Overview

overview

9

Static

static

dbwmdjs_dtf.exe

windows7-x64

9

dbwmdjs_dtf.exe

windows10-2004-x64

9

Analysis

  • max time kernel
    449s
  • max time network
    476s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20221111-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20221111-enlocale:en-usos:windows10-2004-x64system
  • submitted
    25-11-2022 22:41

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    dbwmdjs_dtf.exe

  • Size

    2.4MB

  • MD5

    6513311f73feccd7f1b6475c17e5b531

  • SHA1

    7427ab5cba88979baaf42867828623a97e902455

  • SHA256

    de7c6857fecc81141b3aa01fd9a3f30e0ad63c8352a4265688fa1d74817fffba

  • SHA512

    23f6406e5f8d346e6938bf7f2a8e0f9b910071b5f9d44e1fa5a42787820322f4fa62c15d7a259941671754ba1c1a49b5ad79379419bc8d7943a9bb4ddef2bd99

  • SSDEEP

    49152:Ueixv5gjv451U21sZCg1ch16FRU1EzXIWWCG/RMj:cF2jv47UQoe+RUWbIHCG/R4

Score
9/10
bootkitpersistenceupx

Malware Config

Signatures

  • ACProtect 1.3x - 1.4x DLL software 1 IoCs

    Detects file using ACProtect software.

  • UPX packed file 3 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Loads dropped DLL 1 IoCs
  • Writes to the Master Boot Record (MBR) 1 TTPs 1 IoCs

    Bootkits write to the MBR to gain persistence at a level below the operating system.

    bootkitpersistence
  • Suspicious use of AdjustPrivilegeToken 64 IoCs
  • Suspicious use of SetWindowsHookEx 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\dbwmdjs_dtf.exe
    "C:\Users\Admin\AppData\Local\Temp\dbwmdjs_dtf.exe"
    1⤵
    • Loads dropped DLL
    • Writes to the Master Boot Record (MBR)
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of SetWindowsHookEx
    PID:4148

Network

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Bootkit

1
T1067

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\AntiVC.dll
    Filesize

    54KB

    MD5

    0420f862d69bb050bb25fabebfbb8edb

    SHA1

    897d1843f247a4820bff176f151d5a08203afcb1

    SHA256

    d1632d3224740e37d4c243b6be8ecf5d5a7ccb41dff3f1f9886e36cbd2104a13

    SHA512

    b0f86ee3cf82e32e138a8e1da79a0596da6f179bbb9c3e6673d57766860085d776ee2c34d4107cbac0bd569f9f5d30ba24c8f19d4b146ea8b8b889e782a3631d

    Download Submit
  • memory/4148-133-0x0000000010000000-0x0000000010059000-memory.dmp
    Filesize

    356KB

    Download
  • memory/4148-134-0x0000000010000000-0x0000000010059000-memory.dmp
    Filesize

    356KB

    Download