Analysis
-
max time kernel
94s -
max time network
158s -
platform
windows10-2004_x64 -
resource
win10v2004-20220812-en -
resource tags
-
submitted
24-11-2022 23:38
General
-
Target
765ef8ca3aa97396a6b352878d253c68abae8e7e4c89d5e91e42f2a96a09f54a.exe
-
Size
909KB
-
MD5
b14b690f25a098cced39527432d04559
-
SHA1
b078a1b5e1a87c0517c04c284b794f0f9d97e346
-
SHA256
765ef8ca3aa97396a6b352878d253c68abae8e7e4c89d5e91e42f2a96a09f54a
-
SHA512
30c67e2e5e9b874544e5b7814cf30b6076172dfa7efee6156baef6dc04ee4aec776e57521f95ed6b08ff3ce7e98e3564becda5e34902a032f473b69ada61c8ed
-
SSDEEP
24576:l8imo85ZO29LDd8L7lXGIghUz0fbr6gzc:qW2ogDdHuCn6gzc
Score
6/10
Malware Config
Signatures
-
Writes to the Master Boot Record (MBR) 1 TTPs 1 IoCs
Bootkits write to the MBR to gain persistence at a level below the operating system.
-
Runs ping.exe 1 TTPs 1 IoCs
-
Suspicious use of WriteProcessMemory 6 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\765ef8ca3aa97396a6b352878d253c68abae8e7e4c89d5e91e42f2a96a09f54a.exe"C:\Users\Admin\AppData\Local\Temp\765ef8ca3aa97396a6b352878d253c68abae8e7e4c89d5e91e42f2a96a09f54a.exe"1⤵
- Writes to the Master Boot Record (MBR)
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\cmd.execmd.exe /C ping 1.1.1.1 -n 1 -w 3000 > Nul & Del "C:\Users\Admin\AppData\Local\Temp\765ef8ca3aa97396a6b352878d253c68abae8e7e4c89d5e91e42f2a96a09f54a.exe"2⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\PING.EXEping 1.1.1.1 -n 1 -w 30003⤵
- Runs ping.exe