30fcccaac8405d073d8029c552d5a8708ecf452d84aec85bb3b07f733b1cc9dc

Analysis

max time kernel
163s
max time network
176s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
25/12/2023, 05:58

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

09d5b032bfa2cb948ba85b81976a1be6.exe
Size

708KB
MD5

09d5b032bfa2cb948ba85b81976a1be6
SHA1

946cbea12fa566daeef14513d236798140769937
SHA256

30fcccaac8405d073d8029c552d5a8708ecf452d84aec85bb3b07f733b1cc9dc
SHA512

25b8cc7bf0050addacbf140e377b2eb9d94347878a0c858417a39e24df1769d481f694254178d7d5198dda70b0d6d3559c475ea143446eab8c282f2d900e3568
SSDEEP

12288:J6w3crdt3xaJFpzrnz9cRdmlhzBRXjIj25cVFuL3uu:J60M8pzrnz9omlhlRjcTpu

Score

6^/10

bootkit persistence

Malware Config

Signatures

Enumerates connected drives 3 TTPs 21 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
File opened (read-only)	\??\p:	09d5b032bfa2cb948ba85b81976a1be6.exe
File opened (read-only)	\??\v:	09d5b032bfa2cb948ba85b81976a1be6.exe
File opened (read-only)	\??\m:	09d5b032bfa2cb948ba85b81976a1be6.exe
File opened (read-only)	\??\o:	09d5b032bfa2cb948ba85b81976a1be6.exe
File opened (read-only)	\??\h:	09d5b032bfa2cb948ba85b81976a1be6.exe
File opened (read-only)	\??\i:	09d5b032bfa2cb948ba85b81976a1be6.exe
File opened (read-only)	\??\j:	09d5b032bfa2cb948ba85b81976a1be6.exe
File opened (read-only)	\??\l:	09d5b032bfa2cb948ba85b81976a1be6.exe
File opened (read-only)	\??\n:	09d5b032bfa2cb948ba85b81976a1be6.exe
File opened (read-only)	\??\q:	09d5b032bfa2cb948ba85b81976a1be6.exe
File opened (read-only)	\??\e:	09d5b032bfa2cb948ba85b81976a1be6.exe
File opened (read-only)	\??\g:	09d5b032bfa2cb948ba85b81976a1be6.exe
File opened (read-only)	\??\x:	09d5b032bfa2cb948ba85b81976a1be6.exe
File opened (read-only)	\??\w:	09d5b032bfa2cb948ba85b81976a1be6.exe
File opened (read-only)	\??\y:	09d5b032bfa2cb948ba85b81976a1be6.exe
File opened (read-only)	\??\z:	09d5b032bfa2cb948ba85b81976a1be6.exe
File opened (read-only)	\??\k:	09d5b032bfa2cb948ba85b81976a1be6.exe
File opened (read-only)	\??\t:	09d5b032bfa2cb948ba85b81976a1be6.exe
File opened (read-only)	\??\u:	09d5b032bfa2cb948ba85b81976a1be6.exe
File opened (read-only)	\??\r:	09d5b032bfa2cb948ba85b81976a1be6.exe
File opened (read-only)	\??\s:	09d5b032bfa2cb948ba85b81976a1be6.exe

Writes to the Master Boot Record (MBR) 1 TTPs 1 IoCs

Bootkits write to the MBR to gain persistence at a level below the operating system.

bootkit persistence

Bootkit

T1542.003

description	ioc	Process
File opened for modification	\??\PhysicalDrive0	09d5b032bfa2cb948ba85b81976a1be6.exe

C:\Users\Admin\AppData\Local\Temp\09d5b032bfa2cb948ba85b81976a1be6.exe
"C:\Users\Admin\AppData\Local\Temp\09d5b032bfa2cb948ba85b81976a1be6.exe"
1⤵
- Enumerates connected drives
- Writes to the Master Boot Record (MBR)
PID:3496

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Pre-OS Boot

T1542

Bootkit

T1542.003

Privilege Escalation

Defense Evasion

Pre-OS Boot

T1542

Bootkit

T1542.003

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

memory/3496-0-0x0000000000400000-0x00000000004B6000-memory.dmp

Filesize
728KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads