Overview

overview

6

Static

static

3

9f68e1fbaa...74.exe

windows7-x64

6

9f68e1fbaa...74.exe

windows10-2004-x64

6

Analysis

  • max time kernel
    122s
  • max time network
    125s
  • platform
    windows7_x64
  • resource
    win7-20230831-en
  • resource tags

    arch:x64arch:x86image:win7-20230831-enlocale:en-usos:windows7-x64system
  • submitted
    18/09/2023, 23:45

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    9f68e1fbaa2fae7de2f5b57822a71366fa3cee9342e02112fd459647ef3b6d74.exe

  • Size

    4.1MB

  • MD5

    dd669e99f4497aa6ef4cbdd4dff5c85b

  • SHA1

    b9340040d8d549c387808d7f14d402a8e363c761

  • SHA256

    9f68e1fbaa2fae7de2f5b57822a71366fa3cee9342e02112fd459647ef3b6d74

  • SHA512

    21b2ab2b5def4bebc385d6b120287cd524e47bda31c59219c47d1b9c8dd599e1d0fed479c2988d19615194d88490f7bd7e26d50fe1f94195f586beb2a4824726

  • SSDEEP

    98304:zav8BB0EbQfJEzxWzFXWqeAwDpVOStiEhylpYm9n:xMzEzkzFXe79VRtLIion

Score
6/10
bootkitpersistence

Malware Config

Signatures

  • Writes to the Master Boot Record (MBR) 1 TTPs 1 IoCs

    Bootkits write to the MBR to gain persistence at a level below the operating system.

    bootkitpersistence
  • Suspicious use of NtSetInformationThreadHideFromDebugger 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\9f68e1fbaa2fae7de2f5b57822a71366fa3cee9342e02112fd459647ef3b6d74.exe
    "C:\Users\Admin\AppData\Local\Temp\9f68e1fbaa2fae7de2f5b57822a71366fa3cee9342e02112fd459647ef3b6d74.exe"
    1⤵
    • Writes to the Master Boot Record (MBR)
    • Suspicious use of NtSetInformationThreadHideFromDebugger
    PID:240

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/240-0-0x0000000000400000-0x0000000000A53000-memory.dmp

    Filesize

    6.3MB

    Download

  • memory/240-1-0x00000000024E0000-0x00000000025B3000-memory.dmp

    Filesize

    844KB

    Download

  • memory/240-2-0x0000000000400000-0x0000000000A53000-memory.dmp

    Filesize

    6.3MB

    Download

  • memory/240-3-0x00000000024E0000-0x00000000025B3000-memory.dmp

    Filesize

    844KB

    Download