Overview

overview

7

Static

static

7

af60bbdd48...74.exe

windows7-x64

6

af60bbdd48...74.exe

windows10-2004-x64

6

Analysis

  • max time kernel
    145s
  • max time network
    33s
  • platform
    windows7_x64
  • resource
    win7-20230220-en
  • resource tags

    arch:x64arch:x86image:win7-20230220-enlocale:en-usos:windows7-x64system
  • submitted
    21-02-2023 20:20

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    af60bbdd48bc29c860fd9b69bb9a84a497320c0209a47cb470698e3f3bfa6574.exe

  • Size

    1.0MB

  • MD5

    9a1c42301e0c89e0f3966830aae9db0b

  • SHA1

    88b7a78444710b4f77884d6002dfc227e3c15cf4

  • SHA256

    af60bbdd48bc29c860fd9b69bb9a84a497320c0209a47cb470698e3f3bfa6574

  • SHA512

    838a4096a8333a19cf7a74febd373c786871ab580692a10a429e76a06a6818899228bfa233612628b30f9b1f36b245afae5028d9b26990536a36240c6678ca28

  • SSDEEP

    24576:+jR9uAcA1of1RHufOqa/W77t9yo5/ST0XN2kFStzb:+jTMA1WRHFqau3/5+0XN2kFe

Score
6/10
bootkitpersistence

Malware Config

Signatures

  • Writes to the Master Boot Record (MBR) 1 TTPs 1 IoCs

    Bootkits write to the MBR to gain persistence at a level below the operating system.

    bootkitpersistence

Processes

  • C:\Users\Admin\AppData\Local\Temp\af60bbdd48bc29c860fd9b69bb9a84a497320c0209a47cb470698e3f3bfa6574.exe
    "C:\Users\Admin\AppData\Local\Temp\af60bbdd48bc29c860fd9b69bb9a84a497320c0209a47cb470698e3f3bfa6574.exe"
    1⤵
    • Writes to the Master Boot Record (MBR)
    PID:824

Network

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Bootkit

1
T1067

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\!Setup.txt
    Filesize

    46B

    MD5

    d590fe3a8aa92f7559f53976449f5f08

    SHA1

    4ceb06c6b16a2247344a9d0764c4cbf1e806fb3b

    SHA256

    dbcc3fc2c3d5e35ae8bb48cd5c4b442f0bfcbc46b9d082369963a3b289fb99dd

    SHA512

    52e6367a7d73bcc67927cfc44f4311e1a5b1e7a3e5e0ce5410db59fbb35fb13508889fc31316f711b74fc48e33214416e873d06b29080a1dafc131fa231a02cc

    Download Submit
  • C:\Users\Admin\AppData\Local\Temp\!Setup.txt
    Filesize

    11KB

    MD5

    745cf4147a01c43a7e662de9f89ff47b

    SHA1

    5736abce0e156aa3894f9a91aa9c8c509e994afb

    SHA256

    e705bff8c83c09163220803d0dea42c5e22ab26b27a9f6c4831a4cbbe63db73a

    SHA512

    445c4f74d4f3019053e0e08211d752a965b811c2b10ca73c785967b85461aabd95bde8112cdc931423d94432d57d2d421aa0ee6ceddfa86ab175d6cb585b4129

    Download Submit
  • C:\Users\Admin\AppData\Local\Temp\!Setup.txt
    Filesize

    31KB

    MD5

    307aa31ee4eff3f27208ed73c6d6ab90

    SHA1

    bf7c9facf1111f2372331519d4f83245442a9307

    SHA256

    cf39ca99318dbb194b631c73f454ec0eb3f2c290bf1eae9db5f777a7c360f6ff

    SHA512

    0ce449b46da2f57f405f1da8540255349f48d02f224b850f3dd104355c77eb14b1f6c95cd345d7f56f860bb095700e1692c8303b585a598ac58d51d5136f1e0c

    Download Submit
  • C:\Users\Admin\AppData\Local\Temp\Command.ini
    Filesize

    5KB

    MD5

    5571e8bfa2dc900ae975d2729c3e5775

    SHA1

    a22308f04e136af5f6414210d2bd0a8a071607e1

    SHA256

    b8041319bf3321a4d8e1eda108a5ac1fc0848e18c1e0c2e73fd43349a1121f07

    SHA512

    178218e1c98391f49e356bb5296d328ae78acdad8fd7cda1c18f5e781e77d1de629b7ab2461e7fabcb099ce4bab895244576fee1689bae6f570263a8fe50db7f

    Download Submit
  • C:\Users\Admin\AppData\Local\Temp\Command.ini
    Filesize

    6KB

    MD5

    995b8a5fd46f50a5a9ac3151e4104aab

    SHA1

    beb7338e55e6caa5ab3c03b540d12544e176e0be

    SHA256

    f99900aa9bfb56964da7bc6b40c26eeff7a300e233b302ef1d05c724714b0ab2

    SHA512

    f523c61ad4b4597c66838a5c53334e8223a997687f86b0e8b8253854dfe06bffb0a0feb0662f76690692613971b609b41fb3d1915cecec8f115b8e642137e651

    Download Submit
  • C:\Users\Admin\AppData\Local\Temp\Command.ini
    Filesize

    1KB

    MD5

    d95bb49a38797691b03e19d234231f7e

    SHA1

    3479028002875613af5f9d01b00b485ad3c9b928

    SHA256

    e7dd273af6add9a7dc24f296ccff1c8317582599bcafe7f001d25471ed76bb55

    SHA512

    de690c2aaaef4686d079fb4813cb74bf6f4c0654bc128882a9b315713b2aac9ae98571a2e8274fdafa48122018ad48e48f3b2e55892755dad70998cd3efa8bbf

    Download Submit
  • C:\Users\Admin\AppData\Local\Temp\Command.ini
    MD5

    d41d8cd98f00b204e9800998ecf8427e

    SHA1

    da39a3ee5e6b4b0d3255bfef95601890afd80709

    SHA256

    e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

    SHA512

    cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

    Download Submit
  • C:\Users\Admin\AppData\Local\Temp\Exps.ini
    Filesize

    3KB

    MD5

    6bc053231a87210c2908a870b0fe144b

    SHA1

    956f6355f4e09992fc4f07ba25a3fa7ac13024d1

    SHA256

    b8720adbfbae359428cdfedcf9b00e1c4e043622c9bd4763430a077ea44b87dd

    SHA512

    d328c76bcf2b4ad6d6db2e814881a1d2b03fa081357593a5550afc10a96b59e88451ef87590469d15490a1a5c27ebec93977a1341fedc469c2f53875c419de2f

    Download Submit
  • C:\Users\Admin\AppData\Local\Temp\Exps.ini
    Filesize

    3KB

    MD5

    6bc053231a87210c2908a870b0fe144b

    SHA1

    956f6355f4e09992fc4f07ba25a3fa7ac13024d1

    SHA256

    b8720adbfbae359428cdfedcf9b00e1c4e043622c9bd4763430a077ea44b87dd

    SHA512

    d328c76bcf2b4ad6d6db2e814881a1d2b03fa081357593a5550afc10a96b59e88451ef87590469d15490a1a5c27ebec93977a1341fedc469c2f53875c419de2f

    Download Submit
  • C:\Users\Admin\AppData\Local\Temp\Exps.ini
    Filesize

    4KB

    MD5

    72499770dea53d3ca0558bb6c82d026d

    SHA1

    e610129c95487f6915cdb52d592e2981deacebda

    SHA256

    b60e8b601e184806273bd5ddeec8426409365e6e410c6543c4a79d8a75831172

    SHA512

    f83ac4e387d7d7aeedb9b3543f7b569c642702102ab423e8eb58e91e709f9dce358cfcfb399fe74c7056d5331dc5f6975785df54707014118cbe4df36111b94f

    Download Submit
  • C:\Users\Admin\AppData\Local\Temp\String.ini
    Filesize

    1KB

    MD5

    b489d6f05fd68dccdcf426d7c1823dd3

    SHA1

    36763c7c1798c8d44ab2ab6199a0e3bdb6a9e360

    SHA256

    2d5185c4ac46a2606152058bbd67685757c68f70071a25c19d395e9dff69f78a

    SHA512

    b8dde8185177d0062922f21484dd9f027769771df1389670911f53349392ee84ec4eb31327177b11043f2a7d5a8ba21f70c384372379ee81197343dc2449d419

    Download Submit
  • C:\Users\Admin\AppData\Local\Temp\String.ini
    Filesize

    4KB

    MD5

    de3fbd9ef4636307a529a35e53db707e

    SHA1

    317540044b3f0c11a6eada7023482dc2ef5f2eaf

    SHA256

    355e5cdd1fd6e6319c600dd81f0c068b311f9e04fa50e3b1f3d9721d03a51785

    SHA512

    2ab5584787db70f93549e6ea36d954073c4627832416ce7ab0135b68b1ed4f224e209aba0996e250daba3b9681347721e44338b18391c14e736508d723571ad1

    Download Submit
  • C:\Users\Admin\AppData\Local\Temp\String.ini
    Filesize

    1KB

    MD5

    b489d6f05fd68dccdcf426d7c1823dd3

    SHA1

    36763c7c1798c8d44ab2ab6199a0e3bdb6a9e360

    SHA256

    2d5185c4ac46a2606152058bbd67685757c68f70071a25c19d395e9dff69f78a

    SHA512

    b8dde8185177d0062922f21484dd9f027769771df1389670911f53349392ee84ec4eb31327177b11043f2a7d5a8ba21f70c384372379ee81197343dc2449d419

    Download Submit
  • memory/824-8797-0x0000000000400000-0x000000000079E000-memory.dmp
    Filesize

    3.6MB

    Download
  • memory/824-8821-0x0000000000400000-0x000000000079E000-memory.dmp
    Filesize

    3.6MB

    Download
  • memory/824-8747-0x0000000000400000-0x000000000079E000-memory.dmp
    Filesize

    3.6MB

    Download
  • memory/824-8759-0x0000000000400000-0x000000000079E000-memory.dmp
    Filesize

    3.6MB

    Download
  • memory/824-8760-0x0000000000220000-0x0000000000221000-memory.dmp
    Filesize

    4KB

    Download
  • memory/824-8772-0x0000000000400000-0x000000000079E000-memory.dmp
    Filesize

    3.6MB

    Download
  • memory/824-8784-0x0000000000400000-0x000000000079E000-memory.dmp
    Filesize

    3.6MB

    Download
  • memory/824-2971-0x0000000000220000-0x0000000000221000-memory.dmp
    Filesize

    4KB

    Download
  • memory/824-8809-0x0000000000400000-0x000000000079E000-memory.dmp
    Filesize

    3.6MB

    Download
  • memory/824-1340-0x0000000000400000-0x000000000079E000-memory.dmp
    Filesize

    3.6MB

    Download
  • memory/824-8833-0x0000000000400000-0x000000000079E000-memory.dmp
    Filesize

    3.6MB

    Download
  • memory/824-8845-0x0000000000400000-0x000000000079E000-memory.dmp
    Filesize

    3.6MB

    Download
  • memory/824-8857-0x0000000000400000-0x000000000079E000-memory.dmp
    Filesize

    3.6MB

    Download
  • memory/824-8869-0x0000000000400000-0x000000000079E000-memory.dmp
    Filesize

    3.6MB

    Download
  • memory/824-8881-0x0000000000400000-0x000000000079E000-memory.dmp
    Filesize

    3.6MB

    Download
  • memory/824-8893-0x0000000000400000-0x000000000079E000-memory.dmp
    Filesize

    3.6MB

    Download
  • memory/824-8905-0x0000000000400000-0x000000000079E000-memory.dmp
    Filesize

    3.6MB

    Download