Analysis
-
max time kernel
150s -
max time network
50s -
platform
windows7_x64 -
resource
win7-20220901-en -
resource tags
-
submitted
25-11-2022 11:52
General
-
Target
21c2c30c48d5b31c6c099bae2b05e7c70adfc14013c20aa70fb59d4c2467fa17.exe
-
Size
6.5MB
-
MD5
d652aa08893d8b839d51138915e89b59
-
SHA1
01ebef88b41abd70da8931ab76d277991f55ce25
-
SHA256
21c2c30c48d5b31c6c099bae2b05e7c70adfc14013c20aa70fb59d4c2467fa17
-
SHA512
365d230c49b4fa716fd6fb2f62d9c9251b5b1058aae13d8c701528071ae30051267b7c5898e5c226796c9d40c0ede390b4880d03136daa3fc487324582d9f1d3
-
SSDEEP
196608:iQ9w3ns9qy0LDPmhQmXAR3KaNDlrf/m7j4TZfEe:Pw32p0LjqQm6KmJ/m7j42
Malware Config
Signatures
-
UPX packed file 24 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
VMProtect packed file 5 IoCs
Detects executables packed with VMProtect commercial packer.
-
Writes to the Master Boot Record (MBR) 1 TTPs 1 IoCs
Bootkits write to the MBR to gain persistence at a level below the operating system.
-
Suspicious use of NtSetInformationThreadHideFromDebugger 1 IoCs
-
Suspicious behavior: EnumeratesProcesses 64 IoCs
-
Suspicious use of SetWindowsHookEx 3 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\21c2c30c48d5b31c6c099bae2b05e7c70adfc14013c20aa70fb59d4c2467fa17.exe"C:\Users\Admin\AppData\Local\Temp\21c2c30c48d5b31c6c099bae2b05e7c70adfc14013c20aa70fb59d4c2467fa17.exe"1⤵
- Writes to the Master Boot Record (MBR)
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
Network
MITRE ATT&CK Matrix ATT&CK v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/1288-54-0x00000000752B1000-0x00000000752B3000-memory.dmpFilesize
8KB
-
memory/1288-55-0x0000000000400000-0x00000000011A0000-memory.dmpFilesize
13.6MB
-
memory/1288-57-0x0000000000400000-0x00000000011A0000-memory.dmpFilesize
13.6MB
-
memory/1288-59-0x0000000000400000-0x00000000011A0000-memory.dmpFilesize
13.6MB
-
memory/1288-58-0x0000000000380000-0x00000000003BE000-memory.dmpFilesize
248KB
-
memory/1288-61-0x0000000000380000-0x00000000003BE000-memory.dmpFilesize
248KB
-
memory/1288-60-0x0000000000380000-0x00000000003BE000-memory.dmpFilesize
248KB
-
memory/1288-63-0x0000000000380000-0x00000000003BE000-memory.dmpFilesize
248KB
-
memory/1288-65-0x0000000000380000-0x00000000003BE000-memory.dmpFilesize
248KB
-
memory/1288-69-0x0000000000380000-0x00000000003BE000-memory.dmpFilesize
248KB
-
memory/1288-67-0x0000000000380000-0x00000000003BE000-memory.dmpFilesize
248KB
-
memory/1288-71-0x0000000000380000-0x00000000003BE000-memory.dmpFilesize
248KB
-
memory/1288-73-0x0000000000380000-0x00000000003BE000-memory.dmpFilesize
248KB
-
memory/1288-75-0x0000000000380000-0x00000000003BE000-memory.dmpFilesize
248KB
-
memory/1288-85-0x0000000000380000-0x00000000003BE000-memory.dmpFilesize
248KB
-
memory/1288-83-0x0000000000380000-0x00000000003BE000-memory.dmpFilesize
248KB
-
memory/1288-81-0x0000000000380000-0x00000000003BE000-memory.dmpFilesize
248KB
-
memory/1288-91-0x0000000000380000-0x00000000003BE000-memory.dmpFilesize
248KB
-
memory/1288-89-0x0000000000380000-0x00000000003BE000-memory.dmpFilesize
248KB
-
memory/1288-95-0x0000000000380000-0x00000000003BE000-memory.dmpFilesize
248KB
-
memory/1288-93-0x0000000000380000-0x00000000003BE000-memory.dmpFilesize
248KB
-
memory/1288-87-0x0000000000380000-0x00000000003BE000-memory.dmpFilesize
248KB
-
memory/1288-79-0x0000000000380000-0x00000000003BE000-memory.dmpFilesize
248KB
-
memory/1288-77-0x0000000000380000-0x00000000003BE000-memory.dmpFilesize
248KB
-
memory/1288-101-0x0000000000380000-0x00000000003BE000-memory.dmpFilesize
248KB
-
memory/1288-99-0x0000000000380000-0x00000000003BE000-memory.dmpFilesize
248KB
-
memory/1288-97-0x0000000000380000-0x00000000003BE000-memory.dmpFilesize
248KB
-
memory/1288-102-0x0000000000380000-0x00000000003BE000-memory.dmpFilesize
248KB
-
memory/1288-103-0x0000000000400000-0x00000000011A0000-memory.dmpFilesize
13.6MB
-
memory/1288-104-0x0000000000400000-0x00000000011A0000-memory.dmpFilesize
13.6MB