Analysis

  • max time kernel
    151s
  • max time network
    149s
  • platform
    windows7_x64
  • resource
    win7-20220901-en
  • resource tags

    arch:x64arch:x86image:win7-20220901-enlocale:en-usos:windows7-x64system
  • submitted
    24-11-2022 05:21

General

  • Target

    stonepollp77_jxl.exe

  • Size

    1.5MB

  • MD5

    01208d19840a8122c054dfedb65a9812

  • SHA1

    e969a40f52dc51d781ce56835d0944511adab159

  • SHA256

    b7ed40beb2fc7b523785905804869d193d53acdab7682a97f4a77d6572db187d

  • SHA512

    05ae3da560bdbda1f256ec13b6273c368421292d591a1c751983b3e19447779815ef738711d4d8e774d1755777a1615c3766d565048452bc47ef9706a8829f6a

  • SSDEEP

    24576:89AhZvV6h+Xmt1KvkYgQr6p+pq7v3mC5JvhSv9Q/DKC/Kr/tNWKkNXbpmgc/rMGI:8e1jgZ7vn5bc66LtjkNXggczMP

Score
7/10

Malware Config

Signatures

  • Loads dropped DLL 1 IoCs
  • Writes to the Master Boot Record (MBR) 1 TTPs 1 IoCs

    Bootkits write to the MBR to gain persistence at a level below the operating system.

  • Suspicious use of AdjustPrivilegeToken 64 IoCs
  • Suspicious use of SetWindowsHookEx 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\stonepollp77_jxl.exe
    "C:\Users\Admin\AppData\Local\Temp\stonepollp77_jxl.exe"
    1⤵
    • Loads dropped DLL
    • Writes to the Master Boot Record (MBR)
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of SetWindowsHookEx
    PID:1060

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • \Users\Admin\AppData\Local\Temp\AntiVC.dll

    Filesize

    232KB

    MD5

    8319c6405af5d25077f9924a21ae3dd5

    SHA1

    1bc6a7abfbe93632f286f92effc01fb6bf9a65f3

    SHA256

    4311e07792323dc276972151a609d4b2f3fd3fbb9504c486009ae0c7e6dde0fd

    SHA512

    0479b615157c63416ee914e4016d679e8d764b95ebc754011a41c53f936ec92f344e129621f55882d812a4c170e95812aef84190bd03baf9ed422c97a6cb7f61

  • memory/1060-54-0x0000000074DC1000-0x0000000074DC3000-memory.dmp

    Filesize

    8KB