Analysis
-
max time kernel
141s -
max time network
30s -
platform
windows7_x64 -
resource
win7-20230220-en -
resource tags
-
submitted
27-03-2023 03:11
General
-
Target
97b2ba1c6b87912a0216f180f6549de500e221e519d6630ddfdb31aba6fd2356.exe
-
Size
860KB
-
MD5
a82035d58cf5de9a1d7177ebbacbc66f
-
SHA1
b40ffc1f18aefbc5a91a05d71498091c399b4b2f
-
SHA256
97b2ba1c6b87912a0216f180f6549de500e221e519d6630ddfdb31aba6fd2356
-
SHA512
2644c7cb42b7dba05d8059f10301d4e83477e128cf011122675959259d2f52c8af98a10c181e69b34fedffc75031bd43efa4b473c32c5caa7f9d2354148b546c
-
SSDEEP
24576:sEhBGLgmagzIXdVZ3fD/X/9KRHOQUiQUmCBRVt:sURljN3D/Y0QUiQUtBR3
Score
6/10
Malware Config
Signatures
-
Writes to the Master Boot Record (MBR) 1 TTPs 1 IoCs
Bootkits write to the MBR to gain persistence at a level below the operating system.
-
Suspicious use of SetWindowsHookEx 1 IoCs
-
Suspicious use of WriteProcessMemory 4 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\97b2ba1c6b87912a0216f180f6549de500e221e519d6630ddfdb31aba6fd2356.exe"C:\Users\Admin\AppData\Local\Temp\97b2ba1c6b87912a0216f180f6549de500e221e519d6630ddfdb31aba6fd2356.exe"1⤵
- Writes to the Master Boot Record (MBR)
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /C C:\Users\Admin\AppData\Local\Temp\~RomDmp1RomDump.com > C:\Users\Admin\AppData\Local\Temp\~RomDmp1Rom.dmp2⤵
Network
MITRE ATT&CK Matrix ATT&CK v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/1388-57-0x0000000000220000-0x0000000000221000-memory.dmpFilesize
4KB
-
memory/1388-58-0x0000000000400000-0x00000000004CF000-memory.dmpFilesize
828KB