Overview

overview

7

Static

static

3

6a74aa78d1...70.exe

windows7-x64

7

6a74aa78d1...70.exe

windows10-2004-x64

3

Analysis

  • max time kernel
    117s
  • max time network
    123s
  • platform
    windows7_x64
  • resource
    win7-20231215-en
  • resource tags

    arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
  • submitted
    26-12-2023 11:22

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    6a74aa78d1802cd22d0ebfa338279470.exe

  • Size

    440KB

  • MD5

    6a74aa78d1802cd22d0ebfa338279470

  • SHA1

    bc04ea136856e31f2333022ed2092916969ba214

  • SHA256

    dbae69266b5cd2ac0424d64ff65d2a4e48e4d16f534dad5cc27e3a67ee60a392

  • SHA512

    6c1855b066c23c6ee137216810db39b3da752c96009b8c6d7d4cdc73a715ab2d07509121e3c6037f457bdf348644951e08940a1a5567ad16f87f6c8baeb6bc51

  • SSDEEP

    12288:KgTrA1Vs5JjEOgI2UMkLwS7fqTm7Tp/MlmrRpHQJ9:zTrAU5JoOgIx7pkYdi

Score
7/10
bootkitpersistence

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 3 IoCs
  • Writes to the Master Boot Record (MBR) 1 TTPs 1 IoCs

    Bootkits write to the MBR to gain persistence at a level below the operating system.

    bootkitpersistence
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious behavior: RenamesItself 1 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\6a74aa78d1802cd22d0ebfa338279470.exe
    "C:\Users\Admin\AppData\Local\Temp\6a74aa78d1802cd22d0ebfa338279470.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious behavior: RenamesItself
    • Suspicious use of WriteProcessMemory
    PID:2084
    • C:\Users\Admin\AppData\Local\Temp\7F6D.exe
      "C:\Users\Admin\AppData\Local\Temp\7F6D.exe"
      2⤵
      • Executes dropped EXE
      • Writes to the Master Boot Record (MBR)
      PID:1704

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • \Users\Admin\AppData\Local\Temp\7F6D.exe
    Filesize

    368KB

    MD5

    423808ee3ddd2aae654c53db95623b35

    SHA1

    573686935b245bbe669dbe30731bdf0bdf04237e

    SHA256

    69a79852efe855bcf8a57144b2fff9ab5162f9d4aad3364101f40c0b3f316a42

    SHA512

    2204436b841e4ae809b59795a7b29cab25af1f4348ecca0d64083d3cba4da6eaf6b4125fadba3ee84976b51f8465f7c0f6ae7e86dc25f178e4fd685261bb73d7

    Download Submit

  • memory/2084-0-0x0000000000400000-0x000000000046F000-memory.dmp

    Filesize

    444KB

    Download

  • memory/2084-1-0x0000000000230000-0x000000000029A000-memory.dmp

    Filesize

    424KB

    Download

  • memory/2084-2-0x00000000002C0000-0x00000000002C1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2084-3-0x0000000000400000-0x000000000046F000-memory.dmp

    Filesize

    444KB

    Download

  • memory/2084-16-0x0000000000230000-0x000000000029A000-memory.dmp

    Filesize

    424KB

    Download