Overview

overview

6

Static

static

1

97b2ba1c6b...56.exe

windows7-x64

6

97b2ba1c6b...56.exe

windows10-2004-x64

6

Analysis

  • max time kernel
    141s
  • max time network
    128s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20230220-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system
  • submitted
    27-03-2023 03:11

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    97b2ba1c6b87912a0216f180f6549de500e221e519d6630ddfdb31aba6fd2356.exe

  • Size

    860KB

  • MD5

    a82035d58cf5de9a1d7177ebbacbc66f

  • SHA1

    b40ffc1f18aefbc5a91a05d71498091c399b4b2f

  • SHA256

    97b2ba1c6b87912a0216f180f6549de500e221e519d6630ddfdb31aba6fd2356

  • SHA512

    2644c7cb42b7dba05d8059f10301d4e83477e128cf011122675959259d2f52c8af98a10c181e69b34fedffc75031bd43efa4b473c32c5caa7f9d2354148b546c

  • SSDEEP

    24576:sEhBGLgmagzIXdVZ3fD/X/9KRHOQUiQUmCBRVt:sURljN3D/Y0QUiQUtBR3

Score
6/10
bootkitpersistence

Malware Config

Signatures

  • Writes to the Master Boot Record (MBR) 1 TTPs 1 IoCs

    Bootkits write to the MBR to gain persistence at a level below the operating system.

    bootkitpersistence
  • Suspicious use of SetWindowsHookEx 1 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\97b2ba1c6b87912a0216f180f6549de500e221e519d6630ddfdb31aba6fd2356.exe
    "C:\Users\Admin\AppData\Local\Temp\97b2ba1c6b87912a0216f180f6549de500e221e519d6630ddfdb31aba6fd2356.exe"
    • Writes to the Master Boot Record (MBR)
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2108
    • C:\Windows\SysWOW64\cmd.exe
      C:\Windows\system32\cmd.exe /C C:\Users\Admin\AppData\Local\Temp\~RomDmp1RomDump.com > C:\Users\Admin\AppData\Local\Temp\~RomDmp1Rom.dmp
        PID:1928

    Network

    MITRE ATT&CK Matrix ATT&CK v6

    Initial Access

    Execution

    Persistence

    Bootkit

    1
    T1067

    Privilege Escalation

    Defense Evasion

    Credential Access

    Discovery

    Lateral Movement

    Collection

    Exfiltration

    Command and Control

    Impact

    Replay Monitor

    00:00 00:00

    Downloads

    • C:\Users\Admin\AppData\Local\Temp\~RomDmp1RomDump.com
      Filesize

      46B

      MD5

      74ea83a987cf7e29fe79b16b15b4bbed

      SHA1

      452a79ee1211fad2efdfaf203e4b092f937208fc

      SHA256

      9b327617c8c6fc6c70b7ada3ea40edcb143f0925d0c33fbb8a0a366020deed9d

      SHA512

      35334ba33584b60b2774a4404706d88382b4ab647a3e9afe231e7910246c6fb851a2ae860652771fe2809e40abdc922d75f08616b8dc1ea16e2eefa572000355

      Download Submit
    • memory/2108-133-0x0000000002100000-0x0000000002101000-memory.dmp
      Filesize

      4KB

      Download
    • memory/2108-136-0x0000000000400000-0x00000000004CF000-memory.dmp
      Filesize

      828KB

      Download
    • memory/2108-137-0x0000000002100000-0x0000000002101000-memory.dmp
      Filesize

      4KB

      Download