Analysis
-
max time kernel
118s -
max time network
123s -
platform
windows7_x64 -
resource
win7-20231215-en -
resource tags
-
submitted
26/12/2023, 05:53
General
-
Target
5817514c2c9b6a11eaeb20dca1861360.exe
-
Size
266KB
-
MD5
5817514c2c9b6a11eaeb20dca1861360
-
SHA1
a7429c5378a386582b11ce5863e8c531d311d318
-
SHA256
55d317204822c20fd3c752374742378d461594f1f7af27bac06518c1e24d1f03
-
SHA512
5c399257fb930ac1b52b1e90377b2dd6a71c0546a3fae4e781ed0e3d51d7a5feff3a26e6ea15ae94cdf14977153b46e0cec497a3a344d9f630c87961a5c4693b
-
SSDEEP
3072:V9c0GV/ACeZbfDaLH5pl/6G8eNp2vIUZmuUxfu12KTlC4GMYNhk8tyC8/V0:xGVYvpDab5pl/58eOTZmuUxb74Z88/2
Malware Config
Signatures
-
Executes dropped EXE 1 IoCs
-
Loads dropped DLL 4 IoCs
-
Writes to the Master Boot Record (MBR) 1 TTPs 2 IoCs
Bootkits write to the MBR to gain persistence at a level below the operating system.
-
Suspicious behavior: EnumeratesProcesses 1 IoCs
-
Suspicious use of SetWindowsHookEx 2 IoCs
-
Suspicious use of WriteProcessMemory 7 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\5817514c2c9b6a11eaeb20dca1861360.exe"C:\Users\Admin\AppData\Local\Temp\5817514c2c9b6a11eaeb20dca1861360.exe"1⤵
- Loads dropped DLL
- Writes to the Master Boot Record (MBR)
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\uninstall.exeC:\Users\Admin\AppData\Local\Temp\uninstall.exe2⤵
- Executes dropped EXE
- Loads dropped DLL
- Writes to the Master Boot Record (MBR)
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
266KB
MD55817514c2c9b6a11eaeb20dca1861360
SHA1a7429c5378a386582b11ce5863e8c531d311d318
SHA25655d317204822c20fd3c752374742378d461594f1f7af27bac06518c1e24d1f03
SHA5125c399257fb930ac1b52b1e90377b2dd6a71c0546a3fae4e781ed0e3d51d7a5feff3a26e6ea15ae94cdf14977153b46e0cec497a3a344d9f630c87961a5c4693b