Analysis

  • max time kernel
    31s
  • max time network
    33s
  • platform
    windows7_x64
  • resource
    win7-20230220-en
  • resource tags

    arch:x64arch:x86image:win7-20230220-enlocale:en-usos:windows7-x64system
  • submitted
    28-03-2023 07:51

General

  • Target

    2c6c38afae06882cf59c1214e6ef3bd1ea3e91358069dc9467ae8a0377ff8fa3.exe

  • Size

    261KB

  • MD5

    bb5242106d9da0b15a90c48f987c5ec7

  • SHA1

    811fc8b49d83cc079063b26e21aaf72a5dd6f41c

  • SHA256

    2c6c38afae06882cf59c1214e6ef3bd1ea3e91358069dc9467ae8a0377ff8fa3

  • SHA512

    025f89a9d345033e737f7163bb4a326d53cd06647bdb859acd19c53a6672178f43094b01a91e3dcf82b0be15583eb7128ba335eb5f70d21dd4ec215f54f83582

  • SSDEEP

    3072:UO2ii3xO1Mcl0U0fOJ5rS0t5F/pstBaDqwONnct437Bl3N2UUjZl8:U5GNShfktRt5F/p/uwONct43j92UUl

Score
6/10

Malware Config

Signatures

  • Writes to the Master Boot Record (MBR) 1 TTPs 1 IoCs

    Bootkits write to the MBR to gain persistence at a level below the operating system.

  • Suspicious use of SetWindowsHookEx 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2c6c38afae06882cf59c1214e6ef3bd1ea3e91358069dc9467ae8a0377ff8fa3.exe
    "C:\Users\Admin\AppData\Local\Temp\2c6c38afae06882cf59c1214e6ef3bd1ea3e91358069dc9467ae8a0377ff8fa3.exe"
    1⤵
    • Writes to the Master Boot Record (MBR)
    • Suspicious use of SetWindowsHookEx
    PID:2036

Network

MITRE ATT&CK Matrix ATT&CK v6

Persistence

Bootkit

1
T1067

Replay Monitor

Loading Replay Monitor...

Downloads