eadaf26df948f0fd541f297e2f0bad435aa4bee5c97e4324ad767dacca77e29d

Analysis

max time kernel
117s
max time network
178s
platform
windows10-2004_x64
resource
win10v2004-20230220-en
resource tags

arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system
submitted
09-05-2023 19:16

Target

trojan-leaks-main/Glodrix.exe
Size

416KB
MD5

766e0dceb95f26a79300e786669fd4c3
SHA1

56bd2f5f37d012059e44185a4405332891b8efb6
SHA256

a2d0fcecb809ae416d8d532f7eb58505977aeb00c66f0d51b70025946bc599b3
SHA512

9cc4ab1466de58815ea48350f5e31135d9acfce87ba58863eb5632b6b56b5b512cae5b9a512b0400f45e982ad711a3c637bd79a3fe721df9ab0e659b8dd2a204
SSDEEP

6144:23nEFPjLXbeQHD0wyqwYxKk+CKEEwL1fFx++/BsPZ:EnEFPjLtHvyqwYg3Tsj6

Score

6^/10

Writes to the Master Boot Record (MBR) 1 TTPs 1 IoCs
Bootkits write to the MBR to gain persistence at a level below the operating system.
bootkit persistence

Bootkit
T1067

Processes:

Glodrix.exe

description ioc process

File opened for modification \??\PhysicalDrive0 Glodrix.exe
Suspicious use of AdjustPrivilegeToken 3 IoCs

Processes:

AUDIODG.EXEGlodrix.exe

description pid process

Token: 33 324 AUDIODG.EXE
Token: SeIncBasePriorityPrivilege 324 AUDIODG.EXE
Token: SeShutdownPrivilege 3040 Glodrix.exe

description	ioc	process
File opened for modification	\??\PhysicalDrive0	Glodrix.exe

description	pid	process
Token: 33	324	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	324	AUDIODG.EXE
Token: SeShutdownPrivilege	3040	Glodrix.exe

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x4f0 0x4bc
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:324

Initial Access

Execution

Persistence

Bootkit

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact