14f3aa7a57e22c80435145fe40f6f52aa8f2680425bb48b79285bb98be187053 | Triage

Submit
Reports

Overview

overview

7

Static

static

e-ticket.scr

windows7-x64

7

e-ticket.scr

windows10-2004-x64

7

Sharing

Copy URL Twitter E-mail

General

Target

14f3aa7a57e22c80435145fe40f6f52aa8f2680425bb48b79285bb98be187053
Size

441KB
Sample

221128-b8hjzsah3y
MD5

db672defe60d504c340748c0d4ff099d
SHA1

7abdfd8b813fe512d7b15ab896fd0d543d84eb90
SHA256

14f3aa7a57e22c80435145fe40f6f52aa8f2680425bb48b79285bb98be187053
SHA512

4fbcb0235e27ba96018fd1a6ee66975a0db6ca91f3011f20f8a3c46ff2a8220221e42a98b1bf1e0496464800c6c6a04fc077d90ee9cc050d0f109d9b37a76ea4
SSDEEP

12288:Kk6NFWBKi84kufU39MXftbBCORdvktkv1LprQHJEZtbLwGqPsgKy4:ANovBkufbPtbBxstkv1LprPLdYsgd4

Score

7^/10

bootkit persistence

Static task

static1

Behavioral task

behavioral1

Sample

e-ticket.scr

Resource

win7-20220812-en

windows7-x64

9 signatures

150 seconds

Behavioral task

behavioral2

Sample

e-ticket.scr

Resource

win10v2004-20220812-en

bootkit persistence

windows10-2004-x64

13 signatures

150 seconds

Malware Config

Targets

- Target
  
  e-ticket.scr
- Size
  
  610KB
- MD5
  
  aa11dfd8b7f848595d4252db8f31ca05
- SHA1
  
  dc333aac83e4d3586bdf030bc81ba51e96ac6499
- SHA256
  
  b685bb88cef526f9f7360d44455305603fbe15e9076f202877d9e6ba7628896c
- SHA512
  
  628bda240bfd73de4d6b268df462a85160f7b50f9cfd962f0d6fac0c67afa7bb42df6509649a8142e588c7316b84c41bc77d37677a696be64080545f265ecaa8
- SSDEEP
  
  12288:ZZ4DjeEs3opA/7QQ5BYLNLlNYp63xdusjHXNGxOFrZHU04B2BgL+:T4U/7QQPYd2ECsrXN+0mPDa
Score

7^/10

persistence bootkit
- Deletes itself
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Writes to the Master Boot Record (MBR)
  Bootkits write to the MBR to gain persistence at a level below the operating system.
  bootkit persistence
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Bootkit

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

bootkitpersistence

© 2018-2025

Terms | Privacy