Analysis
-
max time kernel
9s -
max time network
19s -
platform
windows7_x64 -
resource
win7-20231215-en -
resource tags
arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system -
submitted
22/12/2023, 12:56
Behavioral task
behavioral1
Sample
小白多功能工具箱一键修复.exe
Resource
win7-20231215-en
Behavioral task
behavioral2
Sample
小白多功能工具箱一键修复.exe
Resource
win10v2004-20231222-en
Behavioral task
behavioral3
Sample
小白多功能工具箱.exe
Resource
win7-20231129-en
Behavioral task
behavioral4
Sample
小白多功能工具箱.exe
Resource
win10v2004-20231215-en
General
-
Target
小白多功能工具箱一键修复.exe
-
Size
696KB
-
MD5
469b1d27684059d4ec473f917f12e65c
-
SHA1
f27e545a22b451b41bc660ad0df47ae85d536794
-
SHA256
b665d6cb1351a4289643466cb009805073dc83d02a350c826707e21d71fa83b4
-
SHA512
213c04eeac156fe09a8dc55ea7d398194ddcbafc6510f65831083f34c4ba6a207caa9c89c28a921d9e8b1d03a99cabbd58d56397d1b9bbbff83307972fe0da17
-
SSDEEP
12288:pz9WeBneuUGNG/MC86kdOlEQbKKeqbJBLBkAZfz68:pzYYnRUIGC6sQEQbNbPZfzn
Malware Config
Signatures
-
Writes to the Master Boot Record (MBR) 1 TTPs 1 IoCs
Bootkits write to the MBR to gain persistence at a level below the operating system.
description ioc Process File opened for modification \??\physicaldrive0 小白多功能工具箱一键修复.exe -
Suspicious use of AdjustPrivilegeToken 1 IoCs
description pid Process Token: SeShutdownPrivilege 2624 小白多功能工具箱一键修复.exe -
Suspicious use of SetWindowsHookEx 2 IoCs
pid Process 2624 小白多功能工具箱一键修复.exe 2624 小白多功能工具箱一键修复.exe