ab53f68d511054f93f24644e31eb2e29dd4c8a8e234ce6c74aef95c5de0b5d0c

Analysis

max time kernel
39s
max time network
48s
platform
windows10-2004_x64
resource
win10v2004-20230915-en
resource tags

arch:x64arch:x86image:win10v2004-20230915-enlocale:en-usos:windows10-2004-x64system
submitted
22/10/2023, 21:34

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

ab53f68d511054f93f24644e31eb2e29dd4c8a8e234ce6c74aef95c5de0b5d0c.exe
Size

12.3MB
MD5

bdb39115bcf0eb360a9b167176e8f019
SHA1

2caf01a06dac20237cc6d060e1f5d70c7eacc2dd
SHA256

ab53f68d511054f93f24644e31eb2e29dd4c8a8e234ce6c74aef95c5de0b5d0c
SHA512

d941347ad7e571d0d8f334e35e864aba5e519c06747739053f43f5e24b1a67cf19ad07bf10887296e8f2f1f2f805197ed4d4f019faa4111965192f1bc4256a18
SSDEEP

393216:rw4PtRh+ma1t2fJK15IFd5niDuefpUZQHB19md:U4PtRh+ma1QI15wniiefv9S

Score

6^/10

bootkit persistence

Malware Config

Signatures

Writes to the Master Boot Record (MBR) 1 TTPs 1 IoCs

Bootkits write to the MBR to gain persistence at a level below the operating system.

bootkit persistence

Bootkit

T1542.003

description	ioc	Process
File opened for modification	\??\PhysicalDrive0	ab53f68d511054f93f24644e31eb2e29dd4c8a8e234ce6c74aef95c5de0b5d0c.exe

Suspicious behavior: EnumeratesProcesses 12 IoCs

pid	Process
3544	ab53f68d511054f93f24644e31eb2e29dd4c8a8e234ce6c74aef95c5de0b5d0c.exe
3544	ab53f68d511054f93f24644e31eb2e29dd4c8a8e234ce6c74aef95c5de0b5d0c.exe
3544	ab53f68d511054f93f24644e31eb2e29dd4c8a8e234ce6c74aef95c5de0b5d0c.exe
3544	ab53f68d511054f93f24644e31eb2e29dd4c8a8e234ce6c74aef95c5de0b5d0c.exe
3544	ab53f68d511054f93f24644e31eb2e29dd4c8a8e234ce6c74aef95c5de0b5d0c.exe
3544	ab53f68d511054f93f24644e31eb2e29dd4c8a8e234ce6c74aef95c5de0b5d0c.exe
3544	ab53f68d511054f93f24644e31eb2e29dd4c8a8e234ce6c74aef95c5de0b5d0c.exe
3544	ab53f68d511054f93f24644e31eb2e29dd4c8a8e234ce6c74aef95c5de0b5d0c.exe
3544	ab53f68d511054f93f24644e31eb2e29dd4c8a8e234ce6c74aef95c5de0b5d0c.exe
3544	ab53f68d511054f93f24644e31eb2e29dd4c8a8e234ce6c74aef95c5de0b5d0c.exe
3544	ab53f68d511054f93f24644e31eb2e29dd4c8a8e234ce6c74aef95c5de0b5d0c.exe
3544	ab53f68d511054f93f24644e31eb2e29dd4c8a8e234ce6c74aef95c5de0b5d0c.exe

C:\Users\Admin\AppData\Local\Temp\ab53f68d511054f93f24644e31eb2e29dd4c8a8e234ce6c74aef95c5de0b5d0c.exe
"C:\Users\Admin\AppData\Local\Temp\ab53f68d511054f93f24644e31eb2e29dd4c8a8e234ce6c74aef95c5de0b5d0c.exe"
1⤵
- Writes to the Master Boot Record (MBR)
- Suspicious behavior: EnumeratesProcesses
PID:3544

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Pre-OS Boot

T1542

Bootkit

T1542.003

Privilege Escalation

Defense Evasion

Pre-OS Boot

T1542

Bootkit

T1542.003

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

memory/3544-0-0x0000000010000000-0x00000000100DA000-memory.dmp

Filesize
872KB

Download
memory/3544-8-0x00000000043F0000-0x000000000458D000-memory.dmp

Filesize
1.6MB

Download
memory/3544-18-0x00000000048E0000-0x00000000048F0000-memory.dmp

Filesize
64KB

Download
memory/3544-25-0x00000000048E0000-0x00000000048F0000-memory.dmp

Filesize
64KB

Download