Analysis
-
max time kernel
29s -
max time network
32s -
platform
windows7_x64 -
resource
win7-20230220-en -
resource tags
arch:x64arch:x86image:win7-20230220-enlocale:en-usos:windows7-x64system -
submitted
01-04-2023 13:28
Static task
static1
Behavioral task
behavioral1
Sample
krnl_bootstrapper.exe
Resource
win7-20230220-en
windows7-x64
2 signatures
150 seconds
General
-
Target
krnl_bootstrapper.exe
-
Size
1.2MB
-
MD5
f14153bbd95fc26d9ccea77c49cf09b9
-
SHA1
cb59f900711ea751c4322b4dab50fa2c0ee70b33
-
SHA256
27eab496d0b63d52c18cee063110d9d479523b58426bfcb58e420a5cae087c54
-
SHA512
7f7618cf6f15d85e82cbfff07ca6e1df0aa763d64d6a37fb659f1612b950d16a15b723ec053765e991485e74a7301617019b166dcaa759ed6f1a281a9ebc4ed0
-
SSDEEP
12288:aBVCrK2jsP3zv+FSF68GANNhWLS0B6L+FOCN+AzrnxdanvzFzho:SU7ecSgL6y+gk+rnxdarFu
Score
1/10
Malware Config
Signatures
-
Suspicious behavior: EnumeratesProcesses 1 IoCs
Processes:
krnl_bootstrapper.exepid process 1584 krnl_bootstrapper.exe -
Suspicious use of AdjustPrivilegeToken 1 IoCs
Processes:
krnl_bootstrapper.exedescription pid process Token: SeDebugPrivilege 1584 krnl_bootstrapper.exe
Processes
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/1584-54-0x0000000000070000-0x000000000019A000-memory.dmpFilesize
1.2MB
-
memory/1584-55-0x0000000001FA0000-0x0000000001FE0000-memory.dmpFilesize
256KB
-
memory/1584-56-0x0000000000500000-0x000000000050A000-memory.dmpFilesize
40KB
-
memory/1584-57-0x0000000001FA0000-0x0000000001FE0000-memory.dmpFilesize
256KB
-
memory/1584-58-0x0000000001FA0000-0x0000000001FE0000-memory.dmpFilesize
256KB