94e3a8f25dbff86ee6fe11ee045b70055357c08ae1723598a361c96eac5e2c24

Submit
Reports

Overview

overview

Static

static

Bootkits/5...1a.exe

windows7-x64

Bootkits/5...1a.exe

windows10-2004-x64

Bootkits/6...86.exe

windows7-x64

Bootkits/6...86.exe

windows10-2004-x64

Bootkits/8...f6.msi

windows7-x64

Bootkits/8...f6.msi

windows10-2004-x64

Bootkits/f...b1.exe

windows7-x64

Bootkits/f...b1.exe

windows10-2004-x64

Rootkits/0...c7.exe

windows7-x64

Rootkits/0...c7.exe

windows10-2004-x64

Rootkits/0...6d.exe

windows7-x64

Rootkits/0...6d.exe

windows10-2004-x64

Rootkits/0...ae.exe

windows7-x64

Rootkits/0...ae.exe

windows10-2004-x64

Rootkits/0...3e.exe

windows7-x64

Rootkits/0...3e.exe

windows10-2004-x64

Rootkits/0...10.exe

windows7-x64

Rootkits/0...10.exe

windows10-2004-x64

Rootkits/2...8e.dll

windows7-x64

Rootkits/2...8e.dll

windows10-2004-x64

Rootkits/2...a4.exe

windows7-x64

Rootkits/2...a4.exe

windows10-2004-x64

Rootkits/4...1b.exe

windows7-x64

Rootkits/4...1b.exe

windows10-2004-x64

Rootkits/6...d9.exe

windows7-x64

Rootkits/6...d9.exe

windows10-2004-x64

Rootkits/7...e8.exe

windows7-x64

Rootkits/7...e8.exe

windows10-2004-x64

Rootkits/8...22.exe

windows7-x64

Rootkits/8...22.exe

windows10-2004-x64

Rootkits/9...99.exe

windows7-x64

Rootkits/9...99.exe

windows10-2004-x64

Analysis

max time kernel
240s
max time network
305s
platform
windows7_x64
resource
win7-20231025-en
resource tags

arch:x64arch:x86image:win7-20231025-enlocale:en-usos:windows7-x64system
submitted
08-11-2023 03:15

Sharing

Copy URL

Twitter E-mail

Static task

static1

9 signatures

Behavioral task

behavioral1

Sample

Bootkits/5ef62c780d7c9f82dea098972f66d5b3367841913444933cdb779adaecd06d1a.exe

Resource

win7-20231023-en

windows7-x64

0 signatures

150 seconds

Behavioral task

behavioral2

Sample

Bootkits/5ef62c780d7c9f82dea098972f66d5b3367841913444933cdb779adaecd06d1a.exe

Resource

win10v2004-20231020-en

bootkit persistence

windows10-2004-x64

1 signatures

150 seconds

Behavioral task

behavioral3

Sample

Bootkits/6b0cd074a6c556f4d1fe0088c15160eb13f847974c4307f9eeeea4dc33d49286.exe

Resource

win7-20231023-en

windows7-x64

3 signatures

150 seconds

Behavioral task

behavioral4

Sample

Bootkits/6b0cd074a6c556f4d1fe0088c15160eb13f847974c4307f9eeeea4dc33d49286.exe

Resource

win10v2004-20231020-en

bootkit persistence

windows10-2004-x64

5 signatures

150 seconds

Behavioral task

behavioral5

Sample

Bootkits/8dcc573293ae9a545655a47e23f106738a190f5318c31124bd3a73b12f128df6.msi

Resource

win7-20231020-en

persistence

windows7-x64

11 signatures

150 seconds

Behavioral task

behavioral6

Sample

Bootkits/8dcc573293ae9a545655a47e23f106738a190f5318c31124bd3a73b12f128df6.msi

Resource

win10v2004-20231020-en

persistence

windows10-2004-x64

11 signatures

150 seconds

Behavioral task

behavioral7

Sample

Bootkits/f428b4d0673ae67472fbe212086e70eeb5b6876e80a74b59ff8ba3e6def5e9b1.exe

Resource

win7-20231025-en

windows7-x64

4 signatures

150 seconds

Behavioral task

behavioral8

Sample

Bootkits/f428b4d0673ae67472fbe212086e70eeb5b6876e80a74b59ff8ba3e6def5e9b1.exe

Resource

win10v2004-20231023-en

windows10-2004-x64

0 signatures

150 seconds

Behavioral task

behavioral9

Sample

Rootkits/03e903602037420acf4d1bc5084923c59385c5594f3a2de6fcf320bd4746d6c7.exe

Resource

win7-20231020-en

persistence

windows7-x64

5 signatures

150 seconds

Behavioral task

behavioral10

Sample

Rootkits/03e903602037420acf4d1bc5084923c59385c5594f3a2de6fcf320bd4746d6c7.exe

Resource

win10v2004-20231020-en

persistence

windows10-2004-x64

5 signatures

150 seconds

Behavioral task

behavioral11

Sample

Rootkits/044d94183a778f39e47f255fcb985d20bfd885771a74217cfbca9e63d7d9936d.exe

Resource

win7-20231023-en

evasion

windows7-x64

5 signatures

150 seconds

Behavioral task

behavioral12

Sample

Rootkits/044d94183a778f39e47f255fcb985d20bfd885771a74217cfbca9e63d7d9936d.exe

Resource

win10v2004-20231023-en

windows10-2004-x64

3 signatures

150 seconds

Behavioral task

behavioral13

Sample

Rootkits/0925b8985b19d7925d68186d666b0050a4cb3f2a577d64765d770a57a2eab9ae.exe

Resource

win7-20231020-en

windows7-x64

1 signatures

150 seconds

Behavioral task

behavioral14

Sample

Rootkits/0925b8985b19d7925d68186d666b0050a4cb3f2a577d64765d770a57a2eab9ae.exe

Resource

win10v2004-20231020-en

windows10-2004-x64

1 signatures

150 seconds

Behavioral task

behavioral15

Sample

Rootkits/096322b16a7395e5534e9db6752aab1bd54275515f33f993d066ec7b46ed5b3e.exe

Resource

win7-20231023-en

windows7-x64

2 signatures

150 seconds

Behavioral task

behavioral16

Sample

Rootkits/096322b16a7395e5534e9db6752aab1bd54275515f33f993d066ec7b46ed5b3e.exe

Resource

win10v2004-20231023-en

persistence

windows10-2004-x64

8 signatures

150 seconds

Behavioral task

behavioral17

Sample

Rootkits/0b1b37d85a27819a8b4b9d7691e55dfc93311f7d5159433d1ac09854fcb13510.exe

Resource

win7-20231023-en

vmprotect

windows7-x64

9 signatures

150 seconds

Behavioral task

behavioral18

Sample

Rootkits/0b1b37d85a27819a8b4b9d7691e55dfc93311f7d5159433d1ac09854fcb13510.exe

Resource

win10v2004-20231023-en

vmprotect

windows10-2004-x64

10 signatures

150 seconds

Behavioral task

behavioral19

Sample

Rootkits/2141974f665f4d8fecb6d8ea06add624b57f320f901368847175570ee716fd8e.dll

Resource

win7-20231023-en

windows7-x64

1 signatures

150 seconds

Behavioral task

behavioral20

Sample

Rootkits/2141974f665f4d8fecb6d8ea06add624b57f320f901368847175570ee716fd8e.dll

Resource

win10v2004-20231023-en

windows10-2004-x64

1 signatures

150 seconds

Behavioral task

behavioral21

Sample

Rootkits/22ee7b8104599b47313195598ffc34aafd6a6552dcce0e7b3232ced3a90ac9a4.exe

Resource

win7-20231020-en

evasion

windows7-x64

10 signatures

150 seconds

Behavioral task

behavioral22

Sample

Rootkits/22ee7b8104599b47313195598ffc34aafd6a6552dcce0e7b3232ced3a90ac9a4.exe

Resource

win10v2004-20231023-en

windows10-2004-x64

0 signatures

150 seconds

Behavioral task

behavioral23

Sample

Rootkits/40fd1fcff12afcf503175d91a18d7a6f7b4ade68726328db38eb6fd74304561b.exe

Resource

win7-20231023-en

vmprotect

windows7-x64

8 signatures

150 seconds

Behavioral task

behavioral24

Sample

Rootkits/40fd1fcff12afcf503175d91a18d7a6f7b4ade68726328db38eb6fd74304561b.exe

Resource

win10v2004-20231025-en

vmprotect

windows10-2004-x64

9 signatures

150 seconds

Behavioral task

behavioral25

Sample

Rootkits/659e0d1b2405cadfa560fe648cbf6866720dd40bb6f4081d3dce2dffe20595d9.exe

Resource

win7-20231025-en

windows7-x64

2 signatures

150 seconds

Behavioral task

behavioral26

Sample

Rootkits/659e0d1b2405cadfa560fe648cbf6866720dd40bb6f4081d3dce2dffe20595d9.exe

Resource

win10v2004-20231025-en

windows10-2004-x64

2 signatures

150 seconds

Behavioral task

behavioral27

Sample

Rootkits/757cd417096f37de99461b69b70ccc532fb294b8ecbf18e3fddaea7bb6058ce8.exe

Resource

win7-20231023-en

vmprotect

windows7-x64

8 signatures

150 seconds

Behavioral task

behavioral28

Sample

Rootkits/757cd417096f37de99461b69b70ccc532fb294b8ecbf18e3fddaea7bb6058ce8.exe

Resource

win10v2004-20231025-en

vmprotect

windows10-2004-x64

9 signatures

150 seconds

Behavioral task

behavioral29

Sample

Rootkits/84ed7fec67de5621806dbb43af5167a5fc60ab7f2403448519dc0eca2b8f9022.exe

Resource

win7-20231023-en

windows7-x64

1 signatures

150 seconds

Behavioral task

behavioral30

Sample

Rootkits/84ed7fec67de5621806dbb43af5167a5fc60ab7f2403448519dc0eca2b8f9022.exe

Resource

win10v2004-20231023-en

windows10-2004-x64

0 signatures

150 seconds

Behavioral task

behavioral31

Sample

Rootkits/9114dc1c44f6a1b7d63ca95e04541d833c49a3e65a717471042bd0ec19a3eb99.exe

Resource

win7-20231023-en

persistence

windows7-x64

5 signatures

150 seconds

Behavioral task

behavioral32

Sample

Rootkits/9114dc1c44f6a1b7d63ca95e04541d833c49a3e65a717471042bd0ec19a3eb99.exe

Resource

win10v2004-20231023-en

persistence

windows10-2004-x64

5 signatures

150 seconds

Report Analysis Logs

General

Target

Rootkits/659e0d1b2405cadfa560fe648cbf6866720dd40bb6f4081d3dce2dffe20595d9.exe
Size

9KB
MD5

83720e64aa1388d55324a22536bd39cd
SHA1

8fa3636a7697f953d7daa02a313981b9e3bc98e4
SHA256

659e0d1b2405cadfa560fe648cbf6866720dd40bb6f4081d3dce2dffe20595d9
SHA512

0ab402911cdefceb9a6ade0b968b10c628fed6da17097b8cd943f76527078a597425c8d0845bb86f0318ee1967dd3f43aa951f822b79933da475eb1ace70922d
SSDEEP

192:V06wXINaG3GO/p/gqEQ3UCp3syXOYWmvmKI7H:VnNt/1gG3Hp3ToUjI7

Score

1^/10

Malware Config

Signatures

Suspicious behavior: LoadsDriver 1 IoCs

Processes:

659e0d1b2405cadfa560fe648cbf6866720dd40bb6f4081d3dce2dffe20595d9.exe

pid process

2772 659e0d1b2405cadfa560fe648cbf6866720dd40bb6f4081d3dce2dffe20595d9.exe
Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes:

659e0d1b2405cadfa560fe648cbf6866720dd40bb6f4081d3dce2dffe20595d9.exe

description pid process

Token: SeLoadDriverPrivilege 2772 659e0d1b2405cadfa560fe648cbf6866720dd40bb6f4081d3dce2dffe20595d9.exe

pid	process
2772	659e0d1b2405cadfa560fe648cbf6866720dd40bb6f4081d3dce2dffe20595d9.exe

description	pid	process
Token: SeLoadDriverPrivilege	2772	659e0d1b2405cadfa560fe648cbf6866720dd40bb6f4081d3dce2dffe20595d9.exe

Processes

C:\Users\Admin\AppData\Local\Temp\Rootkits\659e0d1b2405cadfa560fe648cbf6866720dd40bb6f4081d3dce2dffe20595d9.exe
"C:\Users\Admin\AppData\Local\Temp\Rootkits\659e0d1b2405cadfa560fe648cbf6866720dd40bb6f4081d3dce2dffe20595d9.exe"
1⤵
- Suspicious behavior: LoadsDriver
- Suspicious use of AdjustPrivilegeToken
PID:2772

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads