eadaf26df948f0fd541f297e2f0bad435aa4bee5c97e4324ad767dacca77e29d

max time kernel
144s
max time network
36s
platform
windows7_x64
resource
win7-20230220-en
resource tags

arch:x64arch:x86image:win7-20230220-enlocale:en-usos:windows7-x64system
submitted
09-05-2023 19:10

Sharing

Target

trojan-leaks-main/Mythlas.exe
Size

125KB
MD5

1bccdb1cbbdb299f4053dbab4236dadc
SHA1

baf7c15c30c705fe99c4b5cbada6a46cd92cec22
SHA256

e65c793a31137ae75a6f30ae2933bd7cae74fcd4330b6c8770c14466bc3a878f
SHA512

c32b746081cf17dd1e29bf132350f753cd10636d37caddd3d3b8714675710c67420d08ff27e3d0f7aa71f0977316f62261cc5ca40badbb5d2bf76ee3972bcc3f
SSDEEP

3072:b8b9IcgZfL0eMOIWBL5NVBFyQwaBXrn2wsxTOr2UlvjqZGx/1KFXd:gWtBPVBxwaBb2+x1oXd

Score

6^/10

Writes to the Master Boot Record (MBR) 1 TTPs 1 IoCs
Bootkits write to the MBR to gain persistence at a level below the operating system.
bootkit persistence

Bootkit
T1067

Processes:

Mythlas.exe

description ioc process

File opened for modification \??\PhysicalDrive0 Mythlas.exe

description	ioc	process
File opened for modification	\??\PhysicalDrive0	Mythlas.exe

Suspicious use of AdjustPrivilegeToken 4 IoCs

Processes:

AUDIODG.EXE

description	pid	process
Token: 33	1744	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	1744	AUDIODG.EXE
Token: 33	1744	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	1744	AUDIODG.EXE

C:\Users\Admin\AppData\Local\Temp\trojan-leaks-main\Mythlas.exe
"C:\Users\Admin\AppData\Local\Temp\trojan-leaks-main\Mythlas.exe"
1⤵
- Writes to the Master Boot Record (MBR)
PID:1172

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x1b0
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:1744

Initial Access

Execution

Persistence

Bootkit

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact