56f39d55b4425ae6b701a883d30d90a19fbd14bb0a6742cd4635a134fcebd5c9

Analysis

max time kernel
10s
max time network
125s
platform
windows7_x64
resource
win7-20231129-en
resource tags

arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
submitted
25/12/2023, 00:15

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

1c32eaacfa2267beb98b67566b67f6af.exe
Size

317KB
MD5

1c32eaacfa2267beb98b67566b67f6af
SHA1

b4f334871bea55908f42cf301ac7a21437fb58ca
SHA256

56f39d55b4425ae6b701a883d30d90a19fbd14bb0a6742cd4635a134fcebd5c9
SHA512

e0d6bf2fe00b456f02f81c1ba5617d2a47597279c7d8d7511fcad97659a2b0a7a363d6ff4f7dcee8527d4ff5ff66857fd11ef92d08da462095194d3098643322
SSDEEP

6144:Q+0wCA2yvRz7P9ncKgRvSoO3bm87hW0a7/efpB4weDm8i:QgftJnfiqomm87cX7Qf8i

Score

7^/10

bootkit persistence upx

Malware Config

Signatures

UPX packed file 5 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/3044-0-0x0000000000EB0000-0x0000000000F6A000-memory.dmp	upx
behavioral1/memory/3044-42-0x0000000000EB0000-0x0000000000F6A000-memory.dmp	upx
behavioral1/memory/3044-67-0x0000000000EB0000-0x0000000000F6A000-memory.dmp	upx
behavioral1/memory/3044-72-0x0000000000EB0000-0x0000000000F6A000-memory.dmp	upx
behavioral1/memory/3044-73-0x0000000000EB0000-0x0000000000F6A000-memory.dmp	upx

Writes to the Master Boot Record (MBR) 1 TTPs 1 IoCs

Bootkits write to the MBR to gain persistence at a level below the operating system.

bootkit persistence

Bootkit

T1542.003

description	ioc	Process
File opened for modification	\??\PhysicalDrive0	1c32eaacfa2267beb98b67566b67f6af.exe

C:\Users\Admin\AppData\Local\Temp\1c32eaacfa2267beb98b67566b67f6af.exe
"C:\Users\Admin\AppData\Local\Temp\1c32eaacfa2267beb98b67566b67f6af.exe"
1⤵
- Writes to the Master Boot Record (MBR)
PID:3044

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Pre-OS Boot

T1542

Bootkit

T1542.003

Privilege Escalation

Defense Evasion

Pre-OS Boot

T1542

Bootkit

T1542.003

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\7B8944BA8AD0EFDF0E01A43EF62BECD0_857C774C8729F7D82800305256AB7560

Filesize
5B

MD5
5bfa51f3a417b98e7443eca90fc94703

SHA1
8c015d80b8a23f780bdd215dc842b0f5551f63bd

SHA256
bebe2853a3485d1c2e5c5be4249183e0ddaff9f87de71652371700a89d937128

SHA512
4cd03686254bb28754cbaa635ae1264723e2be80ce1dd0f78d1ab7aee72232f5b285f79e488e9c5c49ff343015bd07bb8433d6cee08ae3cea8c317303e3ac399

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

Filesize
3KB

MD5
0be466a59a8e2848651e6cf88f001956

SHA1
1e518136fde1983d6a7f3a95a753b5496b9220b5

SHA256
5bce0c98da565579ad2ece5c8c6c98bb5120bec74d4e40182a7a27d8297d585a

SHA512
c6a51e8c4491ce12cf536877789ff72405c4627c2b2daf7a5d40f93c54aeec335937092bce9b9076a42476457a72abecd8d2ead9e9e1e93dccbe537f8ff97464

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar3345.tmp

Filesize
62KB

MD5
c393769d8544c875f37a0b37e9d0ecaf

SHA1
2c664cf18839e188ba13f765b919400724c3219f

SHA256
54f37a4aba9d7864c92e2e9830dcb2c3d01c5b924e18cbf38fc91f6e6c6c2628

SHA512
04def50b0a36f35991a4f141250d5af09cac235581ac7f0cee5a91d453b31966aa4aa654465ffd07b817f6430aeba570b69872dc1aeed1ef23584f76ab4c6fb0

Download Submit
memory/3044-0-0x0000000000EB0000-0x0000000000F6A000-memory.dmp

Filesize
744KB

Download
memory/3044-42-0x0000000000EB0000-0x0000000000F6A000-memory.dmp

Filesize
744KB

Download
memory/3044-67-0x0000000000EB0000-0x0000000000F6A000-memory.dmp

Filesize
744KB

Download
memory/3044-72-0x0000000000EB0000-0x0000000000F6A000-memory.dmp

Filesize
744KB

Download
memory/3044-73-0x0000000000EB0000-0x0000000000F6A000-memory.dmp

Filesize
744KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads