8101c08df239083d1bde05b940fcc57ac5680a0da8afc9cb3ca6383a1b004bf6

Analysis

max time kernel
60s
max time network
134s
platform
windows10-2004_x64
resource
win10v2004-20230220-en
resource tags

arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system
submitted
10/06/2023, 10:44

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

08460699.exe
Size

205KB
MD5

61967fb112c93db475b6c5f1b6bc0ad7
SHA1

418ccb1812027f53fc9b01631ab3194b386e09a4
SHA256

8101c08df239083d1bde05b940fcc57ac5680a0da8afc9cb3ca6383a1b004bf6
SHA512

9645e4ed37b85a7730c7bae5edfbc8b435f40780f52616558260604899c3a9fd36cc842ab5b24dbc6046ea427a8311343fb507d1cdb2197120483d28ac4609b5
SSDEEP

3072:/EkJY4RpJ2Jj7HbxH3bgcFXi2pqQZuGzdqfQYK:TJPuHJ02TqQAGzb

Score

6^/10

bootkit persistence

Malware Config

Signatures

Writes to the Master Boot Record (MBR) 1 TTPs 1 IoCs

Bootkits write to the MBR to gain persistence at a level below the operating system.

bootkit persistence

Bootkit

T1067

description	ioc	Process
File opened for modification	\??\PhysicalDrive0	08460699.exe

C:\Users\Admin\AppData\Local\Temp\08460699.exe
"C:\Users\Admin\AppData\Local\Temp\08460699.exe"
1⤵
- Writes to the Master Boot Record (MBR)
PID:4224

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Bootkit

T1067

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

memory/4224-133-0x0000000000400000-0x000000000043A000-memory.dmp

Filesize
232KB

Download