Analysis
-
max time kernel
31s -
max time network
33s -
platform
windows7_x64 -
resource
win7-20230220-en -
resource tags
arch:x64arch:x86image:win7-20230220-enlocale:en-usos:windows7-x64system -
submitted
28-03-2023 07:51
Static task
static1
Behavioral task
behavioral1
Sample
2c6c38afae06882cf59c1214e6ef3bd1ea3e91358069dc9467ae8a0377ff8fa3.exe
Resource
win7-20230220-en
Behavioral task
behavioral2
Sample
2c6c38afae06882cf59c1214e6ef3bd1ea3e91358069dc9467ae8a0377ff8fa3.exe
Resource
win10v2004-20230220-en
General
-
Target
2c6c38afae06882cf59c1214e6ef3bd1ea3e91358069dc9467ae8a0377ff8fa3.exe
-
Size
261KB
-
MD5
bb5242106d9da0b15a90c48f987c5ec7
-
SHA1
811fc8b49d83cc079063b26e21aaf72a5dd6f41c
-
SHA256
2c6c38afae06882cf59c1214e6ef3bd1ea3e91358069dc9467ae8a0377ff8fa3
-
SHA512
025f89a9d345033e737f7163bb4a326d53cd06647bdb859acd19c53a6672178f43094b01a91e3dcf82b0be15583eb7128ba335eb5f70d21dd4ec215f54f83582
-
SSDEEP
3072:UO2ii3xO1Mcl0U0fOJ5rS0t5F/pstBaDqwONnct437Bl3N2UUjZl8:U5GNShfktRt5F/p/uwONct43j92UUl
Malware Config
Signatures
-
Writes to the Master Boot Record (MBR) 1 TTPs 1 IoCs
Bootkits write to the MBR to gain persistence at a level below the operating system.
Processes:
2c6c38afae06882cf59c1214e6ef3bd1ea3e91358069dc9467ae8a0377ff8fa3.exedescription ioc process File opened for modification \??\PhysicalDrive0 2c6c38afae06882cf59c1214e6ef3bd1ea3e91358069dc9467ae8a0377ff8fa3.exe -
Suspicious use of SetWindowsHookEx 1 IoCs
Processes:
2c6c38afae06882cf59c1214e6ef3bd1ea3e91358069dc9467ae8a0377ff8fa3.exepid process 2036 2c6c38afae06882cf59c1214e6ef3bd1ea3e91358069dc9467ae8a0377ff8fa3.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\2c6c38afae06882cf59c1214e6ef3bd1ea3e91358069dc9467ae8a0377ff8fa3.exe"C:\Users\Admin\AppData\Local\Temp\2c6c38afae06882cf59c1214e6ef3bd1ea3e91358069dc9467ae8a0377ff8fa3.exe"1⤵
- Writes to the Master Boot Record (MBR)
- Suspicious use of SetWindowsHookEx