Analysis
-
max time kernel
141s -
max time network
123s -
platform
windows7_x64 -
resource
win7-20231129-en -
resource tags
arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system -
submitted
28/12/2023, 22:13
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
fbf0753988f6e278a9766c29de45cecd.exe
Resource
win7-20231129-en
4 signatures
150 seconds
Behavioral task
behavioral2
Sample
fbf0753988f6e278a9766c29de45cecd.exe
Resource
win10v2004-20231215-en
2 signatures
150 seconds
General
-
Target
fbf0753988f6e278a9766c29de45cecd.exe
-
Size
1.6MB
-
MD5
fbf0753988f6e278a9766c29de45cecd
-
SHA1
5b88156909882c530235df9ab080d5144543f430
-
SHA256
e5152e0c6d430377988c326fd4c4da6615bc4d3d6afbac35146513dbec6d142f
-
SHA512
bfe6d67f86073821db278ca2c20fabebef7007dd49d5ea8f005bf60e24c0d436079dd5365363623e9d4249d65ea3e73d6a4c283358d045bb25f0f53265851094
-
SSDEEP
49152:SqJP/j515LJzZYy8MoPDMBqPtTe/LEXB8+mJu:Z3j5fhZ52IEPtCTEeY
Score
6/10
Malware Config
Signatures
-
Writes to the Master Boot Record (MBR) 1 TTPs 1 IoCs
Bootkits write to the MBR to gain persistence at a level below the operating system.
description ioc Process File opened for modification \??\PhysicalDrive0 fbf0753988f6e278a9766c29de45cecd.exe -
Program crash 1 IoCs
pid pid_target Process procid_target 2568 1360 WerFault.exe 27 -
Modifies registry class 3 IoCs
description ioc Process Key created \REGISTRY\MACHINE\SOFTWARE\Classes\.key fbf0753988f6e278a9766c29de45cecd.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\.key\ fbf0753988f6e278a9766c29de45cecd.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\.key\ = "regfile" fbf0753988f6e278a9766c29de45cecd.exe -
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 1360 wrote to memory of 2568 1360 fbf0753988f6e278a9766c29de45cecd.exe 28 PID 1360 wrote to memory of 2568 1360 fbf0753988f6e278a9766c29de45cecd.exe 28 PID 1360 wrote to memory of 2568 1360 fbf0753988f6e278a9766c29de45cecd.exe 28 PID 1360 wrote to memory of 2568 1360 fbf0753988f6e278a9766c29de45cecd.exe 28
Processes
-
C:\Users\Admin\AppData\Local\Temp\fbf0753988f6e278a9766c29de45cecd.exe"C:\Users\Admin\AppData\Local\Temp\fbf0753988f6e278a9766c29de45cecd.exe"1⤵
- Writes to the Master Boot Record (MBR)
- Modifies registry class
- Suspicious use of WriteProcessMemory
PID:1360 -
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 1360 -s 3202⤵
- Program crash
PID:2568
-