Overview

overview

6

Static

static

3

e90a5d12a3...61.exe

windows7-x64

6

e90a5d12a3...61.exe

windows10-2004-x64

6

Analysis

  • max time kernel
    141s
  • max time network
    121s
  • platform
    windows7_x64
  • resource
    win7-20230831-en
  • resource tags

    arch:x64arch:x86image:win7-20230831-enlocale:en-usos:windows7-x64system
  • submitted
    08/10/2023, 04:08

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    e90a5d12a37b56b6db35f8f04b49e6224bbc9d5b0e0a5ad319c30f32c2e85861.exe

  • Size

    4.8MB

  • MD5

    6d88ff323d79bec07b8f05512b788c7b

  • SHA1

    d4643d5cbfd2f63baa2aab3c93019eadf7098238

  • SHA256

    e90a5d12a37b56b6db35f8f04b49e6224bbc9d5b0e0a5ad319c30f32c2e85861

  • SHA512

    7f2b914d3d4606fb0c10429b6bb34621de0a46d00aa5d3a587973a70bb8e250a629f95b6589ea94edd1020dbc4e54ce0a283ee022da70f990596fd75d6373ee5

  • SSDEEP

    98304:sGxpLcyusiCv+mAfXirOzKrfnhPpgAAotPPRLy74N4OukzPaWGZq0fq:NVvTOyh+yPNy8NLukLaWGZb

Score
6/10
bootkitpersistence

Malware Config

Signatures

  • Writes to the Master Boot Record (MBR) 1 TTPs 1 IoCs

    Bootkits write to the MBR to gain persistence at a level below the operating system.

    bootkitpersistence
  • Suspicious use of NtSetInformationThreadHideFromDebugger 3 IoCs
  • Suspicious use of SetWindowsHookEx 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\e90a5d12a37b56b6db35f8f04b49e6224bbc9d5b0e0a5ad319c30f32c2e85861.exe
    "C:\Users\Admin\AppData\Local\Temp\e90a5d12a37b56b6db35f8f04b49e6224bbc9d5b0e0a5ad319c30f32c2e85861.exe"
    1⤵
    • Writes to the Master Boot Record (MBR)
    • Suspicious use of NtSetInformationThreadHideFromDebugger
    • Suspicious use of SetWindowsHookEx
    PID:2152

Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Users\Admin\AppData\Local\Temp\atrace.dll
          Filesize

          108KB

          MD5

          30c2df6ada9e0d888a5480dbc64df3ed

          SHA1

          9aa5e8b136a3e01edd5765f49ff5b2dc9eafd866

          SHA256

          f0e235b09c118b03371020358f2684c44d17454964fbfd0776deb7499f4f09ba

          SHA512

          0083511131ea38afaf80a4a83561797572d86378e1ee682bbe62dfe72298cea870e0a36e33facb393a1c04ed71a24bba325074d7237323f74e6eaef1e7720acc

          Download Submit

        • C:\Users\Admin\AppData\Local\Temp\atrace.dll.bak
          Filesize

          108KB

          MD5

          ef223e0b9510157f36c68adf6809a9fa

          SHA1

          315dd983d3223ff72b203417c9efe2ba5edf760e

          SHA256

          74a35ae7d4d62b8c3c9d064f616fc5ea05ef89b7c1e6cf7538b8913b2a1b44c3

          SHA512

          a1d0e368a3d79c8a7d3ddf083cdaacb46bfbb41510e7d1b987f987b9cd57504fe37ddb33b1308dbb9c6d7a85ace0a52630a080a304465159e6613574edf6a974

          Download Submit

        • C:\Users\Admin\AppData\Local\Temp\atrace.ldb
          Filesize

          64B

          MD5

          39c2a37d34f68780987f1d6170089c21

          SHA1

          bb7d67fdece755588957ce4b905ef5c006d1622d

          SHA256

          feb232092d0a645f2116afd532aa91da9ad80889df9c0bc4439ae52ea1efff91

          SHA512

          cda19f7a4e09276563064e0f319fb74a8bfaec47ac8d8e7448058a1eebe2a56450bb76ec22edfec280b05d21c106230b91d86c94260e3167ae509f434afac1bf

          Download Submit

        • memory/2152-38-0x0000000000400000-0x00000000013B7000-memory.dmp

          Filesize

          15.7MB

          Download

        • memory/2152-40-0x0000000000400000-0x00000000013B7000-memory.dmp

          Filesize

          15.7MB

          Download

        • memory/2152-1-0x0000000000400000-0x00000000013B7000-memory.dmp

          Filesize

          15.7MB

          Download

        • memory/2152-34-0x0000000000400000-0x00000000013B7000-memory.dmp

          Filesize

          15.7MB

          Download

        • memory/2152-35-0x0000000000400000-0x00000000013B7000-memory.dmp

          Filesize

          15.7MB

          Download

        • memory/2152-36-0x0000000000400000-0x00000000013B7000-memory.dmp

          Filesize

          15.7MB

          Download

        • memory/2152-37-0x0000000000400000-0x00000000013B7000-memory.dmp

          Filesize

          15.7MB

          Download

        • memory/2152-0-0x0000000000400000-0x00000000013B7000-memory.dmp

          Filesize

          15.7MB

          Download

        • memory/2152-39-0x0000000000400000-0x00000000013B7000-memory.dmp

          Filesize

          15.7MB

          Download

        • memory/2152-2-0x00000000003E0000-0x00000000003E8000-memory.dmp

          Filesize

          32KB

          Download

        • memory/2152-41-0x0000000000400000-0x00000000013B7000-memory.dmp

          Filesize

          15.7MB

          Download

        • memory/2152-42-0x0000000000400000-0x00000000013B7000-memory.dmp

          Filesize

          15.7MB

          Download

        • memory/2152-43-0x0000000000400000-0x00000000013B7000-memory.dmp

          Filesize

          15.7MB

          Download

        • memory/2152-44-0x0000000000400000-0x00000000013B7000-memory.dmp

          Filesize

          15.7MB

          Download

        • memory/2152-45-0x0000000000400000-0x00000000013B7000-memory.dmp

          Filesize

          15.7MB

          Download

        • memory/2152-46-0x0000000000400000-0x00000000013B7000-memory.dmp

          Filesize

          15.7MB

          Download

        • memory/2152-47-0x0000000000400000-0x00000000013B7000-memory.dmp

          Filesize

          15.7MB

          Download

        • memory/2152-48-0x0000000000400000-0x00000000013B7000-memory.dmp

          Filesize

          15.7MB

          Download

        • memory/2152-49-0x0000000000400000-0x00000000013B7000-memory.dmp

          Filesize

          15.7MB

          Download