Overview

overview

6

Static

static

1

PDFpower (3).exe

windows10-1703-x64

6

Resubmissions

03-04-2023 17:17

230403-vtpvasga85 6

03-04-2023 17:14

230403-vr9fxshg7z 6

Analysis

  • max time kernel
    387s
  • max time network
    444s
  • platform
    windows10-1703_x64
  • resource
    win10-20230220-en
  • resource tags

    arch:x64arch:x86image:win10-20230220-enlocale:en-usos:windows10-1703-x64system
  • submitted
    03-04-2023 17:14

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    PDFpower (3).exe

  • Size

    1.0MB

  • MD5

    1e2a99ae43d6365148d412b5dfee0e1c

  • SHA1

    33c02d70abb2f1f12a79cfd780d875a94e7fe877

  • SHA256

    e248b01e3ccde76b4d8e8077d4fcb4d0b70e5200bf4e738b45a0bd28fbc2cae6

  • SHA512

    d962f2e4bbeee0183a3b75f26ccc6de273c28fe5a191c83c1e4ea6c84c8f70b535273452e05c5e11e4df725cad3054e346ad0b3d98348718a00a350b87a5fa0c

  • SSDEEP

    24576:sWjYtbXSRxqO8m657w6ZBLmkitKqBCjC0PDgM5A6:sW8tbiJVV1BCjB

Score
6/10
bootkitpersistence

Malware Config

Signatures

  • Writes to the Master Boot Record (MBR) 1 TTPs 1 IoCs

    Bootkits write to the MBR to gain persistence at a level below the operating system.

    bootkitpersistence
  • Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\PDFpower (3).exe
    "C:\Users\Admin\AppData\Local\Temp\PDFpower (3).exe"
    1⤵
    • Writes to the Master Boot Record (MBR)
    • Suspicious use of AdjustPrivilegeToken
    PID:4296

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/4296-116-0x0000000000EA0000-0x0000000000FAC000-memory.dmp
    Filesize

    1.0MB

    Download
  • memory/4296-117-0x00000000057F0000-0x0000000005800000-memory.dmp
    Filesize

    64KB

    Download
  • memory/4296-118-0x0000000005B80000-0x0000000005C30000-memory.dmp
    Filesize

    704KB

    Download
  • memory/4296-119-0x00000000032D0000-0x00000000032DA000-memory.dmp
    Filesize

    40KB

    Download
  • memory/4296-120-0x00000000063E0000-0x000000000690C000-memory.dmp
    Filesize

    5.2MB

    Download
  • memory/4296-122-0x000000000AAC0000-0x000000000AB26000-memory.dmp
    Filesize

    408KB

    Download
  • memory/4296-123-0x000000000ABA0000-0x000000000ABD8000-memory.dmp
    Filesize

    224KB

    Download
  • memory/4296-126-0x00000000057F0000-0x0000000005800000-memory.dmp
    Filesize

    64KB

    Download
  • memory/4296-127-0x00000000057F0000-0x0000000005800000-memory.dmp
    Filesize

    64KB

    Download
  • memory/4296-128-0x0000000005C80000-0x0000000005CA2000-memory.dmp
    Filesize

    136KB

    Download
  • memory/4296-129-0x000000000BF20000-0x000000000C270000-memory.dmp
    Filesize

    3.3MB

    Download
  • memory/4296-130-0x00000000057F0000-0x0000000005800000-memory.dmp
    Filesize

    64KB

    Download
  • memory/4296-131-0x00000000057F0000-0x0000000005800000-memory.dmp
    Filesize

    64KB

    Download
  • memory/4296-132-0x00000000057F0000-0x0000000005800000-memory.dmp
    Filesize

    64KB

    Download