Overview

overview

6

Static

static

bootdata.exe

windows10-2004-x64

6

Analysis

  • max time kernel
    62s
  • max time network
    68s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20220901-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20220901-enlocale:en-usos:windows10-2004-x64system
  • submitted
    06-12-2022 01:31

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    bootdata.exe

  • Size

    8KB

  • MD5

    0a78174420568e5aff0b81ec0050deef

  • SHA1

    5acead5f8cd93ad5dbf7dd3044d82f1d937aab5f

  • SHA256

    8413c7496ca732666d112ca9d565560a8563b4a1614e8eeeeade360156604e0b

  • SHA512

    49a0a19d2fa3dd09d822fbb46c0bf8cb55c7a2a75a997b25949b5a343586a27c0fb2113718edcf7d32643e48df6554c5e4d3ba288dd459f1f0c8d649460834e8

  • SSDEEP

    192:EqK0Y1xMew6EjI6b08a7W2f5tgN1eo2Ypv:EqKwTk67a7W2I2Ypv

Score
6/10
bootkitpersistence

Malware Config

Signatures

  • Writes to the Master Boot Record (MBR) 1 TTPs 2 IoCs

    Bootkits write to the MBR to gain persistence at a level below the operating system.

    bootkitpersistence

Processes

  • C:\Users\Admin\AppData\Local\Temp\bootdata.exe
    "C:\Users\Admin\AppData\Local\Temp\bootdata.exe"
    1⤵
    • Writes to the Master Boot Record (MBR)
    PID:4060
  • C:\Windows\System32\rundll32.exe
    C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
    1⤵
      PID:2044
    • C:\Users\Admin\AppData\Local\Temp\bootdata.exe
      "C:\Users\Admin\AppData\Local\Temp\bootdata.exe"
      1⤵
      • Writes to the Master Boot Record (MBR)
      PID:4756

    Network

    MITRE ATT&CK Matrix ATT&CK v6

    Initial Access

    Execution

    Persistence

    Bootkit

    1
    T1067

    Privilege Escalation

    Defense Evasion

    Credential Access

    Discovery

    Lateral Movement

    Collection

    Exfiltration

    Command and Control

    Impact

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • memory/4060-135-0x0000000000400000-0x000000000040A000-memory.dmp
      Filesize

      40KB

      Download
    • memory/4756-136-0x0000000000400000-0x000000000040A000-memory.dmp
      Filesize

      40KB

      Download
    • memory/4756-137-0x0000000000400000-0x000000000040A000-memory.dmp
      Filesize

      40KB

      Download