Overview

overview

7

Static

static

3

eda29f2cd3...fd.exe

windows7-x64

7

eda29f2cd3...fd.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    142s
  • max time network
    157s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20230703-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20230703-enlocale:en-usos:windows10-2004-x64system
  • submitted
    19/08/2023, 19:45 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    eda29f2cd3bc097d3168f28c41b53b14ce8957f43722b4fc07a858abdd11b3fd.exe

  • Size

    3.6MB

  • MD5

    16282dffe7f28f76ed47d39651a4aca6

  • SHA1

    3e48a5235b4f15b16af477192417a01d66e073c9

  • SHA256

    eda29f2cd3bc097d3168f28c41b53b14ce8957f43722b4fc07a858abdd11b3fd

  • SHA512

    639b5b2bed68740f87e4fc53d02e500ade378ab6659b662c4fcea7486da2fd4452e05c1128a3220551e9d39aba85f0e6c52ef007555a6811e5a99b1c2e5fe6e3

  • SSDEEP

    49152:608OhxtUg9OUi82w6aQp9dgS1GUL38XhCOYc3iJXe9emEPGKOPkQThMYRZnm7LBC:608vdsGaQNgS1C6eTnuFzqTV

Score
7/10
bootkitpersistence

Malware Config

Signatures

  • Loads dropped DLL 1 IoCs
  • Enumerates connected drives 3 TTPs 1 IoCs

    Attempts to read the root path of hard drives other than the default C: drive.

  • Writes to the Master Boot Record (MBR) 1 TTPs 1 IoCs

    Bootkits write to the MBR to gain persistence at a level below the operating system.

    bootkitpersistence
  • Suspicious behavior: EnumeratesProcesses 2 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\eda29f2cd3bc097d3168f28c41b53b14ce8957f43722b4fc07a858abdd11b3fd.exe
    "C:\Users\Admin\AppData\Local\Temp\eda29f2cd3bc097d3168f28c41b53b14ce8957f43722b4fc07a858abdd11b3fd.exe"
    1⤵
    • Loads dropped DLL
    • Enumerates connected drives
    • Writes to the Master Boot Record (MBR)
    • Suspicious behavior: EnumeratesProcesses
    PID:3780

Network

  • flag-us
    DNS
    158.240.127.40.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    158.240.127.40.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    oth.eve.mdt.qq.com
    eda29f2cd3bc097d3168f28c41b53b14ce8957f43722b4fc07a858abdd11b3fd.exe
    Remote address:
    8.8.8.8:53
    Request
    oth.eve.mdt.qq.com
    IN A
    Response
    oth.eve.mdt.qq.com
    IN CNAME
    ins-5776sx9h.ias.tencent-cloud.net
    ins-5776sx9h.ias.tencent-cloud.net
    IN A
    101.33.47.206
    ins-5776sx9h.ias.tencent-cloud.net
    IN A
    101.33.47.68
  • flag-us
    DNS
    master.etl.desktop.qq.com
    eda29f2cd3bc097d3168f28c41b53b14ce8957f43722b4fc07a858abdd11b3fd.exe
    Remote address:
    8.8.8.8:53
    Request
    master.etl.desktop.qq.com
    IN A
    Response
    master.etl.desktop.qq.com
    IN CNAME
    masterconn11.qq.com
    masterconn11.qq.com
    IN A
    157.255.4.39
  • flag-us
    DNS
    206.47.33.101.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    206.47.33.101.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    39.4.255.157.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    39.4.255.157.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    17.160.190.20.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    17.160.190.20.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    59.128.231.4.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    59.128.231.4.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    59.128.231.4.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    59.128.231.4.in-addr.arpa
    IN PTR
  • flag-us
    DNS
    157.123.68.40.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    157.123.68.40.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    206.23.85.13.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    206.23.85.13.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    225.162.46.104.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    225.162.46.104.in-addr.arpa
    IN PTR
    Response
  • 101.33.47.206:8081
    oth.eve.mdt.qq.com
    eda29f2cd3bc097d3168f28c41b53b14ce8957f43722b4fc07a858abdd11b3fd.exe
    1.3kB
     386 B
     5
    4
  • 157.255.4.39:443
    master.etl.desktop.qq.com
    https
    eda29f2cd3bc097d3168f28c41b53b14ce8957f43722b4fc07a858abdd11b3fd.exe
    574 B
     192 B
     6
    4
  • 8.8.8.8:53
    158.240.127.40.in-addr.arpa
    dns
    73 B
     147 B
     1
    1

    DNS Request

    158.240.127.40.in-addr.arpa

  • 8.8.8.8:53
    oth.eve.mdt.qq.com
    dns
    eda29f2cd3bc097d3168f28c41b53b14ce8957f43722b4fc07a858abdd11b3fd.exe
    64 B
     144 B
     1
    1

    DNS Request

    oth.eve.mdt.qq.com

    DNS Response

    101.33.47.206
    101.33.47.68

  • 8.8.8.8:53
    master.etl.desktop.qq.com
    dns
    eda29f2cd3bc097d3168f28c41b53b14ce8957f43722b4fc07a858abdd11b3fd.exe
    71 B
     114 B
     1
    1

    DNS Request

    master.etl.desktop.qq.com

    DNS Response

    157.255.4.39

  • 8.8.8.8:53
    206.47.33.101.in-addr.arpa
    dns
    72 B
     129 B
     1
    1

    DNS Request

    206.47.33.101.in-addr.arpa

  • 8.8.8.8:53
    39.4.255.157.in-addr.arpa
    dns
    71 B
     126 B
     1
    1

    DNS Request

    39.4.255.157.in-addr.arpa

  • 8.8.8.8:53
    17.160.190.20.in-addr.arpa
    dns
    72 B
     158 B
     1
    1

    DNS Request

    17.160.190.20.in-addr.arpa

  • 8.8.8.8:53
    59.128.231.4.in-addr.arpa
    dns
    142 B
     157 B
     2
    1

    DNS Request

    59.128.231.4.in-addr.arpa

    DNS Request

    59.128.231.4.in-addr.arpa

  • 8.8.8.8:53
    157.123.68.40.in-addr.arpa
    dns
    72 B
     146 B
     1
    1

    DNS Request

    157.123.68.40.in-addr.arpa

  • 8.8.8.8:53
    206.23.85.13.in-addr.arpa
    dns
    71 B
     145 B
     1
    1

    DNS Request

    206.23.85.13.in-addr.arpa

  • 8.8.8.8:53
    225.162.46.104.in-addr.arpa
    dns
    73 B
     147 B
     1
    1

    DNS Request

    225.162.46.104.in-addr.arpa

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Tencent\TxGameAssistant\TGBDownloader\dr.dll
    Filesize

    74KB

    MD5

    2814acbd607ba47bdbcdf6ac3076ee95

    SHA1

    50ab892071bed2bb2365ca1d4bf5594e71c6b13b

    SHA256

    5904a7e4d97eeac939662c3638a0e145f64ff3dd0198f895c4bf0337595c6a67

    SHA512

    34c73014ffc8d38d6dd29f4f84c8f4f9ea971bc131f665f65b277f453504d5efc2d483a792cdea610c5e0544bf3997b132dcdbe37224912c5234c15cdb89d498

    Download Submit

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.