e5b84ca41fb3fad769a813ce66abe424c6995ede2450b57407d717e5f47830b0

Analysis

max time kernel
43s
max time network
49s
platform
windows7_x64
resource
win7-20220901-en
resource tags

arch:x64arch:x86image:win7-20220901-enlocale:en-usos:windows7-x64system
submitted
29-11-2022 21:08

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

e5b84ca41fb3fad769a813ce66abe424c6995ede2450b57407d717e5f47830b0.exe
Size

3.6MB
MD5

fad1658fcca8cc6f8bf175f7a97df972
SHA1

1763b7b88ec330f101977192930058480cc6b6ae
SHA256

e5b84ca41fb3fad769a813ce66abe424c6995ede2450b57407d717e5f47830b0
SHA512

bbccf9bacdd1d25e2817551310b425e16f5185e7702331c6cc8a6dcf967426d0c4eee9c0f0dd4fedb126221885578eb4be2b5d6d57d8e65a1acf89221424f36d
SSDEEP

98304:X+pDaYlIjefFggxzvwn5hmdeEi3MEatfPCjs+sC37/QMU:upDPXggx85LEi3MEEqjs+8

Score

6^/10

bootkit persistence

Malware Config

Signatures

Writes to the Master Boot Record (MBR) 1 TTPs 1 IoCs
Bootkits write to the MBR to gain persistence at a level below the operating system.
bootkit persistence

Bootkit
T1067

Processes:

e5b84ca41fb3fad769a813ce66abe424c6995ede2450b57407d717e5f47830b0.exe

description ioc process

File opened for modification \??\PhysicalDrive0 e5b84ca41fb3fad769a813ce66abe424c6995ede2450b57407d717e5f47830b0.exe

description	ioc	process
File opened for modification	\??\PhysicalDrive0	e5b84ca41fb3fad769a813ce66abe424c6995ede2450b57407d717e5f47830b0.exe

Suspicious use of NtSetInformationThreadHideFromDebugger 5 IoCs

Processes:

e5b84ca41fb3fad769a813ce66abe424c6995ede2450b57407d717e5f47830b0.exe

pid	process
1104	e5b84ca41fb3fad769a813ce66abe424c6995ede2450b57407d717e5f47830b0.exe
1104	e5b84ca41fb3fad769a813ce66abe424c6995ede2450b57407d717e5f47830b0.exe
1104	e5b84ca41fb3fad769a813ce66abe424c6995ede2450b57407d717e5f47830b0.exe
1104	e5b84ca41fb3fad769a813ce66abe424c6995ede2450b57407d717e5f47830b0.exe
1104	e5b84ca41fb3fad769a813ce66abe424c6995ede2450b57407d717e5f47830b0.exe

Suspicious use of SetWindowsHookEx 2 IoCs

Processes:

e5b84ca41fb3fad769a813ce66abe424c6995ede2450b57407d717e5f47830b0.exe

pid	process
1104	e5b84ca41fb3fad769a813ce66abe424c6995ede2450b57407d717e5f47830b0.exe
1104	e5b84ca41fb3fad769a813ce66abe424c6995ede2450b57407d717e5f47830b0.exe

C:\Users\Admin\AppData\Local\Temp\e5b84ca41fb3fad769a813ce66abe424c6995ede2450b57407d717e5f47830b0.exe
"C:\Users\Admin\AppData\Local\Temp\e5b84ca41fb3fad769a813ce66abe424c6995ede2450b57407d717e5f47830b0.exe"
1⤵
- Writes to the Master Boot Record (MBR)
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious use of SetWindowsHookEx
PID:1104

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Bootkit

T1067

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1104-54-0x0000000075BB1000-0x0000000075BB3000-memory.dmp

Filesize
8KB

Download
memory/1104-55-0x0000000000400000-0x0000000000910000-memory.dmp

Filesize
5.1MB

Download
memory/1104-57-0x0000000076F30000-0x0000000076F77000-memory.dmp

Filesize
284KB

Download
memory/1104-464-0x0000000002830000-0x0000000002941000-memory.dmp

Filesize
1.1MB

Download
memory/1104-465-0x0000000002830000-0x0000000002941000-memory.dmp

Filesize
1.1MB

Download
memory/1104-466-0x0000000002830000-0x0000000002941000-memory.dmp

Filesize
1.1MB

Download
memory/1104-468-0x0000000002830000-0x0000000002941000-memory.dmp

Filesize
1.1MB

Download
memory/1104-467-0x0000000002830000-0x0000000002941000-memory.dmp

Filesize
1.1MB

Download
memory/1104-470-0x0000000002830000-0x0000000002941000-memory.dmp

Filesize
1.1MB

Download
memory/1104-469-0x0000000002830000-0x0000000002941000-memory.dmp

Filesize
1.1MB

Download
memory/1104-471-0x0000000002830000-0x0000000002941000-memory.dmp

Filesize
1.1MB

Download
memory/1104-472-0x0000000002830000-0x0000000002941000-memory.dmp

Filesize
1.1MB

Download
memory/1104-474-0x0000000002830000-0x0000000002941000-memory.dmp

Filesize
1.1MB

Download
memory/1104-473-0x0000000002830000-0x0000000002941000-memory.dmp

Filesize
1.1MB

Download
memory/1104-475-0x0000000002830000-0x0000000002941000-memory.dmp

Filesize
1.1MB

Download
memory/1104-476-0x0000000002830000-0x0000000002941000-memory.dmp

Filesize
1.1MB

Download
memory/1104-480-0x0000000002830000-0x0000000002941000-memory.dmp

Filesize
1.1MB

Download
memory/1104-481-0x0000000002830000-0x0000000002941000-memory.dmp

Filesize
1.1MB

Download
memory/1104-482-0x0000000002830000-0x0000000002941000-memory.dmp

Filesize
1.1MB

Download
memory/1104-484-0x0000000002830000-0x0000000002941000-memory.dmp

Filesize
1.1MB

Download
memory/1104-485-0x0000000002830000-0x0000000002941000-memory.dmp

Filesize
1.1MB

Download
memory/1104-486-0x0000000002830000-0x0000000002941000-memory.dmp

Filesize
1.1MB

Download
memory/1104-487-0x0000000002830000-0x0000000002941000-memory.dmp

Filesize
1.1MB

Download
memory/1104-483-0x0000000002830000-0x0000000002941000-memory.dmp

Filesize
1.1MB

Download
memory/1104-479-0x0000000002830000-0x0000000002941000-memory.dmp

Filesize
1.1MB

Download
memory/1104-478-0x0000000002830000-0x0000000002941000-memory.dmp

Filesize
1.1MB

Download
memory/1104-477-0x0000000002830000-0x0000000002941000-memory.dmp

Filesize
1.1MB

Download
memory/1104-488-0x0000000002830000-0x0000000002941000-memory.dmp

Filesize
1.1MB

Download
memory/1104-489-0x0000000002830000-0x0000000002941000-memory.dmp

Filesize
1.1MB

Download
memory/1104-490-0x0000000002830000-0x0000000002941000-memory.dmp

Filesize
1.1MB

Download
memory/1104-491-0x0000000002830000-0x0000000002941000-memory.dmp

Filesize
1.1MB

Download
memory/1104-492-0x0000000002830000-0x0000000002941000-memory.dmp

Filesize
1.1MB

Download
memory/1104-494-0x0000000002830000-0x0000000002941000-memory.dmp

Filesize
1.1MB

Download
memory/1104-493-0x0000000002830000-0x0000000002941000-memory.dmp

Filesize
1.1MB

Download
memory/1104-496-0x0000000002830000-0x0000000002941000-memory.dmp

Filesize
1.1MB

Download
memory/1104-495-0x0000000002830000-0x0000000002941000-memory.dmp

Filesize
1.1MB

Download
memory/1104-497-0x0000000002830000-0x0000000002941000-memory.dmp

Filesize
1.1MB

Download
memory/1104-498-0x0000000002830000-0x0000000002941000-memory.dmp

Filesize
1.1MB

Download
memory/1104-499-0x0000000002830000-0x0000000002941000-memory.dmp

Filesize
1.1MB

Download
memory/1104-500-0x0000000002830000-0x0000000002941000-memory.dmp

Filesize
1.1MB

Download
memory/1104-505-0x0000000002830000-0x0000000002941000-memory.dmp

Filesize
1.1MB

Download
memory/1104-506-0x0000000002830000-0x0000000002941000-memory.dmp

Filesize
1.1MB

Download
memory/1104-504-0x0000000002830000-0x0000000002941000-memory.dmp

Filesize
1.1MB

Download
memory/1104-507-0x0000000002830000-0x0000000002941000-memory.dmp

Filesize
1.1MB

Download
memory/1104-503-0x0000000002830000-0x0000000002941000-memory.dmp

Filesize
1.1MB

Download
memory/1104-509-0x0000000002830000-0x0000000002941000-memory.dmp

Filesize
1.1MB

Download
memory/1104-510-0x0000000002830000-0x0000000002941000-memory.dmp

Filesize
1.1MB

Download
memory/1104-512-0x0000000002830000-0x0000000002941000-memory.dmp

Filesize
1.1MB

Download
memory/1104-513-0x0000000002830000-0x0000000002941000-memory.dmp

Filesize
1.1MB

Download
memory/1104-516-0x0000000002830000-0x0000000002941000-memory.dmp

Filesize
1.1MB

Download
memory/1104-517-0x0000000002830000-0x0000000002941000-memory.dmp

Filesize
1.1MB

Download
memory/1104-518-0x0000000002830000-0x0000000002941000-memory.dmp

Filesize
1.1MB

Download
memory/1104-519-0x0000000002830000-0x0000000002941000-memory.dmp

Filesize
1.1MB

Download
memory/1104-522-0x0000000002830000-0x0000000002941000-memory.dmp

Filesize
1.1MB

Download
memory/1104-521-0x0000000002830000-0x0000000002941000-memory.dmp

Filesize
1.1MB

Download
memory/1104-524-0x0000000002830000-0x0000000002941000-memory.dmp

Filesize
1.1MB

Download
memory/1104-525-0x0000000002830000-0x0000000002941000-memory.dmp

Filesize
1.1MB

Download
memory/1104-523-0x0000000002830000-0x0000000002941000-memory.dmp

Filesize
1.1MB

Download
memory/1104-520-0x0000000002830000-0x0000000002941000-memory.dmp

Filesize
1.1MB

Download
memory/1104-515-0x0000000002830000-0x0000000002941000-memory.dmp

Filesize
1.1MB

Download
memory/1104-514-0x0000000002830000-0x0000000002941000-memory.dmp

Filesize
1.1MB

Download
memory/1104-511-0x0000000002830000-0x0000000002941000-memory.dmp

Filesize
1.1MB

Download
memory/1104-508-0x0000000002830000-0x0000000002941000-memory.dmp

Filesize
1.1MB

Download
memory/1104-502-0x0000000002830000-0x0000000002941000-memory.dmp

Filesize
1.1MB

Download
memory/1104-501-0x0000000002830000-0x0000000002941000-memory.dmp

Filesize
1.1MB

Download
memory/1104-1476-0x0000000002440000-0x0000000002540000-memory.dmp

Filesize
1024KB

Download
memory/1104-1478-0x0000000002580000-0x0000000002701000-memory.dmp

Filesize
1.5MB

Download
memory/1104-4359-0x0000000002440000-0x0000000002540000-memory.dmp

Filesize
1024KB

Download
memory/1104-4360-0x0000000002830000-0x0000000002941000-memory.dmp

Filesize
1.1MB

Download
memory/1104-4367-0x0000000000400000-0x0000000000910000-memory.dmp

Filesize
5.1MB

Download
memory/1104-4368-0x0000000002710000-0x0000000002811000-memory.dmp

Filesize
1.0MB

Download
memory/1104-4369-0x0000000000400000-0x0000000000910000-memory.dmp

Filesize
5.1MB

Download