Analysis

  • max time kernel
    119s
  • max time network
    132s
  • platform
    windows7_x64
  • resource
    win7-20231023-en
  • resource tags

    arch:x64arch:x86image:win7-20231023-enlocale:en-usos:windows7-x64system
  • submitted
    08-11-2023 03:15

General

  • Target

    Rootkits/9114dc1c44f6a1b7d63ca95e04541d833c49a3e65a717471042bd0ec19a3eb99.exe

  • Size

    3.2MB

  • MD5

    c52ce9d8ecf3e5a3f1518178e468abdb

  • SHA1

    dcc2392a9c0cbf84c0fea37f4b4bd1bbde5d4cd9

  • SHA256

    9114dc1c44f6a1b7d63ca95e04541d833c49a3e65a717471042bd0ec19a3eb99

  • SHA512

    1b74eed1c9bb6b261f8b9015459790f3e91bbb44ce3e74a8a974d36d23da233f0b3ce5283413c1da1e97faa1b4c7ccad6dc794fe610adf80d1961f15b383c82f

  • SSDEEP

    49152:io6sSyg5sHNh7vo2/BPFZqMQj0HcvnafOdYCig65Mkk3pUcqtmmCgKau2FYOjRnc:DZxnKzdYcZT2YOjRN

Score
8/10

Malware Config

Signatures

  • Drops file in Drivers directory 1 IoCs
  • Sets service image path in registry 2 TTPs 1 IoCs
  • Drops file in Windows directory 1 IoCs
  • Modifies system certificate store 2 TTPs 2 IoCs
  • Suspicious behavior: LoadsDriver 2 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\Rootkits\9114dc1c44f6a1b7d63ca95e04541d833c49a3e65a717471042bd0ec19a3eb99.exe
    "C:\Users\Admin\AppData\Local\Temp\Rootkits\9114dc1c44f6a1b7d63ca95e04541d833c49a3e65a717471042bd0ec19a3eb99.exe"
    1⤵
    • Drops file in Drivers directory
    • Sets service image path in registry
    • Drops file in Windows directory
    • Modifies system certificate store
    PID:2360

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads