd0418721df73dbb30
- SHA1
  
  55025d3677a63e50000e3ffbb98bfabf8c73b4ba
- SHA256
  
  dd63745d035a31e8ff92c9879560cd131f5eb809ff8bcaf4d52342d5ad7168b7
- SHA512
  
  2d43c3bb56102ebd07563d14b6c41f9101585e7519b190fe5ef50e9c7571fc56f7e3e43d77958ad944eb976976976406f71df6abf4165a039117c4db0e0c9293
- SSDEEP
  
  24576:ujmzp9dKb9R3n9Owg+3P5WV3CVZ9glt6Uqk5Dyw+m4eFAUWss0l:ujmVTSy+3PcV3K9qt6NkWJeFA3sh
Score

8^/10

bootkit discovery persistence
- Executes dropped EXE
- Sets service image path in registry
  persistence
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Writes to the Master Boot Record (MBR)
  Bootkits write to the MBR to gain persistence at a level below the operating system.
  bootkit persistence
- Drops file in System32 directory
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Bootkit

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

Peripheral Device Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

bootkitdiscoverypersistence

behavioral2

bootkitdiscoverypersistence

© 2018-2024

Terms | Privacy