Overview

overview

6

Static

static

1

2df6d622ef...f3.exe

windows7-x64

6

2df6d622ef...f3.exe

windows10-2004-x64

6

Analysis

  • max time kernel
    62s
  • max time network
    123s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20230220-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system
  • submitted
    01-04-2023 04:52

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    2df6d622ef0513a2b78fe8ce46a77bdd43a92da92107a41b0e064661373ab5f3.exe

  • Size

    2.8MB

  • MD5

    b08d1f3dbf6e9b088736e5f7bfed3069

  • SHA1

    8df9e15e40a126f2a0608a7d1563a79a58041d38

  • SHA256

    2df6d622ef0513a2b78fe8ce46a77bdd43a92da92107a41b0e064661373ab5f3

  • SHA512

    968919807fe8458df8c276ec8fc2ff1c45d349c5072508ac4445576401fc8d58a5d18f2d4c8a2de441f21481a58786a9843bb68cf84c11425d11890fd85434f2

  • SSDEEP

    49152:RYBnAN5yO92/RPW0zYsZ/sI3u4b2aPDbNTvcx0d7t74:RYBnANUlW0zYYP3BqKV

Score
6/10
bootkitpersistence

Malware Config

Signatures

  • Writes to the Master Boot Record (MBR) 1 TTPs 1 IoCs

    Bootkits write to the MBR to gain persistence at a level below the operating system.

    bootkitpersistence
  • Suspicious behavior: EnumeratesProcesses 2 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2df6d622ef0513a2b78fe8ce46a77bdd43a92da92107a41b0e064661373ab5f3.exe
    "C:\Users\Admin\AppData\Local\Temp\2df6d622ef0513a2b78fe8ce46a77bdd43a92da92107a41b0e064661373ab5f3.exe"
    1⤵
    • Writes to the Master Boot Record (MBR)
    • Suspicious behavior: EnumeratesProcesses
    PID:4436

Network

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Bootkit

1
T1067

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Replay Monitor

Loading Replay Monitor...

Downloads