Overview

overview

7

Static

static

1

[email protected]

windows7-x64

6

[email protected]

windows10-2004-x64

7

Resubmissions

03-05-2024 16:05

240503-tjpk4sag2z 7

27-02-2024 15:27

240227-sv1l3scg8t 6

27-02-2024 15:27

240227-svqrwacd96 3

27-02-2024 15:26

240227-svcv1scg6y 3

15-12-2023 14:57

231215-sb4jmaeha4 7

15-12-2023 14:56

231215-sbf4bsddbl 7

15-12-2023 14:54

231215-r911qadchm 7

28-11-2023 15:45

231128-s7e6xabc2x 10

28-11-2023 15:39

231128-s3ygpabb38 8

Analysis

  • max time kernel
    628s
  • max time network
    420s
  • platform
    windows7_x64
  • resource
    win7-20230220-en
  • resource tags

    arch:x64arch:x86image:win7-20230220-enlocale:en-usos:windows7-x64system
  • submitted
    01-04-2023 04:04

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    [email protected]

  • Size

    14KB

  • MD5

    19dbec50735b5f2a72d4199c4e184960

  • SHA1

    6fed7732f7cb6f59743795b2ab154a3676f4c822

  • SHA256

    a3d5715a81f2fbeb5f76c88c9c21eeee87142909716472f911ff6950c790c24d

  • SHA512

    aa8a6bbb1ec516d5d5acf8be6863a4c6c5d754cee12b3d374c3a6acb393376806edc422f0ffb661c210e5b9485da88521e4a0956a4b7b08a5467cfaacd90591d

  • SSDEEP

    192:sIvxdXSQeWSg9JJS/lcIEiwqZKBkDFR43xWTM3LHn8f26gyr6yfFCj3r:sMVSaSEglcIqq3agmLc+6gyWqFCj

Score
6/10
bootkitpersistence

Malware Config

Signatures

Processes

  • C:\Users\Admin\AppData\Local\Temp\[email protected]
    "C:\Users\Admin\AppData\Local\Temp\[email protected]"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2044
    • C:\Users\Admin\AppData\Local\Temp\[email protected]
      "C:\Users\Admin\AppData\Local\Temp\[email protected]" /main
      2⤵
      • Writes to the Master Boot Record (MBR)
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:368
      • C:\Windows\SysWOW64\notepad.exe
        "C:\Windows\System32\notepad.exe" \note.txt
        3⤵
          PID:1176
        • C:\Program Files\Internet Explorer\iexplore.exe
          "C:\Program Files\Internet Explorer\iexplore.exe" http://google.co.ck/search?q=how+to+download+memz
          3⤵
          • Modifies Internet Explorer settings
          • Suspicious use of FindShellTrayWindow
          • Suspicious use of SetWindowsHookEx
          • Suspicious use of WriteProcessMemory
          PID:1724
          • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
            "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1724 CREDAT:275457 /prefetch:2
            4⤵
            • Modifies Internet Explorer settings
            • Suspicious use of SetWindowsHookEx
            PID:2024
    • C:\Windows\system32\AUDIODG.EXE
      C:\Windows\system32\AUDIODG.EXE 0x1b0
      1⤵
      • Suspicious use of AdjustPrivilegeToken
      PID:560

    Network

    MITRE ATT&CK Matrix ATT&CK v6

    Initial Access

    Execution

    Persistence

    Bootkit

    1
    T1067

    Privilege Escalation

    Defense Evasion

    Modify Registry

    1
    T1112

    Credential Access

    Discovery

    System Information Discovery

    1
    T1082

    Lateral Movement

    Collection

    Exfiltration

    Command and Control

    Impact

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
      Filesize

      61KB

      MD5

      e71c8443ae0bc2e282c73faead0a6dd3

      SHA1

      0c110c1b01e68edfacaeae64781a37b1995fa94b

      SHA256

      95b0a5acc5bf70d3abdfd091d0c9f9063aa4fde65bd34dbf16786082e1992e72

      SHA512

      b38458c7fa2825afb72794f374827403d5946b1132e136a0ce075dfd351277cf7d957c88dc8a1e4adc3bcae1fa8010dae3831e268e910d517691de24326391a6

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      11539651e1f9fe15ad89e3569c2f7770

      SHA1

      0409240fd5ea35321f1397a322beaa452558db4d

      SHA256

      dca700f7134aa1833ca315da08c50a03876fdeb732d557ca46c64e4c4f11cb90

      SHA512

      af78b1d09418f80be8da31b23ff6fd2503cda77b9413fb772e9c5805388bf2317625785d08fc6e919afc4a4a8c03fdc4bf046edb8d07b08089bac6c699b861fe

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      e07133215dd2d4e6967a63e4b0292b99

      SHA1

      355e9ec280d53c625039812cabf8e62622fecb02

      SHA256

      5e103a610e9b6a002d9ac892447be9d12cc057b052790af0751db917241e47c7

      SHA512

      5a90e3a4ba9d651c3b3f8792c00e5c8db49a54757e224321b754d40586c88ff76636517419338f73faa98000c3fb1032e254de7c03961c28eb35ace1cb0e2654

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      1d0a61e63095944112e72ae46a33addc

      SHA1

      de13745aa70eea782a60614134625fdfd21c8425

      SHA256

      f7ac671511463f7e5e612d76728fae27356ca1a909f9922050b398aa0122ae2e

      SHA512

      bdd4813e0bb8e7b96baec554459c39dfbd6c28f0fc88c24ca834da4233fef746a0fa6e2f815a15d02413f83375e921eeb89351a205a370d0f9b5a12e8b35c8f3

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      b8f352209ffb6e4191b55fa36c7fbcbf

      SHA1

      0bd23ecfb59271b3e669fd6ece638b4333049eba

      SHA256

      da80e05fbaad93544414aaf343e11d2aea1e01278267afc0b3a10e3c5c280337

      SHA512

      960c45904c668a6207c80a32188b03b4726167464720c3045f45a3f0eb4a796f75fb5ce9ce1021e7315fd765a3b9c3cd1e417efefc1a3b629b8c53a88389da93

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      e3d7bf3388f5d58547f6bcbd1e36554b

      SHA1

      9ec1e270adc2a56a0384cf3530763dc274bdecb7

      SHA256

      79c8463afabfdee208d8c5b77d5d5b3ee0416417893cb3b562a7f639d4b329f1

      SHA512

      ce7d8eed85c7a52aa0015220016d3e60d32d3ab9e37625ee610dffcb48629819952a5b5382e786fd1713a90fbbb056f8e5b36f50e0f6201537682e3c390ab57c

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      6620a47493c7722c0b7ed84c7dc3d502

      SHA1

      17b39217d60195cbb439ffe5648082d5592dbcff

      SHA256

      9479cccdcada8e413d6ce371229699cbf262ed33b6b0d13da7c4b6f435da8832

      SHA512

      3a5eb3dc1edcf4a9759cebae998253e9bc67b1cd83f1b38418b6ef960736ea9cef47df4e8e84a375228ca20f00aa48b004f04e19eb00cee7ac53c44fabd6ddea

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      e9b7b4ea938fb70989b73c19e8bd38ba

      SHA1

      bf59a2a2e71e827ba460e4ab36e779a0b7e4cc9e

      SHA256

      427935b9f309da50516903b15c3255fa2734c3a02ae814f9ff88759b6656e477

      SHA512

      debd2fdd2e7ff270da05240700d4a292d4658d1a3d04241f2ef2ab7fdb27b48c12f94acc8ac66d93e2ec5317cee0e4d336c0bbe700cab464747067c85ebba977

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      6519589d612aaa42db41d789a8d15aac

      SHA1

      a5402c7184589949cba9697ce4a7800cd3413c62

      SHA256

      2fa8f053c9d6b5277c07827c8a70601898414069e50aea0ada7d80e582f2e158

      SHA512

      9abcf17aed59e82cfc05f899043234c64de04f5a7e9717067fafb5353d61b267d03912e5a70d07cf2eac4be3587da67efc94eb8cf771dd34e044b8dc78cc90c7

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      5c8bb4f9b331b684e3b74c03cbe8e4cf

      SHA1

      753385e80ec21ad081d389c567233ee674824113

      SHA256

      06c19b6ab8cf5009e840d007e9a72dd708358b156d7e617121424b3cf672817f

      SHA512

      908c997ef1d3080b3acde644420ff5ae376a136ecd21721cef0f209848bdd619ee96f792bc357411bec786180ea35c8038a59e48419364dac81e54a99717d9b2

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      b28f385669958e540b744b2adfe8b26a

      SHA1

      b00818511a67d37a022cddf6a850949a86bfed64

      SHA256

      bc12d102582af33eeee47a97c8b08a278a4fe9f4c53e1f61360f50fb1d7f4fbf

      SHA512

      ffaa675338ff8abd845e85924c2e94d1c1562c235a8db109b52f73b8cf885e4af681f186c39dcfb9fb492b70ec04e5b635d1a70f019f51c89bc8aab25ab3f3d2

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      df4a654d39aaa02a28968141d6409bbf

      SHA1

      f50d33a1ed44ef2f3652528c7e31bc37897b9b0b

      SHA256

      6fe1aacaf500b9bbb1d8bff0ca440823e1f53049e80dd329289c5787c89ba128

      SHA512

      c85f42f48fb2d383b527e61059711052a659c0f058ec7c8cc3ae3a107d2d5cb6beed70fb56a1dc7a83be1ba456808d46a851b46f3847497ed22a3b084dec3f81

      Download Submit
    • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\62yy7f8\imagestore.dat
      Filesize

      9KB

      MD5

      3f976f0ebab2d1d90848cd744c2c9986

      SHA1

      80f1b5133cf6e37ada0b0a7d97c35f1a8388eae9

      SHA256

      48a6a9af5a0e94c7c6dc60b5ed7190d0fef68eda5151baaebca37c3e2ff3b475

      SHA512

      3b3645bdc6882d37cb2da97d7599f26014556ee5dbfe8ab94fea221160c433b4db85fa38ec0f01523a405962a070bc1ad00e40d3869defb1791208179c4dc445

      Download Submit
    • C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\T22XS5WA\favicon[2].ico
      Filesize

      5KB

      MD5

      f3418a443e7d841097c714d69ec4bcb8

      SHA1

      49263695f6b0cdd72f45cf1b775e660fdc36c606

      SHA256

      6da5620880159634213e197fafca1dde0272153be3e4590818533fab8d040770

      SHA512

      82d017c4b7ec8e0c46e8b75da0ca6a52fd8bce7fcf4e556cbdf16b49fc81be9953fe7e25a05f63ecd41c7272e8bb0a9fd9aedf0ac06cb6032330b096b3702563

      Download Submit
    • C:\Users\Admin\AppData\Local\Temp\Cab68A.tmp
      Filesize

      61KB

      MD5

      fc4666cbca561e864e7fdf883a9e6661

      SHA1

      2f8d6094c7a34bf12ea0bbf0d51ee9c5bb7939a5

      SHA256

      10f3deb6c452d749a7451b5d065f4c0449737e5ee8a44f4d15844b503141e65b

      SHA512

      c71f54b571e01f247f072be4bbebdf5d8410b67eb79a61e7e0d9853fe857ab9bd12f53e6af3394b935560178107291fc4be351b27deb388eba90ba949633d57d

      Download Submit
    • C:\Users\Admin\AppData\Local\Temp\Tar679.tmp
      Filesize

      161KB

      MD5

      73b4b714b42fc9a6aaefd0ae59adb009

      SHA1

      efdaffd5b0ad21913d22001d91bf6c19ecb4ac41

      SHA256

      c0cf8cc04c34b5b80a2d86ad0eafb2dd71436f070c86b0321fba0201879625fd

      SHA512

      73af3c51b15f89237552b1718bef21fd80788fa416bab2cb2e7fb3a60d56249a716eda0d2dd68ab643752272640e7eaaaf57ce64bcb38373ddc3d035fb8d57cd

      Download Submit
    • C:\Users\Admin\AppData\Local\Temp\Tar884.tmp
      Filesize

      161KB

      MD5

      be2bec6e8c5653136d3e72fe53c98aa3

      SHA1

      a8182d6db17c14671c3d5766c72e58d87c0810de

      SHA256

      1919aab2a820642490169bdc4e88bd1189e22f83e7498bf8ebdfb62ec7d843fd

      SHA512

      0d1424ccdf0d53faf3f4e13d534e12f22388648aa4c23edbc503801e3c96b7f73c7999b760b5bef4b5e9dd923dffe21a21889b1ce836dd428420bf0f4f5327ff

      Download Submit
    • C:\Users\Admin\AppData\Local\Temp\~DFDE02BDBD4ADC0FA3.TMP
      Filesize

      16KB

      MD5

      40e44eb1e6f9e116e572fae3e040115c

      SHA1

      bcfe68e7802e9eb85a68cc1d97695e68cd7ec98f

      SHA256

      23adfc5fbc087860bcc557cc38af3c6964ee45f2b0d6faf3f03cc68f801158b3

      SHA512

      33f158e499c9bd97b8fed22d957f28e925f8f1b43f9410dab0ec80eec869e43e3979c86c28747156d49f48514d3e8365bd049047819790f48184505afb1ed106

      Download Submit
    • C:\note.txt
      Filesize

      218B

      MD5

      afa6955439b8d516721231029fb9ca1b

      SHA1

      087a043cc123c0c0df2ffadcf8e71e3ac86bbae9

      SHA256

      8e9f20f6864c66576536c0b866c6ffdcf11397db67fe120e972e244c3c022270

      SHA512

      5da21a31fbc4e8250dffed30f66b896bdf007ac91948140334fe36a3f010e1bac3e70a07e9f3eb9da8633189091fd5cadcabbaacd3e01da0fe7ae28a11b3dddf

      Download Submit