Analysis
-
max time kernel
3s -
max time network
5s -
platform
windows10-2004_x64 -
resource
win10v2004-20230220-en -
resource tags
arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system -
submitted
31-03-2023 13:34
Static task
static1
Behavioral task
behavioral1
Sample
free.exe
Resource
win7-20230220-en
windows7-x64
2 signatures
150 seconds
Behavioral task
behavioral2
Sample
free.exe
Resource
win10v2004-20230220-en
windows10-2004-x64
2 signatures
150 seconds
General
-
Target
free.exe
-
Size
221KB
-
MD5
a083918dbf9fe0fe4dd0e4aa553d678f
-
SHA1
4bf49c54b4d002af3e6d1427a8fe53ba5db7b003
-
SHA256
aae9a7e95acbbe7ab48ee0d732f2d15866f7794cd7d6415eb68c57124cd40b27
-
SHA512
17f2fd252b7227557c23bde35f2709dea27f5552b733459d022db99f340fea3151f715dbff5e456ab4d52489f32c9a7496a7576c6b9a077279ed425fae9c9cf0
-
SSDEEP
3072:E+n3c64/ES9IGjwMmJdwt/h4RB8MBvses058T4GoY46ZbXeFLrGC:n3J279IGjwMYdwVKRB8MlfGohXr
Score
6/10
Malware Config
Signatures
-
Writes to the Master Boot Record (MBR) 1 TTPs 1 IoCs
Bootkits write to the MBR to gain persistence at a level below the operating system.
Processes:
free.exedescription ioc process File opened for modification \??\PhysicalDrive0 free.exe -
Suspicious use of AdjustPrivilegeToken 1 IoCs
Processes:
free.exedescription pid process Token: SeShutdownPrivilege 2376 free.exe