Overview

overview

6

Static

static

3

04fb5cc82c...95.dll

windows7-x64

6

04fb5cc82c...95.dll

windows10-2004-x64

6

Analysis

  • max time kernel
    119s
  • max time network
    120s
  • platform
    windows7_x64
  • resource
    win7-20231215-en
  • resource tags

    arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
  • submitted
    24-12-2023 16:08

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    04fb5cc82c95084bdc0917c8e075e695.dll

  • Size

    320KB

  • MD5

    04fb5cc82c95084bdc0917c8e075e695

  • SHA1

    9fd01d44625937c6a52e8c2ac64630cbaca30a0f

  • SHA256

    e6bcd78acc58e841abc3c1088b1c72cfe1b133e3f6a13b14f3d55fbd0a50533b

  • SHA512

    e6638184dac8a216690cfd3ebf0e7368df1def0c13df2385389c2d1e9709737e407ae394f87d537a826a5dc61438339e2ea9d19213674b83474360ce6243a4c9

  • SSDEEP

    6144:3OsTbexTfao5qgARPrTFFoKfoV1G2n5Dbv+QSNp2E2ClsalDeOy:3OsoLaGqTrTFFoKfoa2nNz+bNp2E2asg

Score
6/10
bootkitpersistence

Malware Config

Signatures

  • Writes to the Master Boot Record (MBR) 1 TTPs 1 IoCs

    Bootkits write to the MBR to gain persistence at a level below the operating system.

    bootkitpersistence
  • Suspicious use of WriteProcessMemory 7 IoCs

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\04fb5cc82c95084bdc0917c8e075e695.dll,#1
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2964
    • C:\Windows\SysWOW64\rundll32.exe
      rundll32.exe C:\Users\Admin\AppData\Local\Temp\04fb5cc82c95084bdc0917c8e075e695.dll,#1
      2⤵
      • Writes to the Master Boot Record (MBR)
      PID:2980

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/2980-3-0x0000000000720000-0x000000000076F000-memory.dmp

    Filesize

    316KB

    Download

  • memory/2980-0-0x0000000000720000-0x000000000076F000-memory.dmp

    Filesize

    316KB

    Download