Analysis
-
max time kernel
149s -
max time network
33s -
platform
windows7_x64 -
resource
win7-20230220-en -
resource tags
-
submitted
14-06-2023 18:03
General
-
Target
Qemu启动测试器.exe
-
Size
3.0MB
-
MD5
017e84bf04407f1282cdd3e472f0e69c
-
SHA1
208e776f2138c2f29394916bf8cc091745dfbccd
-
SHA256
bd231c53660f048d52e57262995e2df144262050a7f0d250b0e15ed192a75691
-
SHA512
c002ecb88992cf8e3246d1fe229cd8381f9e1aef22e6090c1fae5f5aaef778afed0c858115aaf671459b23a5eacbd7223064bf33af105e4ac67a6a16979ca7f4
-
SSDEEP
49152:b8ep2+XDhj2hKdu1SRuX6VFm7N++3HqXz2gTf1iwyJPw5j32Zw59k:bJ2+Xd6ME625yD8xBC3249k
Score
6/10
Malware Config
Signatures
-
Writes to the Master Boot Record (MBR) 1 TTPs 1 IoCs
Bootkits write to the MBR to gain persistence at a level below the operating system.
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Suspicious behavior: EnumeratesProcesses 64 IoCs
-
Suspicious use of AdjustPrivilegeToken 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\Qemu启动测试器.exe"C:\Users\Admin\AppData\Local\Temp\Qemu启动测试器.exe"1⤵
- Writes to the Master Boot Record (MBR)
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
Network
MITRE ATT&CK Matrix ATT&CK v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/1720-54-0x0000000000400000-0x0000000000768000-memory.dmpFilesize
3.4MB
-
memory/1720-55-0x0000000000400000-0x0000000000768000-memory.dmpFilesize
3.4MB
-
memory/1720-56-0x0000000000400000-0x0000000000768000-memory.dmpFilesize
3.4MB
-
memory/1720-90-0x00000000001C0000-0x00000000001D0000-memory.dmpFilesize
64KB
-
memory/1720-89-0x00000000001C0000-0x00000000001D0000-memory.dmpFilesize
64KB
-
memory/1720-91-0x00000000001C0000-0x00000000001D0000-memory.dmpFilesize
64KB
-
memory/1720-93-0x0000000000400000-0x0000000000768000-memory.dmpFilesize
3.4MB
-
memory/1720-95-0x00000000001C0000-0x00000000001D0000-memory.dmpFilesize
64KB
-
memory/1720-98-0x00000000001C0000-0x00000000001D0000-memory.dmpFilesize
64KB
-
memory/1720-97-0x00000000001C0000-0x00000000001D0000-memory.dmpFilesize
64KB
-
memory/1720-96-0x00000000001C0000-0x00000000001D0000-memory.dmpFilesize
64KB
-
memory/1720-94-0x00000000001C0000-0x00000000001D0000-memory.dmpFilesize
64KB
-
memory/1720-92-0x00000000001C0000-0x00000000001D0000-memory.dmpFilesize
64KB
-
memory/1720-99-0x00000000001C0000-0x00000000001D0000-memory.dmpFilesize
64KB
-
memory/1720-100-0x0000000000400000-0x0000000000768000-memory.dmpFilesize
3.4MB
-
memory/1720-101-0x0000000000400000-0x0000000000768000-memory.dmpFilesize
3.4MB
-
memory/1720-102-0x0000000000400000-0x0000000000768000-memory.dmpFilesize
3.4MB
-
memory/1720-103-0x0000000000400000-0x0000000000768000-memory.dmpFilesize
3.4MB
-
memory/1720-104-0x0000000000400000-0x0000000000768000-memory.dmpFilesize
3.4MB
-
memory/1720-105-0x0000000000400000-0x0000000000768000-memory.dmpFilesize
3.4MB
-
memory/1720-106-0x0000000000400000-0x0000000000768000-memory.dmpFilesize
3.4MB
-
memory/1720-107-0x0000000000400000-0x0000000000768000-memory.dmpFilesize
3.4MB
-
memory/1720-108-0x0000000000400000-0x0000000000768000-memory.dmpFilesize
3.4MB
-
memory/1720-109-0x0000000000400000-0x0000000000768000-memory.dmpFilesize
3.4MB
-
memory/1720-110-0x0000000000400000-0x0000000000768000-memory.dmpFilesize
3.4MB
-
memory/1720-111-0x0000000000400000-0x0000000000768000-memory.dmpFilesize
3.4MB
-
memory/1720-112-0x0000000000400000-0x0000000000768000-memory.dmpFilesize
3.4MB
-
memory/1720-113-0x0000000000400000-0x0000000000768000-memory.dmpFilesize
3.4MB
-
memory/1720-114-0x0000000000400000-0x0000000000768000-memory.dmpFilesize
3.4MB