2992f676851f6952a2d320102af62a190efb24a9a9946c1f777f69f389e5afe1 | Triage

Submit
Reports

Overview

overview

8

Static

static

2992f67685...e1.exe

windows7-x64

8

2992f67685...e1.exe

windows10-2004-x64

8

Sharing

General

Target

2992f676851f6952a2d320102af62a190efb24a9a9946c1f777f69f389e5afe1
Size

846KB
Sample

221127-t3kq9sbh92
MD5

7cfdc65f4feb349feb8e0024604e1313
SHA1

0acf2ee8a5cfe9d6f1dec5a0aed15bee45746527
SHA256

2992f676851f6952a2d320102af62a190efb24a9a9946c1f777f69f389e5afe1
SHA512

34fa60c4625424658798c056a6a748d33f911895ef1fb4a743e0b9441afb27bb320e2cf38a0d9dac434b9d0eff0fccec5deebf38f1457593a6d708b7fe4ff90d
SSDEEP

24576:yws5IlKswgKNn0bVPi8zPsPy2Hhc+2w2fMQdxN:ydIF+0bM8z0JHu9b/

Score

8^/10

bootkit persistence

Static task

static1

Behavioral task

behavioral1

Sample

2992f676851f6952a2d320102af62a190efb24a9a9946c1f777f69f389e5afe1.exe

Resource

win7-20220901-en

bootkit persistence

windows7-x64

12 signatures

150 seconds

Behavioral task

behavioral2

Sample

2992f676851f6952a2d320102af62a190efb24a9a9946c1f777f69f389e5afe1.exe

Resource

win10v2004-20220812-en

bootkit persistence

windows10-2004-x64

17 signatures

150 seconds

Malware Config

Targets

- Target
  
  2992f676851f6952a2d320102af62a190efb24a9a9946c1f777f69f389e5afe1
- Size
  
  846KB
- MD5
  
  7cfdc65f4feb349feb8e0024604e1313
- SHA1
  
  0acf2ee8a5cfe9d6f1dec5a0aed15bee45746527
- SHA256
  
  2992f676851f6952a2d320102af62a190efb24a9a9946c1f777f69f389e5afe1
- SHA512
  
  34fa60c4625424658798c056a6a748d33f911895ef1fb4a743e0b9441afb27bb320e2cf38a0d9dac434b9d0eff0fccec5deebf38f1457593a6d708b7fe4ff90d
- SSDEEP
  
  24576:yws5IlKswgKNn0bVPi8zPsPy2Hhc+2w2fMQdxN:ydIF+0bM8z0JHu9b/
Score

8^/10

bootkit persistence
- Executes dropped EXE
- Modifies Installed Components in the registry
  persistence
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
- Writes to the Master Boot Record (MBR)
  Bootkits write to the MBR to gain persistence at a level below the operating system.
  bootkit persistence
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Bootkit

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

Peripheral Device Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

bootkitpersistence

behavioral2

bootkitpersistence

© 2018-2024

Terms | Privacy