9863810288b859ab409fef7d079966b55391181194465c1242bd62c95de582ed | Triage

Submit
Reports

Overview

overview

8

Static

static

1

9863810288...ed.exe

windows7-x64

8

9863810288...ed.exe

windows10-2004-x64

8

Sharing

General

Target

9863810288b859ab409fef7d079966b55391181194465c1242bd62c95de582ed
Size

596KB
Sample

221204-gb9vvsbb94
MD5

18ee5f00933f9f9d88b03b0434d51419
SHA1

65ec87ab6092870264427de586819495bb12b9dc
SHA256

9863810288b859ab409fef7d079966b55391181194465c1242bd62c95de582ed
SHA512

b01bbacdb60f52dcf28af7d3049de6d6bf7d44b5f3de167350ab32188dbccba5281451971d8fb512ec4c9ff1cb22742daa1f094b5af6e5580ae382972840c06b
SSDEEP

12288:t9T9h92AH0dOKrl7gGEvofiRz9QE+gd1m2UgMFA+l0IPIM:tV9hILcQgtJ/QEVgZr

Score

8^/10

bootkit discovery persistence

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

9863810288b859ab409fef7d079966b55391181194465c1242bd62c95de582ed.exe

Resource

win7-20221111-en

bootkit discovery persistence

windows7-x64

15 signatures

150 seconds

Behavioral task

behavioral2

Sample

9863810288b859ab409fef7d079966b55391181194465c1242bd62c95de582ed.exe

Resource

win10v2004-20221111-en

bootkit discovery persistence

windows10-2004-x64

17 signatures

150 seconds

Malware Config

Targets

- Target
  
  9863810288b859ab409fef7d079966b55391181194465c1242bd62c95de582ed
- Size
  
  596KB
- MD5
  
  18ee5f00933f9f9d88b03b0434d51419
- SHA1
  
  65ec87ab6092870264427de586819495bb12b9dc
- SHA256
  
  9863810288b859ab409fef7d079966b55391181194465c1242bd62c95de582ed
- SHA512
  
  b01bbacdb60f52dcf28af7d3049de6d6bf7d44b5f3de167350ab32188dbccba5281451971d8fb512ec4c9ff1cb22742daa1f094b5af6e5580ae382972840c06b
- SSDEEP
  
  12288:t9T9h92AH0dOKrl7gGEvofiRz9QE+gd1m2UgMFA+l0IPIM:tV9hILcQgtJ/QEVgZr
Score

8^/10

bootkit discovery persistence
- Executes dropped EXE
- Drops startup file
- Loads dropped DLL
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Writes to the Master Boot Record (MBR)
  Bootkits write to the MBR to gain persistence at a level below the operating system.
  bootkit persistence
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Bootkit

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

bootkitdiscoverypersistence

behavioral2

bootkitdiscoverypersistence

© 2018-2024

Terms | Privacy