Analysis

  • max time kernel
    9s
  • max time network
    19s
  • platform
    windows7_x64
  • resource
    win7-20231215-en
  • resource tags

    arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
  • submitted
    22/12/2023, 12:56

General

  • Target

    小白多功能工具箱一键修复.exe

  • Size

    696KB

  • MD5

    469b1d27684059d4ec473f917f12e65c

  • SHA1

    f27e545a22b451b41bc660ad0df47ae85d536794

  • SHA256

    b665d6cb1351a4289643466cb009805073dc83d02a350c826707e21d71fa83b4

  • SHA512

    213c04eeac156fe09a8dc55ea7d398194ddcbafc6510f65831083f34c4ba6a207caa9c89c28a921d9e8b1d03a99cabbd58d56397d1b9bbbff83307972fe0da17

  • SSDEEP

    12288:pz9WeBneuUGNG/MC86kdOlEQbKKeqbJBLBkAZfz68:pzYYnRUIGC6sQEQbNbPZfzn

Score
6/10

Malware Config

Signatures

  • Writes to the Master Boot Record (MBR) 1 TTPs 1 IoCs

    Bootkits write to the MBR to gain persistence at a level below the operating system.

  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of SetWindowsHookEx 2 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\小白多功能工具箱一键修复.exe
    "C:\Users\Admin\AppData\Local\Temp\小白多功能工具箱一键修复.exe"
    1⤵
    • Writes to the Master Boot Record (MBR)
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of SetWindowsHookEx
    PID:2624

Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads