abf122bfbad8ae0c006b26de16cd883fd61a1ebcbff65ff464851ac8170841fd

Analysis

max time kernel
134s
max time network
138s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
25/12/2023, 01:30

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

2094643eb8c43749b052e18d6c8ef07a.exe
Size

505KB
MD5

2094643eb8c43749b052e18d6c8ef07a
SHA1

e0deb7b1cd9639e419235246fee95c9e766fdbc8
SHA256

abf122bfbad8ae0c006b26de16cd883fd61a1ebcbff65ff464851ac8170841fd
SHA512

4fcdd6a299a10ee5320073d173d583e21e9fbb529e027adc481d03146b9c2761898bb0c4070757a6f0d13deaefe825582fbb9242e79dbc569f87467701cb2059
SSDEEP

6144:gxd0r+zwr2rNy8daL6ku/GWSHaXCMMN+3rhmBF9Z9wBjufk41SWJyuWETo:EdHsr2rNv6aGTSIF9YU84IfuXo

Score

6^/10

bootkit persistence

Malware Config

Signatures

Enumerates connected drives 3 TTPs 21 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
File opened (read-only)	\??\z:	2094643eb8c43749b052e18d6c8ef07a.exe
File opened (read-only)	\??\h:	2094643eb8c43749b052e18d6c8ef07a.exe
File opened (read-only)	\??\l:	2094643eb8c43749b052e18d6c8ef07a.exe
File opened (read-only)	\??\q:	2094643eb8c43749b052e18d6c8ef07a.exe
File opened (read-only)	\??\t:	2094643eb8c43749b052e18d6c8ef07a.exe
File opened (read-only)	\??\v:	2094643eb8c43749b052e18d6c8ef07a.exe
File opened (read-only)	\??\x:	2094643eb8c43749b052e18d6c8ef07a.exe
File opened (read-only)	\??\y:	2094643eb8c43749b052e18d6c8ef07a.exe
File opened (read-only)	\??\g:	2094643eb8c43749b052e18d6c8ef07a.exe
File opened (read-only)	\??\m:	2094643eb8c43749b052e18d6c8ef07a.exe
File opened (read-only)	\??\r:	2094643eb8c43749b052e18d6c8ef07a.exe
File opened (read-only)	\??\u:	2094643eb8c43749b052e18d6c8ef07a.exe
File opened (read-only)	\??\w:	2094643eb8c43749b052e18d6c8ef07a.exe
File opened (read-only)	\??\i:	2094643eb8c43749b052e18d6c8ef07a.exe
File opened (read-only)	\??\j:	2094643eb8c43749b052e18d6c8ef07a.exe
File opened (read-only)	\??\n:	2094643eb8c43749b052e18d6c8ef07a.exe
File opened (read-only)	\??\p:	2094643eb8c43749b052e18d6c8ef07a.exe
File opened (read-only)	\??\e:	2094643eb8c43749b052e18d6c8ef07a.exe
File opened (read-only)	\??\k:	2094643eb8c43749b052e18d6c8ef07a.exe
File opened (read-only)	\??\o:	2094643eb8c43749b052e18d6c8ef07a.exe
File opened (read-only)	\??\s:	2094643eb8c43749b052e18d6c8ef07a.exe

Writes to the Master Boot Record (MBR) 1 TTPs 1 IoCs

Bootkits write to the MBR to gain persistence at a level below the operating system.

bootkit persistence

Bootkit

T1542.003

description	ioc	Process
File opened for modification	\??\PhysicalDrive0	2094643eb8c43749b052e18d6c8ef07a.exe

C:\Users\Admin\AppData\Local\Temp\2094643eb8c43749b052e18d6c8ef07a.exe
"C:\Users\Admin\AppData\Local\Temp\2094643eb8c43749b052e18d6c8ef07a.exe"
1⤵
- Enumerates connected drives
- Writes to the Master Boot Record (MBR)
PID:2416

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Pre-OS Boot

T1542

Bootkit

T1542.003

Privilege Escalation

Defense Evasion

Pre-OS Boot

T1542

Bootkit

T1542.003

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2416-0-0x0000000000400000-0x0000000000483000-memory.dmp

Filesize
524KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads