Overview

overview

7

Static

static

3

4f93a8d6ba...81.exe

windows7-x64

7

4f93a8d6ba...81.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    151s
  • max time network
    137s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20230703-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20230703-enlocale:en-usos:windows10-2004-x64system
  • submitted
    20/08/2023, 19:01

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    4f93a8d6ba99ff1b2a9e8b480b3fe0d3259668260073ff1b9e403c0c676d4781.exe

  • Size

    13.9MB

  • MD5

    80f508eff755034e451ba4f204683a15

  • SHA1

    12a07eaf9424dd1ceef85fff3ce62820fd4eb717

  • SHA256

    4f93a8d6ba99ff1b2a9e8b480b3fe0d3259668260073ff1b9e403c0c676d4781

  • SHA512

    c435292ed4d10a2b11eba57ac5ff9e2ea5d4e5913178d5137c886bb9c2ae6c43c2985a989774748eeb76c0d693b8e451ed77e3ad59c3e7536e93dc00cf2a2aa5

  • SSDEEP

    393216:hgCHPA3JsVCPjQYEusRdaxfP/2xrxkAQ7zVpd6:xHPA3J7MYEusRdax8yAQ9T6

Score
7/10
bootkitpersistenceupx

Malware Config

Signatures

  • ACProtect 1.3x - 1.4x DLL software 8 IoCs

    Detects file using ACProtect software.

  • Loads dropped DLL 6 IoCs
  • UPX packed file 56 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Writes to the Master Boot Record (MBR) 1 TTPs 1 IoCs

    Bootkits write to the MBR to gain persistence at a level below the operating system.

    bootkitpersistence
  • Modifies registry class 37 IoCs
  • Suspicious use of AdjustPrivilegeToken 2 IoCs
  • Suspicious use of SetWindowsHookEx 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\4f93a8d6ba99ff1b2a9e8b480b3fe0d3259668260073ff1b9e403c0c676d4781.exe
    "C:\Users\Admin\AppData\Local\Temp\4f93a8d6ba99ff1b2a9e8b480b3fe0d3259668260073ff1b9e403c0c676d4781.exe"
    1⤵
    • Loads dropped DLL
    • Writes to the Master Boot Record (MBR)
    • Modifies registry class
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of SetWindowsHookEx
    PID:3872

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\DmReg.dll
    Filesize

    17KB

    MD5

    c4ee552669705f3668d564ced2a32c0b

    SHA1

    72954ca98cd9d26638cc2d04a1e8f820e64e1b74

    SHA256

    06d6586943c7fd4360d10077f6b98365ed4aa4e0b7b551c97fcf98204dd78620

    SHA512

    0186058f7ee74cae9a0064e6ca3cf4f4bf2fed841741f043d3a0dcb0a00e56ea084277d7e43baa7de0c387defaa4fe18ec3536b714d392fcb0a38f832d41d3d5

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\DmReg.dll
    Filesize

    17KB

    MD5

    c4ee552669705f3668d564ced2a32c0b

    SHA1

    72954ca98cd9d26638cc2d04a1e8f820e64e1b74

    SHA256

    06d6586943c7fd4360d10077f6b98365ed4aa4e0b7b551c97fcf98204dd78620

    SHA512

    0186058f7ee74cae9a0064e6ca3cf4f4bf2fed841741f043d3a0dcb0a00e56ea084277d7e43baa7de0c387defaa4fe18ec3536b714d392fcb0a38f832d41d3d5

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\DmReg.dll
    Filesize

    17KB

    MD5

    c4ee552669705f3668d564ced2a32c0b

    SHA1

    72954ca98cd9d26638cc2d04a1e8f820e64e1b74

    SHA256

    06d6586943c7fd4360d10077f6b98365ed4aa4e0b7b551c97fcf98204dd78620

    SHA512

    0186058f7ee74cae9a0064e6ca3cf4f4bf2fed841741f043d3a0dcb0a00e56ea084277d7e43baa7de0c387defaa4fe18ec3536b714d392fcb0a38f832d41d3d5

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\dm.dll
    Filesize

    1.9MB

    MD5

    5609d85fb62da8c74878defb8b05bc6d

    SHA1

    1f13f921ee03200a461e1e1f393a7700fa42fb58

    SHA256

    0a2778c81f7cbcea2818a44f1dbd09dfa95fdf320c8ce8584953c069f537d6a9

    SHA512

    755dd173c3c57ec8aa2131b257555818bc146d44f49bde0e89b7b5bc8c3db9b7195558840b7fb438347119a55e069ce3e36959f1fc206987e452e9ad5412f0d1

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\dm.dll
    Filesize

    1.9MB

    MD5

    5609d85fb62da8c74878defb8b05bc6d

    SHA1

    1f13f921ee03200a461e1e1f393a7700fa42fb58

    SHA256

    0a2778c81f7cbcea2818a44f1dbd09dfa95fdf320c8ce8584953c069f537d6a9

    SHA512

    755dd173c3c57ec8aa2131b257555818bc146d44f49bde0e89b7b5bc8c3db9b7195558840b7fb438347119a55e069ce3e36959f1fc206987e452e9ad5412f0d1

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\dm.dll
    Filesize

    1.9MB

    MD5

    5609d85fb62da8c74878defb8b05bc6d

    SHA1

    1f13f921ee03200a461e1e1f393a7700fa42fb58

    SHA256

    0a2778c81f7cbcea2818a44f1dbd09dfa95fdf320c8ce8584953c069f537d6a9

    SHA512

    755dd173c3c57ec8aa2131b257555818bc146d44f49bde0e89b7b5bc8c3db9b7195558840b7fb438347119a55e069ce3e36959f1fc206987e452e9ad5412f0d1

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\dm.dll
    Filesize

    1.9MB

    MD5

    5609d85fb62da8c74878defb8b05bc6d

    SHA1

    1f13f921ee03200a461e1e1f393a7700fa42fb58

    SHA256

    0a2778c81f7cbcea2818a44f1dbd09dfa95fdf320c8ce8584953c069f537d6a9

    SHA512

    755dd173c3c57ec8aa2131b257555818bc146d44f49bde0e89b7b5bc8c3db9b7195558840b7fb438347119a55e069ce3e36959f1fc206987e452e9ad5412f0d1

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\dm.dll
    Filesize

    1.9MB

    MD5

    5609d85fb62da8c74878defb8b05bc6d

    SHA1

    1f13f921ee03200a461e1e1f393a7700fa42fb58

    SHA256

    0a2778c81f7cbcea2818a44f1dbd09dfa95fdf320c8ce8584953c069f537d6a9

    SHA512

    755dd173c3c57ec8aa2131b257555818bc146d44f49bde0e89b7b5bc8c3db9b7195558840b7fb438347119a55e069ce3e36959f1fc206987e452e9ad5412f0d1

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Ç¿»¯ÅäÖÃ.ini
    Filesize

    1KB

    MD5

    8804f56b2ace8dd4169922d73239dc3a

    SHA1

    1a41dab9881f68d6b0e8cbb961004b85fa870527

    SHA256

    cc5e1d96ce9191b714cd0d960ba38585449bce468efc5ec0484b120c1298b2d0

    SHA512

    dda1a9600ecfe330308c817c5fdad39eeaa72eff545facfc503f969d4475db0cfcde49283cf24cd0dbe74ba65c1d4bf000ae16cab27da764cc353f47cd35ba03

    Download Submit

  • memory/3872-157-0x0000000010000000-0x000000001003E000-memory.dmp

    Filesize

    248KB

    Download

  • memory/3872-259-0x0000000008BA0000-0x0000000008E16000-memory.dmp

    Filesize

    2.5MB

    Download

  • memory/3872-151-0x0000000010000000-0x000000001003E000-memory.dmp

    Filesize

    248KB

    Download

  • memory/3872-153-0x0000000010000000-0x000000001003E000-memory.dmp

    Filesize

    248KB

    Download

  • memory/3872-155-0x0000000010000000-0x000000001003E000-memory.dmp

    Filesize

    248KB

    Download

  • memory/3872-133-0x0000000010000000-0x000000001003E000-memory.dmp

    Filesize

    248KB

    Download

  • memory/3872-159-0x0000000010000000-0x000000001003E000-memory.dmp

    Filesize

    248KB

    Download

  • memory/3872-161-0x0000000010000000-0x000000001003E000-memory.dmp

    Filesize

    248KB

    Download

  • memory/3872-163-0x0000000010000000-0x000000001003E000-memory.dmp

    Filesize

    248KB

    Download

  • memory/3872-165-0x0000000010000000-0x000000001003E000-memory.dmp

    Filesize

    248KB

    Download

  • memory/3872-167-0x0000000010000000-0x000000001003E000-memory.dmp

    Filesize

    248KB

    Download

  • memory/3872-169-0x0000000010000000-0x000000001003E000-memory.dmp

    Filesize

    248KB

    Download

  • memory/3872-171-0x0000000010000000-0x000000001003E000-memory.dmp

    Filesize

    248KB

    Download

  • memory/3872-173-0x0000000010000000-0x000000001003E000-memory.dmp

    Filesize

    248KB

    Download

  • memory/3872-175-0x0000000010000000-0x000000001003E000-memory.dmp

    Filesize

    248KB

    Download

  • memory/3872-177-0x0000000010000000-0x000000001003E000-memory.dmp

    Filesize

    248KB

    Download

  • memory/3872-179-0x0000000010000000-0x000000001003E000-memory.dmp

    Filesize

    248KB

    Download

  • memory/3872-147-0x0000000010000000-0x000000001003E000-memory.dmp

    Filesize

    248KB

    Download

  • memory/3872-145-0x0000000010000000-0x000000001003E000-memory.dmp

    Filesize

    248KB

    Download

  • memory/3872-143-0x0000000010000000-0x000000001003E000-memory.dmp

    Filesize

    248KB

    Download

  • memory/3872-141-0x0000000010000000-0x000000001003E000-memory.dmp

    Filesize

    248KB

    Download

  • memory/3872-256-0x0000000008BA0000-0x0000000008E16000-memory.dmp

    Filesize

    2.5MB

    Download

  • memory/3872-253-0x0000000010000000-0x000000001003E000-memory.dmp

    Filesize

    248KB

    Download

  • memory/3872-149-0x0000000010000000-0x000000001003E000-memory.dmp

    Filesize

    248KB

    Download

  • memory/3872-260-0x0000000010000000-0x000000001003E000-memory.dmp

    Filesize

    248KB

    Download

  • memory/3872-139-0x0000000010000000-0x000000001003E000-memory.dmp

    Filesize

    248KB

    Download

  • memory/3872-267-0x0000000008BA0000-0x0000000008E16000-memory.dmp

    Filesize

    2.5MB

    Download

  • memory/3872-268-0x0000000008BA0000-0x0000000008E16000-memory.dmp

    Filesize

    2.5MB

    Download

  • memory/3872-138-0x0000000010000000-0x000000001003E000-memory.dmp

    Filesize

    248KB

    Download

  • memory/3872-274-0x0000000008F60000-0x0000000008F72000-memory.dmp

    Filesize

    72KB

    Download

  • memory/3872-135-0x0000000010000000-0x000000001003E000-memory.dmp

    Filesize

    248KB

    Download

  • memory/3872-137-0x0000000010000000-0x000000001003E000-memory.dmp

    Filesize

    248KB

    Download

  • memory/3872-136-0x0000000010000000-0x000000001003E000-memory.dmp

    Filesize

    248KB

    Download

  • memory/3872-276-0x0000000008F60000-0x0000000008F72000-memory.dmp

    Filesize

    72KB

    Download

  • memory/3872-277-0x0000000008BA0000-0x0000000008E16000-memory.dmp

    Filesize

    2.5MB

    Download

  • memory/3872-278-0x0000000008BA0000-0x0000000008E16000-memory.dmp

    Filesize

    2.5MB

    Download

  • memory/3872-279-0x0000000008F60000-0x0000000008F72000-memory.dmp

    Filesize

    72KB

    Download

  • memory/3872-280-0x0000000008BA0000-0x0000000008E16000-memory.dmp

    Filesize

    2.5MB

    Download

  • memory/3872-281-0x0000000008BA0000-0x0000000008E16000-memory.dmp

    Filesize

    2.5MB

    Download

  • memory/3872-282-0x0000000008BA0000-0x0000000008E16000-memory.dmp

    Filesize

    2.5MB

    Download

  • memory/3872-283-0x0000000008BA0000-0x0000000008E16000-memory.dmp

    Filesize

    2.5MB

    Download

  • memory/3872-285-0x0000000008BA0000-0x0000000008E16000-memory.dmp

    Filesize

    2.5MB

    Download

  • memory/3872-287-0x0000000008BA0000-0x0000000008E16000-memory.dmp

    Filesize

    2.5MB

    Download

  • memory/3872-289-0x0000000008BA0000-0x0000000008E16000-memory.dmp

    Filesize

    2.5MB

    Download

  • memory/3872-291-0x0000000008BA0000-0x0000000008E16000-memory.dmp

    Filesize

    2.5MB

    Download

  • memory/3872-293-0x0000000008BA0000-0x0000000008E16000-memory.dmp

    Filesize

    2.5MB

    Download

  • memory/3872-295-0x0000000008BA0000-0x0000000008E16000-memory.dmp

    Filesize

    2.5MB

    Download

  • memory/3872-297-0x0000000008BA0000-0x0000000008E16000-memory.dmp

    Filesize

    2.5MB

    Download