dc20b38fa55aa52580125dab374b46217136a532c805d7aefcfdbce14d3dfad5 | Triage

Submit
Reports

Overview

overview

Static

static

8

dc20b38fa5...d5.exe

windows7-x64

dc20b38fa5...d5.exe

windows10-2004-x64

Sharing

General

Target

dc20b38fa55aa52580125dab374b46217136a532c805d7aefcfdbce14d3dfad5
Size

739KB
Sample

221123-vqbs9scf2v
MD5

15d3258e0a610cd824b1f51d9297d640
SHA1

478065a1b38bab5785d8ed5e531ef399bc2633a8
SHA256

dc20b38fa55aa52580125dab374b46217136a532c805d7aefcfdbce14d3dfad5
SHA512

59c1e735e66392accef8d89dcb81d4e9960027c6820ed9e0c848d749738d650e998ab6939520c0df713f7026acf2afa7cabac128fcd98ce4b868c39edc60f1d9
SSDEEP

12288:DSYr8EeBHl8irqPEWGwfz/NQt0lmmFRxRIMmSN3FUoAjc:Dn7kFLrqV7z7m2RxRIMmC3Cc

Score

10^/10

bootkit persistence upx

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

dc20b38fa55aa52580125dab374b46217136a532c805d7aefcfdbce14d3dfad5.exe

Resource

win7-20221111-en

bootkit persistence upx

windows7-x64

16 signatures

150 seconds

Behavioral task

behavioral2

Sample

dc20b38fa55aa52580125dab374b46217136a532c805d7aefcfdbce14d3dfad5.exe

Resource

win10v2004-20220812-en

bootkit persistence upx

windows10-2004-x64

16 signatures

150 seconds

Malware Config

Targets

- Target
  
  dc20b38fa55aa52580125dab374b46217136a532c805d7aefcfdbce14d3dfad5
- Size
  
  739KB
- MD5
  
  15d3258e0a610cd824b1f51d9297d640
- SHA1
  
  478065a1b38bab5785d8ed5e531ef399bc2633a8
- SHA256
  
  dc20b38fa55aa52580125dab374b46217136a532c805d7aefcfdbce14d3dfad5
- SHA512
  
  59c1e735e66392accef8d89dcb81d4e9960027c6820ed9e0c848d749738d650e998ab6939520c0df713f7026acf2afa7cabac128fcd98ce4b868c39edc60f1d9
- SSDEEP
  
  12288:DSYr8EeBHl8irqPEWGwfz/NQt0lmmFRxRIMmSN3FUoAjc:Dn7kFLrqV7z7m2RxRIMmC3Cc
Score

10^/10

bootkit persistence upx
- Suspicious use of NtCreateProcessOtherParentProcess
- Nirsoft
- Executes dropped EXE
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Deletes itself
- Drops desktop.ini file(s)
- Writes to the Master Boot Record (MBR)
  Bootkits write to the MBR to gain persistence at a level below the operating system.
  bootkit persistence
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Bootkit

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

bootkitpersistenceupx

behavioral2

bootkitpersistenceupx

© 2018-2024

Terms | Privacy