ea5ccfdbf5fdf29f7984afd6e2dd13e8ab5072128dc361c463f7bd8ddc7d77e8

Analysis

max time kernel
122s
max time network
126s
platform
windows7_x64
resource
win7-20230712-en
resource tags

arch:x64arch:x86image:win7-20230712-enlocale:en-usos:windows7-x64system
submitted
23-07-2023 20:04

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

NA_NA_327badac6039c8exeexe_JC.exe
Size

1.8MB
MD5

327badac6039c8debf1be72dbf78d5b5
SHA1

685e7e3feac0f2f3b0be0bd6c6e9402de5eadebd
SHA256

ea5ccfdbf5fdf29f7984afd6e2dd13e8ab5072128dc361c463f7bd8ddc7d77e8
SHA512

2f704edb4909715ff8a0513fba2243f0a0590c4731d7bbf95560d33016c389c36a4f6119ee1b0cc9fd9a2d0ddea49b16e28214c68dff55b27dd87f2f9f348187
SSDEEP

24576:EBgfFUqV89IQ48LVZyRx5zzbCDOnkkoqbWadw4BagBzX+lGB3kOOeSWosqj2fY72:E3Tnkow+lnOOexaXV8

Score

7^/10

bootkit persistence upx

Malware Config

Signatures

UPX packed file 2 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

Processes:

resource	yara_rule
behavioral1/memory/3012-60-0x0000000010000000-0x000000001000B000-memory.dmp	upx
behavioral1/memory/3012-62-0x0000000010000000-0x000000001000B000-memory.dmp	upx

Writes to the Master Boot Record (MBR) 1 TTPs 1 IoCs
Bootkits write to the MBR to gain persistence at a level below the operating system.
bootkit persistence

Bootkit
T1542.003

Processes:

NA_NA_327badac6039c8exeexe_JC.exe

description ioc process

File opened for modification \??\PhysicalDrive0 NA_NA_327badac6039c8exeexe_JC.exe

description	ioc	process
File opened for modification	\??\PhysicalDrive0	NA_NA_327badac6039c8exeexe_JC.exe

C:\Users\Admin\AppData\Local\Temp\NA_NA_327badac6039c8exeexe_JC.exe
"C:\Users\Admin\AppData\Local\Temp\NA_NA_327badac6039c8exeexe_JC.exe"
1⤵
- Writes to the Master Boot Record (MBR)
PID:3012

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Pre-OS Boot

T1542

Bootkit

T1542.003

Privilege Escalation

Defense Evasion

Pre-OS Boot

T1542

Bootkit

T1542.003

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

memory/3012-54-0x0000000001F00000-0x0000000002028000-memory.dmp

Filesize
1.2MB

Download
memory/3012-57-0x0000000000220000-0x0000000000221000-memory.dmp

Filesize
4KB

Download
memory/3012-60-0x0000000010000000-0x000000001000B000-memory.dmp

Filesize
44KB

Download
memory/3012-61-0x0000000001F00000-0x0000000002028000-memory.dmp

Filesize
1.2MB

Download
memory/3012-62-0x0000000010000000-0x000000001000B000-memory.dmp

Filesize
44KB

Download