a3455cf8e2ce4c933567360b795ea137a1d83f7c63568ecfb0f2ec440f96ffaa

Analysis

max time kernel
29s
max time network
34s
platform
windows7_x64
resource
win7-20230220-en
resource tags

arch:x64arch:x86image:win7-20230220-enlocale:en-usos:windows7-x64system
submitted
01-04-2023 21:44

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

a3455cf8e2ce4c933567360b795ea137a1d83f7c63568ecfb0f2ec440f96ffaa.exe
Size

4.1MB
MD5

431898fc759567adcec70f869d138b1f
SHA1

e83641da7ceb94e963cacd329762958d3480b949
SHA256

a3455cf8e2ce4c933567360b795ea137a1d83f7c63568ecfb0f2ec440f96ffaa
SHA512

09120d3079bfaad0dcb902872068916c3c202f541eab9c506e2df7b3ce58b5a59e868e9ec995560a25246a8e3d0154a58be5cd317af13eede4124a9020ba07f1
SSDEEP

98304:8wr/2SwTGO2/ixrmfSFUXZFsMTbTwha7G4/pGH:DiSwaixrqSuXIMT/4j4RGH

Score

8^/10

bootkit persistence

Malware Config

Signatures

Downloads MZ/PE file

Loads dropped DLL 4 IoCs

Processes:

a3455cf8e2ce4c933567360b795ea137a1d83f7c63568ecfb0f2ec440f96ffaa.exe

pid	process
2040	a3455cf8e2ce4c933567360b795ea137a1d83f7c63568ecfb0f2ec440f96ffaa.exe
2040	a3455cf8e2ce4c933567360b795ea137a1d83f7c63568ecfb0f2ec440f96ffaa.exe
2040	a3455cf8e2ce4c933567360b795ea137a1d83f7c63568ecfb0f2ec440f96ffaa.exe
2040	a3455cf8e2ce4c933567360b795ea137a1d83f7c63568ecfb0f2ec440f96ffaa.exe

Writes to the Master Boot Record (MBR) 1 TTPs 1 IoCs
Bootkits write to the MBR to gain persistence at a level below the operating system.
bootkit persistence

Bootkit
T1067

Processes:

a3455cf8e2ce4c933567360b795ea137a1d83f7c63568ecfb0f2ec440f96ffaa.exe

description ioc process

File opened for modification \??\PhysicalDrive0 a3455cf8e2ce4c933567360b795ea137a1d83f7c63568ecfb0f2ec440f96ffaa.exe

description	ioc	process
File opened for modification	\??\PhysicalDrive0	a3455cf8e2ce4c933567360b795ea137a1d83f7c63568ecfb0f2ec440f96ffaa.exe

C:\Users\Admin\AppData\Local\Temp\a3455cf8e2ce4c933567360b795ea137a1d83f7c63568ecfb0f2ec440f96ffaa.exe
"C:\Users\Admin\AppData\Local\Temp\a3455cf8e2ce4c933567360b795ea137a1d83f7c63568ecfb0f2ec440f96ffaa.exe"
1⤵
- Loads dropped DLL
- Writes to the Master Boot Record (MBR)
PID:2040

Network

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Bootkit

T1067

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TOS3MI7U\wan[2].txt
Filesize
2B

MD5
444bcb3a3fcf8389296c49467f27e1d6

SHA1
7a85f4764bbd6daf1c3545efbbf0f279a6dc0beb

SHA256
2689367b205c16ce32ed4200942b8b8b1e262dfc70d9bc9fbc77c49699a4f1df

SHA512
9fbbbb5a0f329f9782e2356fa41d89cf9b3694327c1a934d6af2a9df2d7f936ce83717fb513196a4ce5548471708cd7134c2ae99b3c357bcabb2eafc7b9b7570

Download Submit
C:\Users\Admin\AppData\Roaming\LittleGame\Uninst.exe
Filesize
489KB

MD5
462b860d5b377d3a8a75580de176809e

SHA1
ab69be0a7714f5297e1da6910100d8db3c82cd6b

SHA256
c3daed387f736d2283e7ca5034a8aa69936247c8a54bb12e8e09cb585eb376a4

SHA512
11fad932931cf874b885406f0c505703e8a2270c9198c616935ee4567dae61e2cf96d8ed1b2b715ef00edad113bf69c612be8d0aa483b64a366757e4e9bc6581

Download Submit
\Users\Admin\AppData\Roaming\LittleGame\NetBridge.dll
Filesize
231KB

MD5
2d74e1f7a2f1b6273a81a8dc8387f691

SHA1
7ac6bc7ec3b9591ccdb029c1d5a8d0ff394e3495

SHA256
afb14730e5dbfdf23d5fab15eb82a251c021b4d721b114c70eae1641f4bd28df

SHA512
c48921684a881922c5ccf561004dcbf195e6a44fb10d1d0d0d6cafe7d58f960485cd3a45de888a58d125918c9d7369158dd3e538b603ab8d575c5e6619d4643c

Download Submit
\Users\Admin\AppData\Roaming\LittleGame\Uninst.exe
Filesize
489KB

MD5
462b860d5b377d3a8a75580de176809e

SHA1
ab69be0a7714f5297e1da6910100d8db3c82cd6b

SHA256
c3daed387f736d2283e7ca5034a8aa69936247c8a54bb12e8e09cb585eb376a4

SHA512
11fad932931cf874b885406f0c505703e8a2270c9198c616935ee4567dae61e2cf96d8ed1b2b715ef00edad113bf69c612be8d0aa483b64a366757e4e9bc6581

Download Submit
\Users\Admin\AppData\Roaming\LittleGame\Uninst.exe
Filesize
489KB

MD5
462b860d5b377d3a8a75580de176809e

SHA1
ab69be0a7714f5297e1da6910100d8db3c82cd6b

SHA256
c3daed387f736d2283e7ca5034a8aa69936247c8a54bb12e8e09cb585eb376a4

SHA512
11fad932931cf874b885406f0c505703e8a2270c9198c616935ee4567dae61e2cf96d8ed1b2b715ef00edad113bf69c612be8d0aa483b64a366757e4e9bc6581

Download Submit
\Users\Admin\AppData\Roaming\LittleGame\Utils\7z.dll
Filesize
1.1MB

MD5
c4aa6d9e72a1721b3f65646e04e702cf

SHA1
6a41028ab246ce033e19da5c54e066e0752cb616

SHA256
d4298c89fc52459842e7658ebf3aa34a9f6e061a97b8984790239609b492f696

SHA512
d2de0b47ec3a5564592797468f02944fe911c66034c08fbeb5ef4592b1cce7561e6ed36e4433d6520f2927b66dbdbe68424939cac286b325eb7e83f09ab65843

Download Submit