bbf4fcc27a782003bf77fad5d2f0402d5ba0dca0b1b0683670fe6c538002468e

Analysis

max time kernel
96s
max time network
132s
platform
windows10-2004_x64
resource
win10v2004-20230220-en
resource tags

arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system
submitted
31-03-2023 08:42

Target

bbf4fcc27a782003bf77fad5d2f0402d5ba0dca0b1b0683670fe6c538002468e.exe
Size

2.5MB
MD5

57367e2c180da8b851df2a7625a70afb
SHA1

27643abb3cf3762b4e17d4b46daf088d642170be
SHA256

bbf4fcc27a782003bf77fad5d2f0402d5ba0dca0b1b0683670fe6c538002468e
SHA512

3f4980a71f49053d00a417e1ae9abfadc5446d9abac3acb181bf32db8f9e02a8a586d0c89784737a7b37567aec12f311995a468aeae35a0ed06e777c91506bd8
SSDEEP

49152:qLpGqJ0bNiPa666666gJDMefrugsVErF44kJ01m2dD:2plJEiy6666662DzsVaW451PD

Score

6^/10

Writes to the Master Boot Record (MBR) 1 TTPs 1 IoCs
Bootkits write to the MBR to gain persistence at a level below the operating system.
bootkit persistence

Bootkit
T1067

Processes:

bbf4fcc27a782003bf77fad5d2f0402d5ba0dca0b1b0683670fe6c538002468e.exe

description ioc process

File opened for modification \??\PhysicalDrive0 bbf4fcc27a782003bf77fad5d2f0402d5ba0dca0b1b0683670fe6c538002468e.exe

description	ioc	process
File opened for modification	\??\PhysicalDrive0	bbf4fcc27a782003bf77fad5d2f0402d5ba0dca0b1b0683670fe6c538002468e.exe

C:\Users\Admin\AppData\Local\Temp\bbf4fcc27a782003bf77fad5d2f0402d5ba0dca0b1b0683670fe6c538002468e.exe
"C:\Users\Admin\AppData\Local\Temp\bbf4fcc27a782003bf77fad5d2f0402d5ba0dca0b1b0683670fe6c538002468e.exe"
1⤵
- Writes to the Master Boot Record (MBR)
PID:4700

Initial Access

Execution

Persistence

Bootkit

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

memory/4700-133-0x00007FF7C1930000-0x00007FF7C1BC8000-memory.dmp

Filesize
2.6MB

Download
memory/4700-134-0x0000022CAB870000-0x0000022CAB97A000-memory.dmp

Filesize
1.0MB

Download
memory/4700-143-0x00007FF7C1930000-0x00007FF7C1BC8000-memory.dmp

Filesize
2.6MB

Download