f1e01f66ab26c0f4ee71e837d9178a0c58e0737561fbb137d70b2a6420bcbcb8

Analysis

max time kernel
145s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20231222-en
resource tags

arch:x64arch:x86image:win10v2004-20231222-enlocale:en-usos:windows10-2004-x64system
submitted
26-12-2023 06:33

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

59d7910e842f4af8854ba06947cb686f.exe
Size

446KB
MD5

59d7910e842f4af8854ba06947cb686f
SHA1

e16b1f833f14e915b8d1dc84daa897b8829af3e9
SHA256

f1e01f66ab26c0f4ee71e837d9178a0c58e0737561fbb137d70b2a6420bcbcb8
SHA512

e1a23f376ac25ed7bf1bb4865b23b3bdf8484526b4bca489f6e348d0a00449d2708e44fc1aa5879ee8de241d2e1fb7cdf2e44c9e859b9a9d109222a9fb771e0b
SSDEEP

6144:XfLuugOvDrmqoZAWnTSntiCeZHsE1zpdKgMnJEnNk/7nS9:XfL3gOvDrmq6AWTStiu4dKgMinNye9

Score

6^/10

bootkit persistence

Malware Config

Signatures

Enumerates connected drives 3 TTPs 21 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
File opened (read-only)	\??\q:	59d7910e842f4af8854ba06947cb686f.exe
File opened (read-only)	\??\r:	59d7910e842f4af8854ba06947cb686f.exe
File opened (read-only)	\??\z:	59d7910e842f4af8854ba06947cb686f.exe
File opened (read-only)	\??\e:	59d7910e842f4af8854ba06947cb686f.exe
File opened (read-only)	\??\g:	59d7910e842f4af8854ba06947cb686f.exe
File opened (read-only)	\??\k:	59d7910e842f4af8854ba06947cb686f.exe
File opened (read-only)	\??\o:	59d7910e842f4af8854ba06947cb686f.exe
File opened (read-only)	\??\p:	59d7910e842f4af8854ba06947cb686f.exe
File opened (read-only)	\??\h:	59d7910e842f4af8854ba06947cb686f.exe
File opened (read-only)	\??\i:	59d7910e842f4af8854ba06947cb686f.exe
File opened (read-only)	\??\l:	59d7910e842f4af8854ba06947cb686f.exe
File opened (read-only)	\??\n:	59d7910e842f4af8854ba06947cb686f.exe
File opened (read-only)	\??\u:	59d7910e842f4af8854ba06947cb686f.exe
File opened (read-only)	\??\v:	59d7910e842f4af8854ba06947cb686f.exe
File opened (read-only)	\??\w:	59d7910e842f4af8854ba06947cb686f.exe
File opened (read-only)	\??\y:	59d7910e842f4af8854ba06947cb686f.exe
File opened (read-only)	\??\j:	59d7910e842f4af8854ba06947cb686f.exe
File opened (read-only)	\??\m:	59d7910e842f4af8854ba06947cb686f.exe
File opened (read-only)	\??\s:	59d7910e842f4af8854ba06947cb686f.exe
File opened (read-only)	\??\t:	59d7910e842f4af8854ba06947cb686f.exe
File opened (read-only)	\??\x:	59d7910e842f4af8854ba06947cb686f.exe

Writes to the Master Boot Record (MBR) 1 TTPs 1 IoCs

Bootkits write to the MBR to gain persistence at a level below the operating system.

bootkit persistence

Bootkit

T1542.003

description	ioc	Process
File opened for modification	\??\PhysicalDrive0	59d7910e842f4af8854ba06947cb686f.exe

C:\Users\Admin\AppData\Local\Temp\59d7910e842f4af8854ba06947cb686f.exe
"C:\Users\Admin\AppData\Local\Temp\59d7910e842f4af8854ba06947cb686f.exe"
1⤵
- Enumerates connected drives
- Writes to the Master Boot Record (MBR)
PID:1136

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Pre-OS Boot

T1542

Bootkit

T1542.003

Privilege Escalation

Defense Evasion

Pre-OS Boot

T1542

Bootkit

T1542.003

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1136-0-0x0000000000400000-0x0000000000474000-memory.dmp

Filesize
464KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads