Analysis
-
max time kernel
140s -
max time network
30s -
platform
windows7_x64 -
resource
win7-20230220-en -
resource tags
arch:x64arch:x86image:win7-20230220-enlocale:en-usos:windows7-x64system -
submitted
08-06-2023 19:57
Behavioral task
behavioral1
Sample
194164c12f6cd818eab5cf42fc90f4306a048983325bf4bf8c6f59d61b99bcdc.exe
Resource
win7-20230220-en
Behavioral task
behavioral2
Sample
194164c12f6cd818eab5cf42fc90f4306a048983325bf4bf8c6f59d61b99bcdc.exe
Resource
win10v2004-20230220-en
General
-
Target
194164c12f6cd818eab5cf42fc90f4306a048983325bf4bf8c6f59d61b99bcdc.exe
-
Size
243KB
-
MD5
854cecd4f3324dea518ee74fa925eb07
-
SHA1
e83500b71cfe4025c1fd5efa514e164a67c7b0e4
-
SHA256
194164c12f6cd818eab5cf42fc90f4306a048983325bf4bf8c6f59d61b99bcdc
-
SHA512
de648171ae9ed415f31fa7649b5683a109cdbb55ab40d82d65e74a082ae841b187d5c9b1a7fc2c5ec996935894be0ca2ac6dfaa10896fb4651859a074381d315
-
SSDEEP
6144:MYtkqBzTvee+QtZEkb/JG3c4LtviDsSpWoq0T:MwvqstZEkTJwp5qDrp3T
Malware Config
Signatures
-
Enumerates connected drives 3 TTPs 1 IoCs
Attempts to read the root path of hard drives other than the default C: drive.
Processes:
194164c12f6cd818eab5cf42fc90f4306a048983325bf4bf8c6f59d61b99bcdc.exedescription ioc process File opened (read-only) \??\D: 194164c12f6cd818eab5cf42fc90f4306a048983325bf4bf8c6f59d61b99bcdc.exe -
Writes to the Master Boot Record (MBR) 1 TTPs 1 IoCs
Bootkits write to the MBR to gain persistence at a level below the operating system.
Processes:
194164c12f6cd818eab5cf42fc90f4306a048983325bf4bf8c6f59d61b99bcdc.exedescription ioc process File opened for modification \??\PHYSICALDRIVE0 194164c12f6cd818eab5cf42fc90f4306a048983325bf4bf8c6f59d61b99bcdc.exe