59613bb3985a9b60853d8df6d194dd9a26abe441b7ea8174dbfc8bffd6d85eaa

Analysis

max time kernel
148s
max time network
126s
platform
windows7_x64
resource
win7-20230712-en
resource tags

arch:x64arch:x86image:win7-20230712-enlocale:en-usos:windows7-x64system
submitted
29/08/2023, 21:13

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

59613bb3985a9b60853d8df6d194dd9a26abe441b7ea8174dbfc8bffd6d85eaa.exe
Size

4.4MB
MD5

7c5eaf86659eae7804376ab6da29dd42
SHA1

5a2143282ce601b13344954a6e5a7b244f960cf2
SHA256

59613bb3985a9b60853d8df6d194dd9a26abe441b7ea8174dbfc8bffd6d85eaa
SHA512

9049d9082f81f8d62e7fe08dd079321a0b3d849a9e8b72afa8469bafe1284fc624df904bb1f36a5fe0d30d9f3e3971c17eaf678760494bf92d369457a79bf14b
SSDEEP

98304:4RJDQOUK5VVs0tA+tJ/7fwMaTmmneLtAxccKnktoK3ExvfamAZldb5+u4pTSACH:4TDQOUKFsWA+tJ/MNCBjutoK3EgRld1/

Score

6^/10

bootkit persistence

Malware Config

Signatures

Writes to the Master Boot Record (MBR) 1 TTPs 1 IoCs

Bootkits write to the MBR to gain persistence at a level below the operating system.

bootkit persistence

Bootkit

T1542.003

description	ioc	Process
File opened for modification	\??\PhysicalDrive0	59613bb3985a9b60853d8df6d194dd9a26abe441b7ea8174dbfc8bffd6d85eaa.exe

Suspicious use of NtSetInformationThreadHideFromDebugger 28 IoCs

pid	Process
1260	59613bb3985a9b60853d8df6d194dd9a26abe441b7ea8174dbfc8bffd6d85eaa.exe
1260	59613bb3985a9b60853d8df6d194dd9a26abe441b7ea8174dbfc8bffd6d85eaa.exe
1260	59613bb3985a9b60853d8df6d194dd9a26abe441b7ea8174dbfc8bffd6d85eaa.exe
1260	59613bb3985a9b60853d8df6d194dd9a26abe441b7ea8174dbfc8bffd6d85eaa.exe
1260	59613bb3985a9b60853d8df6d194dd9a26abe441b7ea8174dbfc8bffd6d85eaa.exe
1260	59613bb3985a9b60853d8df6d194dd9a26abe441b7ea8174dbfc8bffd6d85eaa.exe
1260	59613bb3985a9b60853d8df6d194dd9a26abe441b7ea8174dbfc8bffd6d85eaa.exe
1260	59613bb3985a9b60853d8df6d194dd9a26abe441b7ea8174dbfc8bffd6d85eaa.exe
1260	59613bb3985a9b60853d8df6d194dd9a26abe441b7ea8174dbfc8bffd6d85eaa.exe
1260	59613bb3985a9b60853d8df6d194dd9a26abe441b7ea8174dbfc8bffd6d85eaa.exe
1260	59613bb3985a9b60853d8df6d194dd9a26abe441b7ea8174dbfc8bffd6d85eaa.exe
1260	59613bb3985a9b60853d8df6d194dd9a26abe441b7ea8174dbfc8bffd6d85eaa.exe
1260	59613bb3985a9b60853d8df6d194dd9a26abe441b7ea8174dbfc8bffd6d85eaa.exe
1260	59613bb3985a9b60853d8df6d194dd9a26abe441b7ea8174dbfc8bffd6d85eaa.exe
1260	59613bb3985a9b60853d8df6d194dd9a26abe441b7ea8174dbfc8bffd6d85eaa.exe
1260	59613bb3985a9b60853d8df6d194dd9a26abe441b7ea8174dbfc8bffd6d85eaa.exe
1260	59613bb3985a9b60853d8df6d194dd9a26abe441b7ea8174dbfc8bffd6d85eaa.exe
1260	59613bb3985a9b60853d8df6d194dd9a26abe441b7ea8174dbfc8bffd6d85eaa.exe
1260	59613bb3985a9b60853d8df6d194dd9a26abe441b7ea8174dbfc8bffd6d85eaa.exe
1260	59613bb3985a9b60853d8df6d194dd9a26abe441b7ea8174dbfc8bffd6d85eaa.exe
1260	59613bb3985a9b60853d8df6d194dd9a26abe441b7ea8174dbfc8bffd6d85eaa.exe
1260	59613bb3985a9b60853d8df6d194dd9a26abe441b7ea8174dbfc8bffd6d85eaa.exe
1260	59613bb3985a9b60853d8df6d194dd9a26abe441b7ea8174dbfc8bffd6d85eaa.exe
1260	59613bb3985a9b60853d8df6d194dd9a26abe441b7ea8174dbfc8bffd6d85eaa.exe
1260	59613bb3985a9b60853d8df6d194dd9a26abe441b7ea8174dbfc8bffd6d85eaa.exe
1260	59613bb3985a9b60853d8df6d194dd9a26abe441b7ea8174dbfc8bffd6d85eaa.exe
1260	59613bb3985a9b60853d8df6d194dd9a26abe441b7ea8174dbfc8bffd6d85eaa.exe
1260	59613bb3985a9b60853d8df6d194dd9a26abe441b7ea8174dbfc8bffd6d85eaa.exe

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
1260	59613bb3985a9b60853d8df6d194dd9a26abe441b7ea8174dbfc8bffd6d85eaa.exe
1260	59613bb3985a9b60853d8df6d194dd9a26abe441b7ea8174dbfc8bffd6d85eaa.exe

C:\Users\Admin\AppData\Local\Temp\59613bb3985a9b60853d8df6d194dd9a26abe441b7ea8174dbfc8bffd6d85eaa.exe
"C:\Users\Admin\AppData\Local\Temp\59613bb3985a9b60853d8df6d194dd9a26abe441b7ea8174dbfc8bffd6d85eaa.exe"
1⤵
- Writes to the Master Boot Record (MBR)
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious use of SetWindowsHookEx
PID:1260

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Pre-OS Boot

T1542

Bootkit

T1542.003

Privilege Escalation

Defense Evasion

Pre-OS Boot

T1542

Bootkit

T1542.003

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1260-0-0x0000000000400000-0x0000000000F63000-memory.dmp

Filesize
11.4MB

Download
memory/1260-1-0x0000000075B30000-0x0000000075B77000-memory.dmp

Filesize
284KB

Download
memory/1260-812-0x0000000002CB0000-0x0000000002DC1000-memory.dmp

Filesize
1.1MB

Download
memory/1260-811-0x0000000002CB0000-0x0000000002DC1000-memory.dmp

Filesize
1.1MB

Download
memory/1260-814-0x0000000002CB0000-0x0000000002DC1000-memory.dmp

Filesize
1.1MB

Download
memory/1260-818-0x0000000002CB0000-0x0000000002DC1000-memory.dmp

Filesize
1.1MB

Download
memory/1260-816-0x0000000002CB0000-0x0000000002DC1000-memory.dmp

Filesize
1.1MB

Download
memory/1260-820-0x0000000002CB0000-0x0000000002DC1000-memory.dmp

Filesize
1.1MB

Download
memory/1260-822-0x0000000002CB0000-0x0000000002DC1000-memory.dmp

Filesize
1.1MB

Download
memory/1260-824-0x0000000002CB0000-0x0000000002DC1000-memory.dmp

Filesize
1.1MB

Download
memory/1260-826-0x0000000002CB0000-0x0000000002DC1000-memory.dmp

Filesize
1.1MB

Download
memory/1260-830-0x0000000002CB0000-0x0000000002DC1000-memory.dmp

Filesize
1.1MB

Download
memory/1260-832-0x0000000002CB0000-0x0000000002DC1000-memory.dmp

Filesize
1.1MB

Download
memory/1260-828-0x0000000002CB0000-0x0000000002DC1000-memory.dmp

Filesize
1.1MB

Download
memory/1260-836-0x0000000002CB0000-0x0000000002DC1000-memory.dmp

Filesize
1.1MB

Download
memory/1260-834-0x0000000002CB0000-0x0000000002DC1000-memory.dmp

Filesize
1.1MB

Download
memory/1260-838-0x0000000002CB0000-0x0000000002DC1000-memory.dmp

Filesize
1.1MB

Download
memory/1260-842-0x0000000002CB0000-0x0000000002DC1000-memory.dmp

Filesize
1.1MB

Download
memory/1260-840-0x0000000002CB0000-0x0000000002DC1000-memory.dmp

Filesize
1.1MB

Download
memory/1260-844-0x0000000002CB0000-0x0000000002DC1000-memory.dmp

Filesize
1.1MB

Download
memory/1260-850-0x0000000002CB0000-0x0000000002DC1000-memory.dmp

Filesize
1.1MB

Download
memory/1260-848-0x0000000002CB0000-0x0000000002DC1000-memory.dmp

Filesize
1.1MB

Download
memory/1260-846-0x0000000002CB0000-0x0000000002DC1000-memory.dmp

Filesize
1.1MB

Download
memory/1260-854-0x0000000002CB0000-0x0000000002DC1000-memory.dmp

Filesize
1.1MB

Download
memory/1260-852-0x0000000002CB0000-0x0000000002DC1000-memory.dmp

Filesize
1.1MB

Download
memory/1260-856-0x0000000002CB0000-0x0000000002DC1000-memory.dmp

Filesize
1.1MB

Download
memory/1260-860-0x0000000002CB0000-0x0000000002DC1000-memory.dmp

Filesize
1.1MB

Download
memory/1260-858-0x0000000002CB0000-0x0000000002DC1000-memory.dmp

Filesize
1.1MB

Download
memory/1260-862-0x0000000002CB0000-0x0000000002DC1000-memory.dmp

Filesize
1.1MB

Download
memory/1260-868-0x0000000002CB0000-0x0000000002DC1000-memory.dmp

Filesize
1.1MB

Download
memory/1260-866-0x0000000002CB0000-0x0000000002DC1000-memory.dmp

Filesize
1.1MB

Download
memory/1260-864-0x0000000002CB0000-0x0000000002DC1000-memory.dmp

Filesize
1.1MB

Download
memory/1260-872-0x0000000002CB0000-0x0000000002DC1000-memory.dmp

Filesize
1.1MB

Download
memory/1260-870-0x0000000002CB0000-0x0000000002DC1000-memory.dmp

Filesize
1.1MB

Download
memory/1260-2547-0x0000000002B20000-0x0000000002CA1000-memory.dmp

Filesize
1.5MB

Download
memory/1260-8686-0x0000000002CB0000-0x0000000002DC1000-memory.dmp

Filesize
1.1MB

Download
memory/1260-8693-0x0000000000400000-0x0000000000F63000-memory.dmp

Filesize
11.4MB

Download
memory/1260-8695-0x0000000000360000-0x00000000003A0000-memory.dmp

Filesize
256KB

Download
memory/1260-8697-0x0000000000400000-0x0000000000F63000-memory.dmp

Filesize
11.4MB

Download
memory/1260-8698-0x0000000000360000-0x00000000003A0000-memory.dmp

Filesize
256KB

Download
memory/1260-8702-0x0000000000400000-0x0000000000F63000-memory.dmp

Filesize
11.4MB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads