283f195bad35cac6e9452c2791eaeb90d9cd6d506aa16c6505247e5be74aabf0

Analysis

max time kernel
24s
max time network
37s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
06-01-2023 08:23

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

hydrogen.exe
Size

128KB
MD5

efdd98ae7ba8aa1a457d6938d554e5bb
SHA1

5adc3d12792396b569bf024676636262bcd9c7ff
SHA256

283f195bad35cac6e9452c2791eaeb90d9cd6d506aa16c6505247e5be74aabf0
SHA512

6c1e6adfcf7416c153b8f57149d232bd3caecda0806369cb00131e0877559953041017a641f910e7360ddeb059e568c4c4bbbbed28ed902f80221a68f1bafae9
SSDEEP

3072:la0U9iSEZV1E2gK90lzIvJx1h9xgfHVpSIzM8ya9icI:lasSEZPEgGOFh9xgKIo

Score

6^/10

bootkit persistence

Malware Config

Signatures

Writes to the Master Boot Record (MBR) 1 TTPs 1 IoCs

Bootkits write to the MBR to gain persistence at a level below the operating system.

bootkit persistence

Bootkit

T1067

description	ioc	Process
File opened for modification	\??\PhysicalDrive0	hydrogen.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeTakeOwnershipPrivilege	2220	hydrogen.exe
Token: SeTakeOwnershipPrivilege	2220	hydrogen.exe
Token: SeTakeOwnershipPrivilege	2220	hydrogen.exe
Token: SeTakeOwnershipPrivilege	2220	hydrogen.exe
Token: SeTakeOwnershipPrivilege	2220	hydrogen.exe
Token: SeTakeOwnershipPrivilege	2220	hydrogen.exe
Token: SeTakeOwnershipPrivilege	2220	hydrogen.exe
Token: SeTakeOwnershipPrivilege	2220	hydrogen.exe
Token: SeTakeOwnershipPrivilege	2220	hydrogen.exe
Token: SeTakeOwnershipPrivilege	2220	hydrogen.exe
Token: SeTakeOwnershipPrivilege	2220	hydrogen.exe
Token: SeTakeOwnershipPrivilege	2220	hydrogen.exe
Token: SeTakeOwnershipPrivilege	2220	hydrogen.exe
Token: SeTakeOwnershipPrivilege	2220	hydrogen.exe
Token: SeTakeOwnershipPrivilege	2220	hydrogen.exe
Token: SeTakeOwnershipPrivilege	2220	hydrogen.exe
Token: SeTakeOwnershipPrivilege	2220	hydrogen.exe
Token: SeTakeOwnershipPrivilege	2220	hydrogen.exe
Token: SeTakeOwnershipPrivilege	2220	hydrogen.exe
Token: SeTakeOwnershipPrivilege	2220	hydrogen.exe
Token: SeTakeOwnershipPrivilege	2220	hydrogen.exe
Token: SeTakeOwnershipPrivilege	2220	hydrogen.exe
Token: SeTakeOwnershipPrivilege	2220	hydrogen.exe
Token: SeTakeOwnershipPrivilege	2220	hydrogen.exe
Token: SeTakeOwnershipPrivilege	2220	hydrogen.exe
Token: SeTakeOwnershipPrivilege	2220	hydrogen.exe
Token: SeTakeOwnershipPrivilege	2220	hydrogen.exe
Token: SeTakeOwnershipPrivilege	2220	hydrogen.exe
Token: SeTakeOwnershipPrivilege	2220	hydrogen.exe
Token: SeTakeOwnershipPrivilege	2220	hydrogen.exe
Token: SeTakeOwnershipPrivilege	2220	hydrogen.exe
Token: SeTakeOwnershipPrivilege	2220	hydrogen.exe
Token: SeTakeOwnershipPrivilege	2220	hydrogen.exe
Token: SeTakeOwnershipPrivilege	2220	hydrogen.exe
Token: SeTakeOwnershipPrivilege	2220	hydrogen.exe
Token: SeTakeOwnershipPrivilege	2220	hydrogen.exe
Token: SeTakeOwnershipPrivilege	2220	hydrogen.exe
Token: SeTakeOwnershipPrivilege	2220	hydrogen.exe
Token: SeTakeOwnershipPrivilege	2220	hydrogen.exe
Token: SeTakeOwnershipPrivilege	2220	hydrogen.exe
Token: SeTakeOwnershipPrivilege	2220	hydrogen.exe
Token: SeTakeOwnershipPrivilege	2220	hydrogen.exe
Token: SeTakeOwnershipPrivilege	2220	hydrogen.exe
Token: SeTakeOwnershipPrivilege	2220	hydrogen.exe
Token: SeTakeOwnershipPrivilege	2220	hydrogen.exe
Token: SeTakeOwnershipPrivilege	2220	hydrogen.exe
Token: SeTakeOwnershipPrivilege	2220	hydrogen.exe
Token: SeTakeOwnershipPrivilege	2220	hydrogen.exe
Token: SeTakeOwnershipPrivilege	2220	hydrogen.exe
Token: SeTakeOwnershipPrivilege	2220	hydrogen.exe
Token: SeTakeOwnershipPrivilege	2220	hydrogen.exe
Token: SeTakeOwnershipPrivilege	2220	hydrogen.exe
Token: SeTakeOwnershipPrivilege	2220	hydrogen.exe
Token: SeTakeOwnershipPrivilege	2220	hydrogen.exe
Token: SeTakeOwnershipPrivilege	2220	hydrogen.exe
Token: SeTakeOwnershipPrivilege	2220	hydrogen.exe
Token: SeTakeOwnershipPrivilege	2220	hydrogen.exe
Token: SeTakeOwnershipPrivilege	2220	hydrogen.exe
Token: SeTakeOwnershipPrivilege	2220	hydrogen.exe
Token: SeTakeOwnershipPrivilege	2220	hydrogen.exe
Token: SeTakeOwnershipPrivilege	2220	hydrogen.exe
Token: SeTakeOwnershipPrivilege	2220	hydrogen.exe
Token: SeTakeOwnershipPrivilege	2220	hydrogen.exe
Token: SeTakeOwnershipPrivilege	2220	hydrogen.exe

C:\Users\Admin\AppData\Local\Temp\hydrogen.exe
"C:\Users\Admin\AppData\Local\Temp\hydrogen.exe"
1⤵
- Writes to the Master Boot Record (MBR)
- Suspicious use of AdjustPrivilegeToken
PID:2220

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Bootkit

T1067

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads