36b65f55cf00d2bfd35e65ac4321e9b97f3e1538f77ae7a9b3a53c3c38cd43cd

Analysis

max time kernel
119s
max time network
146s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
25/12/2023, 05:53

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

098b4e4d0baadb9ece890679f5ad7606.exe
Size

1.1MB
MD5

098b4e4d0baadb9ece890679f5ad7606
SHA1

cc1c256162ad0f5c4ead23c9584100252db14712
SHA256

36b65f55cf00d2bfd35e65ac4321e9b97f3e1538f77ae7a9b3a53c3c38cd43cd
SHA512

dc69f1af2c631de760da388bc1eb707fd822bbbb088122e9362ed2ddeda706a365a03abbfafa25e22a2958e85b6ffd27af55e8b5d201c0464b5754dc03ca0292
SSDEEP

24576:hR857AaW/2O6WbldghTSva3dl0M4VIsAvkGrLTGvCBHX5Ln:hR8klQLtl0Md8SGvCB357

Score

6^/10

bootkit persistence

Malware Config

Signatures

Writes to the Master Boot Record (MBR) 1 TTPs 1 IoCs

Bootkits write to the MBR to gain persistence at a level below the operating system.

bootkit persistence

Bootkit

T1542.003

description	ioc	Process
File opened for modification	\??\PhysicalDrive0	098b4e4d0baadb9ece890679f5ad7606.exe

C:\Users\Admin\AppData\Local\Temp\098b4e4d0baadb9ece890679f5ad7606.exe
"C:\Users\Admin\AppData\Local\Temp\098b4e4d0baadb9ece890679f5ad7606.exe"
1⤵
- Writes to the Master Boot Record (MBR)
PID:1688

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Pre-OS Boot

T1542

Bootkit

T1542.003

Privilege Escalation

Defense Evasion

Pre-OS Boot

T1542

Bootkit

T1542.003

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\INS6934.tmp

Filesize
933KB

MD5
3381d5ba62863f6cdf81b8c7d5fbc85e

SHA1
408eaa20149c3d6fd358fa686ff6af1371f0e14f

SHA256
3af2ad2b5b9b8603fac1e8b81ddab6bef31b1767df4607e53170df524e8394be

SHA512
90e11437209d0988e44b202f3e849bb3377fba02266d469fd4cad5ee98e71996cbed49052436a3529c26c910cdf987383458c97c61ddba69be0b8aaf7fda960b

Download Submit
memory/1688-0-0x0000000000400000-0x00000000009C0000-memory.dmp

Filesize
5.8MB

Download
memory/1688-1-0x0000000000230000-0x0000000000232000-memory.dmp

Filesize
8KB

Download
memory/1688-2-0x0000000000250000-0x0000000000251000-memory.dmp

Filesize
4KB

Download
memory/1688-8-0x0000000000400000-0x00000000009C0000-memory.dmp

Filesize
5.8MB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads