d26a7f2d4f3521827201e6cdcd296f132c7d18c3a1ce70c24b423300cff326fe

Resubmissions

25-11-2023 23:27

231125-3ffngade53 8

25-11-2023 23:26

231125-3e6s9sdg6s 1

25-11-2023 23:25

231125-3eslmsdg51 1

Analysis

max time kernel
54s
max time network
74s
platform
windows7_x64
resource
win7-20231023-en
resource tags

arch:x64arch:x86image:win7-20231023-enlocale:en-usos:windows7-x64system
submitted
25-11-2023 23:27

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

360TS_Setup_Mini.exe
Size

1.4MB
MD5

31fee2c73b8d2a8ec979775cd5f5ced7
SHA1

39182a68bc0c1c07d3ddc47cd69fe3692dbac834
SHA256

d26a7f2d4f3521827201e6cdcd296f132c7d18c3a1ce70c24b423300cff326fe
SHA512

db51b602a8675641bc3a0a980a197243787ed12f5e0619cb1d390c91193d7e3447e3e86e2321c3ea273c6732b356003a249241d7d8a5699931810e5a35d5c650
SSDEEP

24576:kL/7n6lbcC8oblv1zj1SqdAGFQZIxvC45UJoe1Z:E6+C8o5tzjYq+ZIxL5UJoeL

Score

8^/10

bootkit persistence

Malware Config

Signatures

Downloads MZ/PE file

Executes dropped EXE 1 IoCs

pid	Process
700	360TS_Setup.exe

Loads dropped DLL 5 IoCs

pid	Process
2124	360TS_Setup_Mini.exe
2124	360TS_Setup_Mini.exe
2124	360TS_Setup_Mini.exe
2124	360TS_Setup_Mini.exe
2124	360TS_Setup_Mini.exe

Writes to the Master Boot Record (MBR) 1 TTPs 1 IoCs

Bootkits write to the MBR to gain persistence at a level below the operating system.

bootkit persistence

Bootkit

T1542.003

description	ioc	Process
File opened for modification	\??\PhysicalDrive0	360TS_Setup_Mini.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeManageVolumePrivilege	2124	360TS_Setup_Mini.exe

Suspicious use of FindShellTrayWindow 2 IoCs

pid	Process
2124	360TS_Setup_Mini.exe
2124	360TS_Setup_Mini.exe

Suspicious use of SendNotifyMessage 2 IoCs

pid	Process
2124	360TS_Setup_Mini.exe
2124	360TS_Setup_Mini.exe

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2124 wrote to memory of 700	2124	360TS_Setup_Mini.exe	31
PID 2124 wrote to memory of 700	2124	360TS_Setup_Mini.exe	31
PID 2124 wrote to memory of 700	2124	360TS_Setup_Mini.exe	31
PID 2124 wrote to memory of 700	2124	360TS_Setup_Mini.exe	31
PID 2124 wrote to memory of 700	2124	360TS_Setup_Mini.exe	31
PID 2124 wrote to memory of 700	2124	360TS_Setup_Mini.exe	31
PID 2124 wrote to memory of 700	2124	360TS_Setup_Mini.exe	31

C:\Users\Admin\AppData\Local\Temp\360TS_Setup_Mini.exe
"C:\Users\Admin\AppData\Local\Temp\360TS_Setup_Mini.exe"
1⤵
- Loads dropped DLL
- Writes to the Master Boot Record (MBR)
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2124
- C:\Users\Admin\AppData\Local\Temp\360TS_Setup.exe
  "C:\Users\Admin\AppData\Local\Temp\360TS_Setup.exe" /c:101 /pmode:2
  2⤵
  - Executes dropped EXE
  PID:700
- - C:\Program Files (x86)\1700954916_0\360TS_Setup.exe
    "C:\Program Files (x86)\1700954916_0\360TS_Setup.exe" /c:101 /pmode:2 /TSinstall
    3⤵
    PID:3052

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Pre-OS Boot

T1542

Bootkit

T1542.003

Privilege Escalation

Defense Evasion

Pre-OS Boot

T1542

Bootkit

T1542.003

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files (x86)\1700954916_0\360TS_Setup.exe

Filesize
8KB

MD5
301e4b676b86ee45abdbf049f0c43771

SHA1
20c3284de7c6d7f43577426943c05e2e6e35a723

SHA256
7963e7f3361c7f98ee82a3b55cafbd972443d98e2596f4f151e145cd8c6b5e30

SHA512
80f93d424235f63a2543d8b9a307db6956689fa2fba52dd89caf3be63fec3625e91ef14cba87488a2df1cd1fcfc1a1ec2260ac3e4efce4c61250688cbf21b006

Download Submit
C:\Users\Admin\AppData\Local\Temp\[email protected]

Filesize
655B

MD5
6ebebc441aeed69252325dc7bcb64ae7

SHA1
0bc747e6e0e69eeb93cba634a7fc6372a7ce5115

SHA256
4dc785457ffb0568cedb47a36543c401f16560d5e4cb93025162b1341dc2fab5

SHA512
accc96590c4cdbcb18c2a0f0757a31d5d7716f922bdcefba26c5a02c5557e8b5aa8d207ee2df86b4f27c14dce0241408f1e85853c1bedab0f9c9ddbdd640bfae

Download Submit
C:\Users\Admin\AppData\Local\Temp\[email protected]\setup.ini

Filesize
829B

MD5
238ed4f875ac5639f4b660b5b0475a3d

SHA1
7cbf1b14f44893050b4c9131a7d4e890fceda835

SHA256
aeffac17235d8fa0425d83caddfc8839435f4df7ff46f1e8b416059b6cbf7aa5

SHA512
4cf19990ace1d67145b5e6403a5f8689d6fd2866f1e25df7286a6581a5e15ea09305f490f21496fa5a7d2ea41220ed9774c77179d37870e259ebe48e902295f9

Download Submit
C:\Users\Admin\AppData\Local\Temp\1700954915_00000000_base\360base.dll

Filesize
884KB

MD5
8c42fc725106cf8276e625b4f97861bc

SHA1
9c4140730cb031c29fc63e17e1504693d0f21c13

SHA256
d1ca92aa0789ee87d45f9f3c63e0e46ad2997b09605cbc2c57da2be6b8488c22

SHA512
f3c33dfe8e482692d068bf2185bec7d0d2bb232e6828b0bc8dc867da9e7ca89f9356fde87244fe686e3830f957c052089a87ecff4e44842a1a7848246f0ba105

Download Submit
C:\Users\Admin\AppData\Local\Temp\360TS_Setup.exe

Filesize
94.5MB

MD5
eb97de4660450dd42cf08721765a5f11

SHA1
26d2e9898fec19a5e043b57e9d82454df766effb

SHA256
d9a9d37d128f199cb4529ee5248d0a6695385b419d56e62b310e2eaddb7ede49

SHA512
00a577f5d951d67dc79f34f4350fb4d1c76dd97a18c8e51f4dfdf41b965de00195fd935b58b85e1f09da02ac3b654c525a8c13cb267db4a5c3bcdc061b6e873d

Download Submit
C:\Users\Admin\AppData\Local\Temp\360TS_Setup.exe

Filesize
26.0MB

MD5
1842f4b905d531b2098bb15fc8321d38

SHA1
d6a4c21fd280c1b0f5081fcf83c35f6a43d7414a

SHA256
2c58f14c2bdfdf7ffb1af720ed111e1118f332f21ab7b7cae3c3504af1ae6228

SHA512
885a57c4821f92f9d66d524350ef1982ab07247a8f916f1421825b54851bd32331b56b4b76bf6ccbc833c2d50eb55dedd9705b4346d7bfc8453d0d4e1612a6a5

Download Submit
C:\Users\Admin\AppData\Local\Temp\360TS_Setup.exe

Filesize
2.9MB

MD5
8e63d76872727d420c5f356225005e47

SHA1
cfb08cd0beb9f5db1abddf405f8bf4c5436b402e

SHA256
c0a519c7026ee3bae165e24564155296e160f91369d9671634c9133e15290ee7

SHA512
0f8d865364567699f6d2a5d9ecb65301e213ce92fc289e199eb987d0996484cb4e0a9eafa1ce0970c4a45ca856840ae2fba5d6ab861d1ffcc7b87a053a68ec67

Download Submit
C:\Users\Admin\AppData\Local\Temp\{50BBCF3E-F2E6-4d04-8A91-F0D3758CCAF2}.tmp

Filesize
3KB

MD5
b1ddd3b1895d9a3013b843b3702ac2bd

SHA1
71349f5c577a3ae8acb5fbce27b18a203bf04ede

SHA256
46cda5ad256bf373f5ed0b2a20efa5275c1ffd96864c33f3727e76a3973f4b3c

SHA512
93e6c10c4a8465bc2e58f4c7eb300860186ddc5734599bcdad130ff9c8fd324443045eac54bbc667b058ac1fa271e5b7645320c6e3fc2f28cc5f824096830de1

Download Submit
\Program Files (x86)\1700954916_0\360TS_Setup.exe

Filesize
192KB

MD5
1cd2db92330e3d8e1bc17483d80f85c5

SHA1
08acd2fbfa2eb64f083f80ede03cc43ee07e3d7c

SHA256
77394da104e4ea747cd74321d038c866988ba16611943cbccb9facf84cc25203

SHA512
7574bc5780db5018ed999d9cf4d75fd1d15f858d05b418a1adcd96126c93b95acc933247ba1da307a97c14750bc6592d736a9f7ddec7a30a46b7e5d255d03dac

Download Submit
\Users\Admin\AppData\Local\Temp\1700954915_00000000_base\360base.dll

Filesize
884KB

MD5
8c42fc725106cf8276e625b4f97861bc

SHA1
9c4140730cb031c29fc63e17e1504693d0f21c13

SHA256
d1ca92aa0789ee87d45f9f3c63e0e46ad2997b09605cbc2c57da2be6b8488c22

SHA512
f3c33dfe8e482692d068bf2185bec7d0d2bb232e6828b0bc8dc867da9e7ca89f9356fde87244fe686e3830f957c052089a87ecff4e44842a1a7848246f0ba105

Download Submit
\Users\Admin\AppData\Local\Temp\360TS_Setup.exe

Filesize
88.1MB

MD5
462a26da06d7a168857b62278d33ad95

SHA1
23d100fe19ac7df4c2e857de75f215d8481c159b

SHA256
eda3072d37055f6a28c290fb66e54a29489ee18d10d8e48141c629c960b39ec0

SHA512
3b149ee5043f7bcef06051dc1c5f54221c0b1df3d6c470d670562ff7477e7c80105990843889ef1b41eec90419ebe437f1c42cf44d161a62b0660a6b74c869e1

Download Submit
\Users\Admin\AppData\Local\Temp\360TS_Setup.exe

Filesize
52.3MB

MD5
93fcf31f2c07eb6fa8786f40caf7e057

SHA1
7b038697d45f060541b91007b7c6fa2c15c290b0

SHA256
1252e3b3973d9840a0a7f37d1dcf64a90ad16fc7a68902647d40e27afdc88b31

SHA512
43dc386d6d0080d21b6126ab1aedefd2ade8a0c4653e17e18e17fb33e836361d72756f1cbd96ab9da6059b8c1e100053e76cc3c0796ca8652e22333d8736d0dd

Download Submit
\Users\Admin\AppData\Local\Temp\360TS_Setup.exe

Filesize
55.2MB

MD5
4109d16a9719bca4a3ef80cc7b035b6c

SHA1
542d362a6ebc46c093662892a389fb1675f8585b

SHA256
5e890d1c6bbe40070f2c3bf5b48810d76267ecf043be4975d8cff22c47a39a0f

SHA512
22c9f59dbdc6be97298e99d7af976b9e989eb3c27d71b8bb5a9b2db4ed3f22fc23980f1b22e16c079b5f4f8185e5fc2a0fe13a0d7656a6342cc70dac9dc5e95d

Download Submit
\Users\Admin\AppData\Local\Temp\360TS_Setup.exe

Filesize
52.8MB

MD5
55260120c2fd6394df27f7e74a2e5d48

SHA1
f87df5d51b6706f2b3d066c56ab271463031630d

SHA256
13b904840cc300887d4342e847d53204b009479204b0140a62969f117a6fab15

SHA512
b1866f170c627bcf877ddc4c82a867e7d18580b6ce82857b4f7bab9078320e3df4f41748e698e7ead7186896fcb7d75449d07d28f7c7464c86da0ba08549f8a9

Download Submit
\Users\Admin\AppData\Local\Temp\{ECAFB6A3-CA79-4e22-8C1C-F50FC51B1605}.tmp\360P2SP.dll

Filesize
824KB

MD5
fc1796add9491ee757e74e65cedd6ae7

SHA1
603e87ab8cb45f62ecc7a9ef52d5dedd261ea812

SHA256
bf1b96f5b56be51e24d6314bc7ec25f1bdba2435f4dfc5be87de164fe5de9e60

SHA512
8fa2e4ff5cbc05034051261c778fec1f998ceb2d5e8dea16b26b91056a989fdc58f33767687b393f32a5aff7c2b8d6df300b386f608abd0ad193068aa9251e0d

Download Submit
memory/2124-36-0x0000000002C40000-0x0000000002C41000-memory.dmp

Filesize
4KB

Download
memory/2124-12-0x0000000002C40000-0x0000000002C41000-memory.dmp

Filesize
4KB

Download

Resubmissions

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads