Analysis
-
max time kernel
30s -
max time network
33s -
platform
windows7_x64 -
resource
win7-20230220-en -
resource tags
-
submitted
22/03/2023, 21:44
General
-
Target
b627fbdf2bd7432d05b174aa755cdc7adf26f554eb80325d7b413805e8f72230.exe
-
Size
1.7MB
-
MD5
36d7b01417ad4b875540ce25e299bbc5
-
SHA1
065065d6de36bb46d41c53dcc7c20df92a39172f
-
SHA256
b627fbdf2bd7432d05b174aa755cdc7adf26f554eb80325d7b413805e8f72230
-
SHA512
7355cdbe93693561f82148e2aecfae2fa2fa3fcd17c4ce1937f623e1b2d67a5d71f2bdacd20aebc1506723358919e19d076c33eaf3c3b094677a805a45a79a8a
-
SSDEEP
49152:zenXYUvoBk3PgfuNJc3GAd9H6nZzF0JdOIs/3Bcjc:CnXlo27AdVQ0OIsf24
Malware Config
Signatures
-
Loads dropped DLL 1 IoCs
-
UPX packed file 3 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Writes to the Master Boot Record (MBR) 1 TTPs 1 IoCs
Bootkits write to the MBR to gain persistence at a level below the operating system.
-
Suspicious behavior: EnumeratesProcesses 2 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\b627fbdf2bd7432d05b174aa755cdc7adf26f554eb80325d7b413805e8f72230.exe"C:\Users\Admin\AppData\Local\Temp\b627fbdf2bd7432d05b174aa755cdc7adf26f554eb80325d7b413805e8f72230.exe"1⤵
- Loads dropped DLL
- Writes to the Master Boot Record (MBR)
- Suspicious behavior: EnumeratesProcesses
Network
MITRE ATT&CK Enterprise v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
1KB
MD5980a840ae6e771f382fd187004323e83
SHA136b388e19905016509c71f7530be0beda57974b4
SHA256649d58ad8e0c9025ea95c4bb40e119794c81136a7185d03408f85c9490526d16
SHA512188a6e4f37fc3c57e2e0bf4cf1f356782a290f159c1cccfa0a233bd74d4f915955f6261f6fedb22a0f3aeee13be1d62b477bafbce36657bf25f2569814b60c9b
-
Filesize
427KB
MD568a34245c650829c613e9068bdc6f79d
SHA1f877ad637c2097915ba894fdccb1a596a52a726e
SHA256c72cc19b9ee4546378d22483d5cbe612805be585658df9d28677174b19c2b3bf
SHA5121c9181c1693f3fb4c3044f57f9113f1858cb709c56ea7beec1d41026c4a64070e221dcb61669fbdab63fc0669df24f4a126ea517a157a738b9a35d784cef9afe
-
Filesize
1.3MB
-
Filesize
1.3MB
-
Filesize
1.3MB