Overview

overview

7

Static

static

7

2917e9ae12...76.exe

windows7-x64

7

2917e9ae12...76.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    0s
  • max time network
    141s
  • platform
    windows7_x64
  • resource
    win7-20231129-en
  • resource tags

    arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
  • submitted
    25/12/2023, 15:24

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    2917e9ae126fee0277c544dec8274676.exe

  • Size

    228KB

  • MD5

    2917e9ae126fee0277c544dec8274676

  • SHA1

    1b7743d1779b0e8d0c4e7bd93cf04f0db0e3df14

  • SHA256

    22b13848d3f286a551b2151a3c5b577f797cd5bf76e7e211b686055ed3de09d6

  • SHA512

    35f194d8de6eaf85fbc4b4644156026c3f77c62e6a9504329ff1b6576c00577eb7ebd66251bac7ee5591ae708ed3b409de11363a2f11f073758ed9c64a811b91

  • SSDEEP

    6144:osh1Z/s4BpAAx+NANgWB1zvj+5a+CG+xEe:osh1Z/Tb0WB43CGc

Score
7/10
bootkitpersistenceupx

Malware Config

Signatures

  • UPX packed file 4 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Enumerates connected drives 3 TTPs 21 IoCs

    Attempts to read the root path of hard drives other than the default C: drive.

  • Writes to the Master Boot Record (MBR) 1 TTPs 1 IoCs

    Bootkits write to the MBR to gain persistence at a level below the operating system.

    bootkitpersistence

Processes

  • C:\Users\Admin\AppData\Local\Temp\2917e9ae126fee0277c544dec8274676.exe
    "C:\Users\Admin\AppData\Local\Temp\2917e9ae126fee0277c544dec8274676.exe"
    1⤵
    • Enumerates connected drives
    • Writes to the Master Boot Record (MBR)
    PID:1328

Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
          Filesize

          44KB

          MD5

          f723dcfdd5f5a7873d227cba2391d9c6

          SHA1

          63734748d6b5a85a7f12e3b58354442b54f2aaff

          SHA256

          b0c2cba67e971e027a45d3ddd2673645c1f8b8040f1e285506b06bc2ac2d0807

          SHA512

          f1fe727e9cf3f39dc3c5eadb0cd45803f0e749ae603945aa5c7300c0a235c6e69c41bc4fcff6cda9ee2595da82f33e3f731e63734e79dd6b42d4626c52e87fe1

          Download Submit

        • C:\Users\Admin\AppData\Local\Temp\Tar1CAA.tmp
          Filesize

          65KB

          MD5

          7d7cdd0e9f06f7d35ffa11ec10acac9d

          SHA1

          3ce82c17b98bd7a3010f9328e989065bc2d3bed9

          SHA256

          6bec041e635fc41276931ad8d2ff14350b33da144540a062a811c4497f1e817b

          SHA512

          2b03c82c9d4e31b01243704106f98740d322c0de20b0c5df5937b15bf4b11a51084b6ec3328e60bd4a4cd27030bb91de738f2df807df2c2c1fbbb3a115d201da

          Download Submit

        • memory/1328-0-0x0000000000400000-0x0000000000488000-memory.dmp

          Filesize

          544KB

          Download

        • memory/1328-50-0x0000000000400000-0x0000000000488000-memory.dmp

          Filesize

          544KB

          Download

        • memory/1328-67-0x0000000000400000-0x0000000000488000-memory.dmp

          Filesize

          544KB

          Download

        • memory/1328-69-0x0000000000400000-0x0000000000488000-memory.dmp

          Filesize

          544KB

          Download

        • memory/1328-72-0x0000000000400000-0x0000000000488000-memory.dmp

          Filesize

          544KB

          Download

        • memory/1328-73-0x0000000000400000-0x0000000000488000-memory.dmp

          Filesize

          544KB

          Download

        • memory/1328-75-0x0000000000400000-0x0000000000488000-memory.dmp

          Filesize

          544KB

          Download