d0c55bd019a97e03f250b673a1c05938ea6a7090a20735f5b102a0cb7faed218

Analysis

max time kernel
150s
max time network
149s
platform
windows10-2004_x64
resource
win10v2004-20220901-en
resource tags

arch:x64arch:x86image:win10v2004-20220901-enlocale:en-usos:windows10-2004-x64system
submitted
06/12/2022, 17:44

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

d0c55bd019a97e03f250b673a1c05938ea6a7090a20735f5b102a0cb7faed218.exe
Size

281KB
MD5

c0a49bfab7b2e6123ab8ad2cfcc763f2
SHA1

d2b995119dd5b7ac7ac702bfb23e6e6f3b3da4d2
SHA256

d0c55bd019a97e03f250b673a1c05938ea6a7090a20735f5b102a0cb7faed218
SHA512

a8bb3ee8c46f71778547b5d24948235b0426b29a23cd23769a23f658ceb1edf55679dfbe87a2638b59018340c4a37d9905b366c1e7651500b138fc00d90a8a29
SSDEEP

6144:8QNobn63m2lLTTTMEDpjFjYAYnMpn5Cfs1B29XKwai+Vi+AZIV:zWbumoLHAapjFjYLucfiUKw67

Score

6^/10

bootkit persistence

Malware Config

Signatures

Writes to the Master Boot Record (MBR) 1 TTPs 1 IoCs

Bootkits write to the MBR to gain persistence at a level below the operating system.

bootkit persistence

Bootkit

T1067

description	ioc	Process
File opened for modification	\??\PhysicalDrive0	d0c55bd019a97e03f250b673a1c05938ea6a7090a20735f5b102a0cb7faed218.exe

C:\Users\Admin\AppData\Local\Temp\d0c55bd019a97e03f250b673a1c05938ea6a7090a20735f5b102a0cb7faed218.exe
"C:\Users\Admin\AppData\Local\Temp\d0c55bd019a97e03f250b673a1c05938ea6a7090a20735f5b102a0cb7faed218.exe"
1⤵
- Writes to the Master Boot Record (MBR)
PID:3368

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Bootkit

T1067

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

memory/3368-132-0x0000000000400000-0x000000000048F000-memory.dmp

Filesize
572KB

Download
memory/3368-133-0x0000000002F80000-0x000000000302A000-memory.dmp

Filesize
680KB

Download
memory/3368-188-0x0000000002F80000-0x000000000302A000-memory.dmp

Filesize
680KB

Download
memory/3368-190-0x0000000002F80000-0x000000000302A000-memory.dmp

Filesize
680KB

Download
memory/3368-194-0x0000000002F80000-0x000000000302A000-memory.dmp

Filesize
680KB

Download
memory/3368-203-0x0000000002F80000-0x000000000302A000-memory.dmp

Filesize
680KB

Download
memory/3368-318-0x0000000002F80000-0x000000000302A000-memory.dmp

Filesize
680KB

Download
memory/3368-450-0x0000000002F80000-0x000000000302A000-memory.dmp

Filesize
680KB

Download
memory/3368-454-0x0000000002F80000-0x000000000302A000-memory.dmp

Filesize
680KB

Download
memory/3368-462-0x0000000002F80000-0x000000000302A000-memory.dmp

Filesize
680KB

Download
memory/3368-465-0x0000000002F80000-0x000000000302A000-memory.dmp

Filesize
680KB

Download
memory/3368-468-0x0000000002F80000-0x000000000302A000-memory.dmp

Filesize
680KB

Download
memory/3368-471-0x0000000002F80000-0x000000000302A000-memory.dmp

Filesize
680KB

Download
memory/3368-616-0x0000000002F80000-0x000000000302A000-memory.dmp

Filesize
680KB

Download
memory/3368-625-0x0000000002F80000-0x000000000302A000-memory.dmp

Filesize
680KB

Download
memory/3368-627-0x0000000002F80000-0x000000000302A000-memory.dmp

Filesize
680KB

Download
memory/3368-634-0x0000000002F80000-0x000000000302A000-memory.dmp

Filesize
680KB

Download
memory/3368-646-0x0000000002F80000-0x000000000302A000-memory.dmp

Filesize
680KB

Download
memory/3368-806-0x0000000002F80000-0x000000000302A000-memory.dmp

Filesize
680KB

Download
memory/3368-820-0x0000000002F80000-0x000000000302A000-memory.dmp

Filesize
680KB

Download
memory/3368-824-0x0000000002F80000-0x000000000302A000-memory.dmp

Filesize
680KB

Download
memory/3368-828-0x0000000002F80000-0x000000000302A000-memory.dmp

Filesize
680KB

Download
memory/3368-940-0x0000000002F80000-0x000000000302A000-memory.dmp

Filesize
680KB

Download
memory/3368-1071-0x0000000002F80000-0x000000000302A000-memory.dmp

Filesize
680KB

Download
memory/3368-1155-0x0000000002F80000-0x000000000302A000-memory.dmp

Filesize
680KB

Download
memory/3368-1156-0x0000000002F80000-0x000000000302A000-memory.dmp

Filesize
680KB

Download
memory/3368-1157-0x0000000002F80000-0x000000000302A000-memory.dmp

Filesize
680KB

Download
memory/3368-1158-0x0000000002F80000-0x000000000302A000-memory.dmp

Filesize
680KB

Download
memory/3368-1159-0x0000000002F80000-0x000000000302A000-memory.dmp

Filesize
680KB

Download
memory/3368-1160-0x0000000002F80000-0x000000000302A000-memory.dmp

Filesize
680KB

Download
memory/3368-1161-0x0000000000400000-0x000000000048F000-memory.dmp

Filesize
572KB

Download