Analysis

  • max time kernel
    149s
  • max time network
    154s
  • platform
    windows7_x64
  • resource
    win7-20230220-en
  • resource tags

    arch:x64arch:x86image:win7-20230220-enlocale:en-usos:windows7-x64system
  • submitted
    11/06/2023, 20:08

General

  • Target

    b4533d48dedbb8bd30a79e21b4bea37222d704c3468bbd3e1b0ff513bca0a5f5.exe

  • Size

    5.9MB

  • MD5

    e5777dd1c12775eedbbc413ae70414ac

  • SHA1

    69e5a7cfabde4dad6b0d8cc0654e644de8657645

  • SHA256

    b4533d48dedbb8bd30a79e21b4bea37222d704c3468bbd3e1b0ff513bca0a5f5

  • SHA512

    126a80709e8c043b08909a7fc56fac80d8c4b37dd18f253594361dcc88d1f24c8ff531114dca45144fec53fe24a2f20c536c58f631e612baeb872e5db088fd75

  • SSDEEP

    98304:CF3wCi9lXaYrya6XEqDUIhZUAkY8ZEhQNovhKexz6cvP2WjQWH0FBZbOEuK6KC3S:CvZfjUI8Povh7660FzKEKQ2ScNPglvOs

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 2 IoCs
  • Writes to the Master Boot Record (MBR) 1 TTPs 2 IoCs

    Bootkits write to the MBR to gain persistence at a level below the operating system.

  • Program crash 1 IoCs
  • Modifies system certificate store 2 TTPs 2 IoCs
  • Suspicious use of SetWindowsHookEx 4 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\b4533d48dedbb8bd30a79e21b4bea37222d704c3468bbd3e1b0ff513bca0a5f5.exe
    "C:\Users\Admin\AppData\Local\Temp\b4533d48dedbb8bd30a79e21b4bea37222d704c3468bbd3e1b0ff513bca0a5f5.exe"
    1⤵
    • Loads dropped DLL
    • Writes to the Master Boot Record (MBR)
    • Modifies system certificate store
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:1216
    • C:\Users\Admin\AppData\Local\Temp\feizashan.exe
      C:\Users\Admin\AppData\Local\Temp\feizashan.exe
      2⤵
      • Executes dropped EXE
      • Writes to the Master Boot Record (MBR)
      • Suspicious use of SetWindowsHookEx
      PID:584
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 1216 -s 1216
      2⤵
      • Program crash
      PID:1532

Network

        MITRE ATT&CK Enterprise v6

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Users\Admin\AppData\Local\Temp\feizashan.exe

          Filesize

          5.9MB

          MD5

          e5777dd1c12775eedbbc413ae70414ac

          SHA1

          69e5a7cfabde4dad6b0d8cc0654e644de8657645

          SHA256

          b4533d48dedbb8bd30a79e21b4bea37222d704c3468bbd3e1b0ff513bca0a5f5

          SHA512

          126a80709e8c043b08909a7fc56fac80d8c4b37dd18f253594361dcc88d1f24c8ff531114dca45144fec53fe24a2f20c536c58f631e612baeb872e5db088fd75

        • C:\Users\Admin\AppData\Local\Temp\feizashan.exe

          Filesize

          5.9MB

          MD5

          e5777dd1c12775eedbbc413ae70414ac

          SHA1

          69e5a7cfabde4dad6b0d8cc0654e644de8657645

          SHA256

          b4533d48dedbb8bd30a79e21b4bea37222d704c3468bbd3e1b0ff513bca0a5f5

          SHA512

          126a80709e8c043b08909a7fc56fac80d8c4b37dd18f253594361dcc88d1f24c8ff531114dca45144fec53fe24a2f20c536c58f631e612baeb872e5db088fd75

        • C:\Users\Admin\AppData\Local\Temp\feizashan.exe

          Filesize

          5.9MB

          MD5

          e5777dd1c12775eedbbc413ae70414ac

          SHA1

          69e5a7cfabde4dad6b0d8cc0654e644de8657645

          SHA256

          b4533d48dedbb8bd30a79e21b4bea37222d704c3468bbd3e1b0ff513bca0a5f5

          SHA512

          126a80709e8c043b08909a7fc56fac80d8c4b37dd18f253594361dcc88d1f24c8ff531114dca45144fec53fe24a2f20c536c58f631e612baeb872e5db088fd75

        • C:\Users\Admin\AppData\Local\Temp\na.edb

          Filesize

          912B

          MD5

          5d3a45abfd1a5aabf031f37b97ecd347

          SHA1

          53bbb0c89ceae3feeed74d2da54e28848710b7d3

          SHA256

          26bf2b503ac921b85a10bcfe669a1d9f1dd5ab4769e695d567db204d3ea19c0d

          SHA512

          2b7c65578b2ba7bd74062a5563872e578adbd978bd42773198b49471d067070e6d19339028a5163403819d0924d2c9e72f85028f82626d75ab90f50426cb0d4b

        • C:\Users\Admin\AppData\Local\Temp\ÅäÖÃ.ini

          Filesize

          122B

          MD5

          89563a6f6d0b666313b8a8d62c9d03eb

          SHA1

          abd494408843560ad50756d2fb07f1b03943a1b1

          SHA256

          48bfbc817c1379ab208ebf18a3287c398ee53d908ef0a4b68cd01c377fb0e325

          SHA512

          1310180f853245b37cde5e8f8229b06e56a99ed2de747fa2109561671d09bf01d1c820e72bc8c7aa03ed21af1d924efb487e2dc5ef464489dc48bf9a270ded43

        • \Users\Admin\AppData\Local\Temp\feizashan.exe

          Filesize

          5.9MB

          MD5

          e5777dd1c12775eedbbc413ae70414ac

          SHA1

          69e5a7cfabde4dad6b0d8cc0654e644de8657645

          SHA256

          b4533d48dedbb8bd30a79e21b4bea37222d704c3468bbd3e1b0ff513bca0a5f5

          SHA512

          126a80709e8c043b08909a7fc56fac80d8c4b37dd18f253594361dcc88d1f24c8ff531114dca45144fec53fe24a2f20c536c58f631e612baeb872e5db088fd75

        • \Users\Admin\AppData\Local\Temp\feizashan.exe

          Filesize

          5.9MB

          MD5

          e5777dd1c12775eedbbc413ae70414ac

          SHA1

          69e5a7cfabde4dad6b0d8cc0654e644de8657645

          SHA256

          b4533d48dedbb8bd30a79e21b4bea37222d704c3468bbd3e1b0ff513bca0a5f5

          SHA512

          126a80709e8c043b08909a7fc56fac80d8c4b37dd18f253594361dcc88d1f24c8ff531114dca45144fec53fe24a2f20c536c58f631e612baeb872e5db088fd75