c3f2d5937e10ca109e108de7f108caf76a367ddb432dbabb6e24861c5dc318cb

Analysis

max time kernel
140s
max time network
144s
platform
windows7_x64
resource
win7-20230621-en
resource tags

arch:x64arch:x86image:win7-20230621-enlocale:en-usos:windows7-x64system
submitted
30/06/2023, 12:52

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

VLTKBacdau.exe
Size

1.6MB
MD5

03e8111dd82352ceab22be5f11a722fc
SHA1

1ec0b8d8939090c2ffdd5f263acb47bcc0249ad2
SHA256

c3f2d5937e10ca109e108de7f108caf76a367ddb432dbabb6e24861c5dc318cb
SHA512

d4e9de344722c8d64931a44c69d2fe561b9d36d0ccf33ac89ecfe371d3c7a4c805b051b6f8fc3816580862ba252eef3ada472bf96dd047e5bfc9a4b96d192728
SSDEEP

24576:Z4ZpzhQCVzj5vV+ujDkqipWpLMh2FW2Q0a9t/z6eYUWwXDDzdBE0BJsV8s1rAOtH:Z4ZppemiYMh2F+BWwXDvWB

Score

6^/10

bootkit persistence

Malware Config

Signatures

Writes to the Master Boot Record (MBR) 1 TTPs 1 IoCs

Bootkits write to the MBR to gain persistence at a level below the operating system.

bootkit persistence

Bootkit

T1067

description	ioc	Process
File opened for modification	\??\PhysicalDrive0	VLTKBacdau.exe

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	1196	VLTKBacdau.exe

C:\Users\Admin\AppData\Local\Temp\VLTKBacdau.exe
"C:\Users\Admin\AppData\Local\Temp\VLTKBacdau.exe"
1⤵
- Writes to the Master Boot Record (MBR)
- Suspicious use of AdjustPrivilegeToken
PID:1196

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Bootkit

T1067

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1196-54-0x00000000013D0000-0x0000000001572000-memory.dmp

Filesize
1.6MB

Download
memory/1196-55-0x00000000003D0000-0x00000000003E0000-memory.dmp

Filesize
64KB

Download
memory/1196-56-0x0000000004DA0000-0x0000000004DE0000-memory.dmp

Filesize
256KB

Download
memory/1196-57-0x0000000004DA0000-0x0000000004DE0000-memory.dmp

Filesize
256KB

Download
memory/1196-58-0x00000000007C0000-0x00000000007C1000-memory.dmp

Filesize
4KB

Download
memory/1196-59-0x00000000007C0000-0x00000000007C1000-memory.dmp

Filesize
4KB

Download
memory/1196-60-0x00000000007C0000-0x00000000007C1000-memory.dmp

Filesize
4KB

Download
memory/1196-61-0x00000000007C0000-0x00000000007C1000-memory.dmp

Filesize
4KB

Download
memory/1196-62-0x00000000007C0000-0x00000000007C1000-memory.dmp

Filesize
4KB

Download
memory/1196-63-0x00000000007C0000-0x00000000007C1000-memory.dmp

Filesize
4KB

Download
memory/1196-64-0x00000000007C0000-0x00000000007C1000-memory.dmp

Filesize
4KB

Download
memory/1196-65-0x00000000007C0000-0x00000000007C1000-memory.dmp

Filesize
4KB

Download
memory/1196-66-0x00000000007C0000-0x00000000007C1000-memory.dmp

Filesize
4KB

Download
memory/1196-67-0x00000000007C0000-0x00000000007C1000-memory.dmp

Filesize
4KB

Download
memory/1196-68-0x00000000007C0000-0x00000000007C1000-memory.dmp

Filesize
4KB

Download
memory/1196-69-0x00000000007C0000-0x00000000007C1000-memory.dmp

Filesize
4KB

Download
memory/1196-73-0x00000000007C0000-0x00000000007C1000-memory.dmp

Filesize
4KB

Download
memory/1196-72-0x00000000007C0000-0x00000000007C1000-memory.dmp

Filesize
4KB

Download
memory/1196-71-0x00000000007C0000-0x00000000007C1000-memory.dmp

Filesize
4KB

Download
memory/1196-70-0x00000000007C0000-0x00000000007C1000-memory.dmp

Filesize
4KB

Download
memory/1196-74-0x0000000004DA0000-0x0000000004DE0000-memory.dmp

Filesize
256KB

Download
memory/1196-76-0x00000000007C0000-0x00000000007C1000-memory.dmp

Filesize
4KB

Download
memory/1196-77-0x00000000007C0000-0x00000000007C1000-memory.dmp

Filesize
4KB

Download
memory/1196-78-0x00000000007C0000-0x00000000007C1000-memory.dmp

Filesize
4KB

Download
memory/1196-79-0x00000000007C0000-0x00000000007C1000-memory.dmp

Filesize
4KB

Download
memory/1196-80-0x00000000007C0000-0x00000000007C1000-memory.dmp

Filesize
4KB

Download
memory/1196-81-0x00000000007C0000-0x00000000007C1000-memory.dmp

Filesize
4KB

Download
memory/1196-82-0x00000000007C0000-0x00000000007C1000-memory.dmp

Filesize
4KB

Download
memory/1196-83-0x00000000007C0000-0x00000000007C1000-memory.dmp

Filesize
4KB

Download
memory/1196-84-0x00000000007C0000-0x00000000007C1000-memory.dmp

Filesize
4KB

Download
memory/1196-85-0x00000000007C0000-0x00000000007C1000-memory.dmp

Filesize
4KB

Download
memory/1196-86-0x00000000007C0000-0x00000000007C1000-memory.dmp

Filesize
4KB

Download
memory/1196-87-0x0000000004DA0000-0x0000000004DE0000-memory.dmp

Filesize
256KB

Download
memory/1196-88-0x0000000004DA0000-0x0000000004DE0000-memory.dmp

Filesize
256KB

Download