ae654731f8e85ec41a77edbfad7ec0064497421803fbc5105ca8a935af57fd6e | Triage

Submit
Reports

Overview

overview

8

Static

static

1

parsec-windows.exe

windows10-2004-x64

8

Sharing

General

Target

parsec-windows.exe
Size

2.7MB
Sample

230401-zqeblsea9x
MD5

b49af1859c41d9178c4af8b330d64741
SHA1

1272d1cd56010a813e05bcb32d8cf824e8a5e725
SHA256

ae654731f8e85ec41a77edbfad7ec0064497421803fbc5105ca8a935af57fd6e
SHA512

238add2b5db89886e31e281fa633ac4657580c853b5f6750a6e6816ffb85551466abbe7589fe60e19c0fe57989258c99a658331a4e039b48a991a5d2f8cc66cc
SSDEEP

49152:MmRtVNwyndBmOrH+e/xsQjhtmZZcoANnuR+pAfkdE2WX8zPmK:3vhQ1st7oMpA92fmK

Score

8^/10

bootkit discovery evasion persistence

Static task

static1

Behavioral task

behavioral1

Sample

parsec-windows.exe

Resource

win10v2004-20230220-es

bootkit discovery evasion persistence

windows10-2004-x64

34 signatures

1800 seconds

Malware Config

Targets

- Target
  
  parsec-windows.exe
- Size
  
  2.7MB
- MD5
  
  b49af1859c41d9178c4af8b330d64741
- SHA1
  
  1272d1cd56010a813e05bcb32d8cf824e8a5e725
- SHA256
  
  ae654731f8e85ec41a77edbfad7ec0064497421803fbc5105ca8a935af57fd6e
- SHA512
  
  238add2b5db89886e31e281fa633ac4657580c853b5f6750a6e6816ffb85551466abbe7589fe60e19c0fe57989258c99a658331a4e039b48a991a5d2f8cc66cc
- SSDEEP
  
  49152:MmRtVNwyndBmOrH+e/xsQjhtmZZcoANnuR+pAfkdE2WX8zPmK:3vhQ1st7oMpA92fmK
Score

8^/10

bootkit discovery evasion persistence
- Creates new service(s)
  persistence
- Downloads MZ/PE file
- Drops file in Drivers directory
- Modifies Windows Firewall
  evasion
- Stops running service(s)
  evasion
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Writes to the Master Boot Record (MBR)
  Bootkits write to the MBR to gain persistence at a level below the operating system.
  bootkit persistence
- Drops file in System32 directory
behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

New Service

Modify Existing Service

Registry Run Keys / Startup Folder

Bootkit

Privilege Escalation

New Service

Defense Evasion

Impair Defenses

Modify Registry

Install Root Certificate

Credential Access

Discovery

Query Registry

System Information Discovery

Peripheral Device Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Service Stop

Tasks

static1

behavioral1

bootkitdiscoveryevasionpersistence

© 2018-2024

Terms | Privacy