Overview

overview

6

Static

static

c8c1107155...82.exe

windows7-x64

6

c8c1107155...82.exe

windows10-2004-x64

5

Analysis

  • max time kernel
    35s
  • max time network
    42s
  • platform
    windows7_x64
  • resource
    win7-20220812-en
  • resource tags

    arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
  • submitted
    28/10/2022, 18:17

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    c8c11071552ee2af65568211176458242ba6d49a440b288f23cad99aea39f482.exe

  • Size

    294KB

  • MD5

    0be9f172083c2bfd77e333942ba2c374

  • SHA1

    c101c585eb22350d003129942f742c8665fb1c90

  • SHA256

    c8c11071552ee2af65568211176458242ba6d49a440b288f23cad99aea39f482

  • SHA512

    5aca9ec0532807136dbb2d9939f4dbde2dc8b83464c62b1da3f87e96482eea3383a7bc51543f943958b3d856c01a35003378b3d113c59ad717861843b6383228

  • SSDEEP

    6144:jn73VoVj14cs1MHHYwuBk4TyQOI5JgpcvqNplcnnM4A:rrVo9VMHT0Iw5pyA

Score
6/10
bootkitpersistence

Malware Config

Signatures

  • Writes to the Master Boot Record (MBR) 1 TTPs 1 IoCs

    Bootkits write to the MBR to gain persistence at a level below the operating system.

    bootkitpersistence
  • Suspicious use of SetThreadContext 1 IoCs
  • Modifies registry class 3 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs
  • Suspicious use of WriteProcessMemory 8 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\c8c11071552ee2af65568211176458242ba6d49a440b288f23cad99aea39f482.exe
    "C:\Users\Admin\AppData\Local\Temp\c8c11071552ee2af65568211176458242ba6d49a440b288f23cad99aea39f482.exe"
    1⤵
    • Writes to the Master Boot Record (MBR)
    • Suspicious use of SetThreadContext
    • Modifies registry class
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:900
    • C:\Users\Admin\AppData\Local\Temp\c8c11071552ee2af65568211176458242ba6d49a440b288f23cad99aea39f482.exe
      C:\Users\Admin\AppData\Local\Temp\c8c11071552ee2af65568211176458242ba6d49a440b288f23cad99aea39f482.exe
      2⤵
        PID:1992

    Network

    MITRE ATT&CK Enterprise v6

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • memory/900-54-0x0000000000400000-0x00000000004C1000-memory.dmp

      Filesize

      772KB

      Download

    • memory/900-60-0x0000000000400000-0x00000000004C1000-memory.dmp

      Filesize

      772KB

      Download

    • memory/1992-57-0x0000000000400000-0x0000000000409000-memory.dmp

      Filesize

      36KB

      Download

    • memory/1992-61-0x0000000000400000-0x0000000000408960-memory.dmp

      Filesize

      34KB

      Download

    • memory/1992-62-0x0000000076071000-0x0000000076073000-memory.dmp

      Filesize

      8KB

      Download

    • memory/1992-63-0x0000000010000000-0x0000000010013000-memory.dmp

      Filesize

      76KB

      Download