Overview

overview

7

Static

static

3

8533ca3518...b8.exe

windows7-x64

8533ca3518...b8.exe

windows10-2004-x64

Analysis

  • max time kernel
    4s
  • max time network
    8s
  • platform
    windows7_x64
  • resource
    win7-20231215-en
  • resource tags

    arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
  • submitted
    22-12-2023 10:32

Sharing

Copy URL
Twitter E-mail

Errors

Reason
Machine shutdown
Report Analysis Logs

General

  • Target

    8533ca3518ee06d6219f7eaa43a2cbb8.exe

  • Size

    79KB

  • MD5

    8533ca3518ee06d6219f7eaa43a2cbb8

  • SHA1

    b9a231ca235c7eb57d9a6e0a3d47680d291cf355

  • SHA256

    8ba7d0adb180615be8923a26b3c3259201a73f0cb70b62f38c2d43445c2e8307

  • SHA512

    8fb61a514df985b1eb4b5e6960782d2adb763079c61a71efd6a8eeea8a7fe6332f90b392bee3a6a5ebe7a9a2f74349b3b7146131546f40971a1bb1e16aa3a887

  • SSDEEP

    1536:C+T052SRYaNRyGVxxsErecOUGKqPamrzHk:OYCTfskecOJvPrE

Score
7/10
bootkitpersistence

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 2 IoCs
  • Writes to the Master Boot Record (MBR) 1 TTPs 2 IoCs

    Bootkits write to the MBR to gain persistence at a level below the operating system.

    bootkitpersistence
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\8533ca3518ee06d6219f7eaa43a2cbb8.exe
    "C:\Users\Admin\AppData\Local\Temp\8533ca3518ee06d6219f7eaa43a2cbb8.exe"
    1⤵
    • Loads dropped DLL
    • Writes to the Master Boot Record (MBR)
    • Suspicious use of WriteProcessMemory
    PID:2336
    • C:\Users\Admin\AppData\Local\Temp\sys3.exe
      C:\Users\Admin\AppData\Local\Temp\\sys3.exe
      2⤵
      • Executes dropped EXE
      • Writes to the Master Boot Record (MBR)
      • Suspicious use of AdjustPrivilegeToken
      PID:2916
  • C:\Windows\system32\LogonUI.exe
    "LogonUI.exe" /flags:0x0
    1⤵
      PID:2780
    • C:\Windows\system32\LogonUI.exe
      "LogonUI.exe" /flags:0x1
      1⤵
        PID:2592

      Network

      MITRE ATT&CK Enterprise v15

      Replay Monitor

      Loading Replay Monitor...

      Downloads

      • C:\Users\Admin\AppData\Local\Temp\sys3.exe
        Filesize

        79KB

        MD5

        8533ca3518ee06d6219f7eaa43a2cbb8

        SHA1

        b9a231ca235c7eb57d9a6e0a3d47680d291cf355

        SHA256

        8ba7d0adb180615be8923a26b3c3259201a73f0cb70b62f38c2d43445c2e8307

        SHA512

        8fb61a514df985b1eb4b5e6960782d2adb763079c61a71efd6a8eeea8a7fe6332f90b392bee3a6a5ebe7a9a2f74349b3b7146131546f40971a1bb1e16aa3a887

        Download Submit

      • C:\Users\Admin\AppData\Local\Temp\systm.txt
        Filesize

        70B

        MD5

        753fcf709e1bfcb4720e2d7ed2d0a42a

        SHA1

        726baebda65bb15047cf503e063859d410b9983e

        SHA256

        e40bf7b8c631bc02888a610b1c92bb6bbd4230f7989a657048cd8ff012afda79

        SHA512

        8c853348a5037713fe550dd2e0a69a42059af8516db9f60055df69e71512881a06dc49b01a3527ab52ab9da18841ab4d15708af4468813133ed7e9b9f4961c8b

        Download Submit

      • memory/2336-0-0x000000002AA00000-0x000000002AA16000-memory.dmp

        Filesize

        88KB

        Download

      • memory/2336-10-0x000000002AA00000-0x000000002AA16000-memory.dmp

        Filesize

        88KB

        Download

      • memory/2336-9-0x0000000000220000-0x0000000000236000-memory.dmp

        Filesize

        88KB

        Download

      • memory/2592-14-0x00000000026E0000-0x00000000026E1000-memory.dmp

        Filesize

        4KB

        Download

      • memory/2780-13-0x00000000029C0000-0x00000000029C1000-memory.dmp

        Filesize

        4KB

        Download