Overview

overview

6

Static

static

1

5c2b41621f...ad.exe

windows7-x64

6

5c2b41621f...ad.exe

windows10-2004-x64

6

Analysis

  • max time kernel
    74s
  • max time network
    139s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20230220-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system
  • submitted
    05-04-2023 13:30

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    5c2b41621fb9e7bc1bbfe8b0b8a49794d8a0f15b6fd8bed67a8497bf2eb47ead.exe

  • Size

    16.8MB

  • MD5

    9563188dded3de6264fceb4d210116c8

  • SHA1

    6b83993de84b3afe789c4b9ba31fd84d4dbae956

  • SHA256

    5c2b41621fb9e7bc1bbfe8b0b8a49794d8a0f15b6fd8bed67a8497bf2eb47ead

  • SHA512

    f557bafc0f0fa2d23509d00a7e76d44c07ec66a6e2a63bccfaf8d6e71c7a4bfaaa42f1cc27858fe499fd740314efdd79eed0642a932e30ef36c33efe233cc8fa

  • SSDEEP

    393216:/5PFiP0FQRjLlpeF+JF4MR7J4QhLSqP0n:RIdlpe0jJbSqPU

Score
6/10
bootkitpersistence

Malware Config

Signatures

  • Writes to the Master Boot Record (MBR) 1 TTPs 1 IoCs

    Bootkits write to the MBR to gain persistence at a level below the operating system.

    bootkitpersistence
  • Suspicious use of SetWindowsHookEx 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\5c2b41621fb9e7bc1bbfe8b0b8a49794d8a0f15b6fd8bed67a8497bf2eb47ead.exe
    "C:\Users\Admin\AppData\Local\Temp\5c2b41621fb9e7bc1bbfe8b0b8a49794d8a0f15b6fd8bed67a8497bf2eb47ead.exe"
    1⤵
    • Writes to the Master Boot Record (MBR)
    • Suspicious use of SetWindowsHookEx
    PID:1528

Network

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Bootkit

1
T1067

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/1528-133-0x0000000002DE0000-0x0000000002F20000-memory.dmp
    Filesize

    1.2MB

    Download
  • memory/1528-134-0x0000000002DE0000-0x0000000002F20000-memory.dmp
    Filesize

    1.2MB

    Download
  • memory/1528-135-0x0000000002DE0000-0x0000000002F20000-memory.dmp
    Filesize

    1.2MB

    Download
  • memory/1528-136-0x0000000002DE0000-0x0000000002F20000-memory.dmp
    Filesize

    1.2MB

    Download
  • memory/1528-137-0x0000000002DE0000-0x0000000002F20000-memory.dmp
    Filesize

    1.2MB

    Download
  • memory/1528-138-0x0000000002DE0000-0x0000000002F20000-memory.dmp
    Filesize

    1.2MB

    Download
  • memory/1528-139-0x0000000002DE0000-0x0000000002F20000-memory.dmp
    Filesize

    1.2MB

    Download
  • memory/1528-141-0x0000000002DE0000-0x0000000002F20000-memory.dmp
    Filesize

    1.2MB

    Download
  • memory/1528-140-0x0000000002DE0000-0x0000000002F20000-memory.dmp
    Filesize

    1.2MB

    Download
  • memory/1528-143-0x0000000002DE0000-0x0000000002F20000-memory.dmp
    Filesize

    1.2MB

    Download
  • memory/1528-144-0x0000000006040000-0x00000000061CF000-memory.dmp
    Filesize

    1.6MB

    Download
  • memory/1528-145-0x0000000006040000-0x00000000061CF000-memory.dmp
    Filesize

    1.6MB

    Download
  • memory/1528-146-0x0000000006040000-0x00000000061CF000-memory.dmp
    Filesize

    1.6MB

    Download
  • memory/1528-148-0x0000000006040000-0x00000000061CF000-memory.dmp
    Filesize

    1.6MB

    Download
  • memory/1528-147-0x0000000006040000-0x00000000061CF000-memory.dmp
    Filesize

    1.6MB

    Download
  • memory/1528-150-0x0000000002C90000-0x0000000002C91000-memory.dmp
    Filesize

    4KB

    Download
  • memory/1528-149-0x0000000006040000-0x00000000061CF000-memory.dmp
    Filesize

    1.6MB

    Download
  • memory/1528-151-0x0000000006040000-0x00000000061CF000-memory.dmp
    Filesize

    1.6MB

    Download
  • memory/1528-153-0x0000000006040000-0x00000000061CF000-memory.dmp
    Filesize

    1.6MB

    Download
  • memory/1528-152-0x0000000006040000-0x00000000061CF000-memory.dmp
    Filesize

    1.6MB

    Download
  • memory/1528-154-0x0000000006040000-0x00000000061CF000-memory.dmp
    Filesize

    1.6MB

    Download
  • memory/1528-156-0x0000000006040000-0x00000000061CF000-memory.dmp
    Filesize

    1.6MB

    Download
  • memory/1528-155-0x0000000006040000-0x00000000061CF000-memory.dmp
    Filesize

    1.6MB

    Download
  • memory/1528-157-0x0000000006040000-0x00000000061CF000-memory.dmp
    Filesize

    1.6MB

    Download
  • memory/1528-158-0x0000000006040000-0x00000000061CF000-memory.dmp
    Filesize

    1.6MB

    Download
  • memory/1528-159-0x0000000006040000-0x00000000061CF000-memory.dmp
    Filesize

    1.6MB

    Download
  • memory/1528-160-0x0000000006040000-0x00000000061CF000-memory.dmp
    Filesize

    1.6MB

    Download
  • memory/1528-161-0x0000000006040000-0x00000000061CF000-memory.dmp
    Filesize

    1.6MB

    Download
  • memory/1528-162-0x0000000006040000-0x00000000061CF000-memory.dmp
    Filesize

    1.6MB

    Download
  • memory/1528-163-0x0000000006040000-0x00000000061CF000-memory.dmp
    Filesize

    1.6MB

    Download
  • memory/1528-164-0x0000000006040000-0x00000000061CF000-memory.dmp
    Filesize

    1.6MB

    Download
  • memory/1528-165-0x0000000006040000-0x00000000061CF000-memory.dmp
    Filesize

    1.6MB

    Download
  • memory/1528-166-0x0000000006040000-0x00000000061CF000-memory.dmp
    Filesize

    1.6MB

    Download
  • memory/1528-167-0x0000000006040000-0x00000000061CF000-memory.dmp
    Filesize

    1.6MB

    Download
  • memory/1528-168-0x0000000006040000-0x00000000061CF000-memory.dmp
    Filesize

    1.6MB

    Download
  • memory/1528-169-0x0000000006040000-0x00000000061CF000-memory.dmp
    Filesize

    1.6MB

    Download
  • memory/1528-170-0x0000000006040000-0x00000000061CF000-memory.dmp
    Filesize

    1.6MB

    Download
  • memory/1528-171-0x0000000006040000-0x00000000061CF000-memory.dmp
    Filesize

    1.6MB

    Download
  • memory/1528-172-0x0000000006040000-0x00000000061CF000-memory.dmp
    Filesize

    1.6MB

    Download
  • memory/1528-173-0x0000000006040000-0x00000000061CF000-memory.dmp
    Filesize

    1.6MB

    Download
  • memory/1528-174-0x0000000006040000-0x00000000061CF000-memory.dmp
    Filesize

    1.6MB

    Download
  • memory/1528-175-0x0000000006040000-0x00000000061CF000-memory.dmp
    Filesize

    1.6MB

    Download
  • memory/1528-176-0x0000000006040000-0x00000000061CF000-memory.dmp
    Filesize

    1.6MB

    Download
  • memory/1528-177-0x0000000006040000-0x00000000061CF000-memory.dmp
    Filesize

    1.6MB

    Download
  • memory/1528-178-0x0000000006040000-0x00000000061CF000-memory.dmp
    Filesize

    1.6MB

    Download
  • memory/1528-179-0x0000000006040000-0x00000000061CF000-memory.dmp
    Filesize

    1.6MB

    Download
  • memory/1528-180-0x0000000006040000-0x00000000061CF000-memory.dmp
    Filesize

    1.6MB

    Download
  • memory/1528-181-0x0000000006040000-0x00000000061CF000-memory.dmp
    Filesize

    1.6MB

    Download
  • memory/1528-182-0x0000000006040000-0x00000000061CF000-memory.dmp
    Filesize

    1.6MB

    Download
  • memory/1528-184-0x0000000006040000-0x00000000061CF000-memory.dmp
    Filesize

    1.6MB

    Download
  • memory/1528-183-0x0000000006040000-0x00000000061CF000-memory.dmp
    Filesize

    1.6MB

    Download
  • memory/1528-185-0x0000000006040000-0x00000000061CF000-memory.dmp
    Filesize

    1.6MB

    Download
  • memory/1528-186-0x0000000006040000-0x00000000061CF000-memory.dmp
    Filesize

    1.6MB

    Download
  • memory/1528-187-0x0000000006040000-0x00000000061CF000-memory.dmp
    Filesize

    1.6MB

    Download
  • memory/1528-188-0x0000000006040000-0x00000000061CF000-memory.dmp
    Filesize

    1.6MB

    Download
  • memory/1528-190-0x0000000006040000-0x00000000061CF000-memory.dmp
    Filesize

    1.6MB

    Download
  • memory/1528-191-0x0000000006040000-0x00000000061CF000-memory.dmp
    Filesize

    1.6MB

    Download
  • memory/1528-189-0x0000000006040000-0x00000000061CF000-memory.dmp
    Filesize

    1.6MB

    Download
  • memory/1528-192-0x0000000006040000-0x00000000061CF000-memory.dmp
    Filesize

    1.6MB

    Download
  • memory/1528-193-0x0000000006040000-0x00000000061CF000-memory.dmp
    Filesize

    1.6MB

    Download
  • memory/1528-194-0x0000000006040000-0x00000000061CF000-memory.dmp
    Filesize

    1.6MB

    Download
  • memory/1528-195-0x0000000006040000-0x00000000061CF000-memory.dmp
    Filesize

    1.6MB

    Download
  • memory/1528-196-0x0000000006040000-0x00000000061CF000-memory.dmp
    Filesize

    1.6MB

    Download
  • memory/1528-197-0x0000000006040000-0x00000000061CF000-memory.dmp
    Filesize

    1.6MB

    Download
  • memory/1528-575-0x0000000006040000-0x00000000061CF000-memory.dmp
    Filesize

    1.6MB

    Download
  • memory/1528-576-0x0000000002FE0000-0x0000000002FE1000-memory.dmp
    Filesize

    4KB

    Download
  • memory/1528-580-0x0000000006040000-0x00000000061CF000-memory.dmp
    Filesize

    1.6MB

    Download