Overview

overview

7

Static

static

7

018ddb4be3...af.exe

windows7-x64

7

018ddb4be3...af.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    144s
  • max time network
    151s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231215-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
  • submitted
    29-12-2023 19:21

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    018ddb4be30ecbd3c73c984d9f628baf.exe

  • Size

    345KB

  • MD5

    018ddb4be30ecbd3c73c984d9f628baf

  • SHA1

    34c069ffc39b0694bd5f7e217e460fd1892d89f9

  • SHA256

    0634f3329ffe43fe810e7e3839a2fd6b405f191c3ef392c3ff8207ee955f63ae

  • SHA512

    5cfb71edad4b45f25460dc02f80e784663b324b244518e1c6654f6308ff17bf39e1412f1566afe105f8a9230e062031bfbc5ab2b8ba7d2f2cbc6aeba63e0b727

  • SSDEEP

    6144:cLhb9c0JB1V7V4BKx4OYke4DKEbYznfeEJrDu9GBXQf1RVi9uIu:cLDcQnVOG4OYke4YznfeEeGBANzi9uIu

Score
7/10
bootkitpersistenceupx

Malware Config

Signatures

  • ACProtect 1.3x - 1.4x DLL software 1 IoCs

    Detects file using ACProtect software.

  • Loads dropped DLL 2 IoCs
  • UPX packed file 3 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Writes to the Master Boot Record (MBR) 1 TTPs 1 IoCs

    Bootkits write to the MBR to gain persistence at a level below the operating system.

    bootkitpersistence
  • Suspicious use of SetWindowsHookEx 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\018ddb4be30ecbd3c73c984d9f628baf.exe
    "C:\Users\Admin\AppData\Local\Temp\018ddb4be30ecbd3c73c984d9f628baf.exe"
    1⤵
    • Loads dropped DLL
    • Writes to the Master Boot Record (MBR)
    • Suspicious use of SetWindowsHookEx
    PID:2576

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\bki690A.tmp
    Filesize

    172KB

    MD5

    fe763c2d71419352141c77c310e600d2

    SHA1

    6bb51ebcbde9fe5556a74319b49bea37d5542d5e

    SHA256

    7fdf10ca02d2238e22fda18dfbede9750da9f257221802c8b86c557c19c9bc7b

    SHA512

    147b3a525b1fef98ae46923dcbe25edfcf7b523f347857466eefa88f09ec053ba309dfbee5f1454ec64aba0518ee21986c4b6a506f8550efb1163c8f04d7482c

    Download Submit

  • C:\Users\Admin\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-1815711207-1844170477-3539718864-1000\58b509c3f65696668c836e38a17ee52b_06e98980-15b5-4d19-8f6d-e648d137a418
    Filesize

    52B

    MD5

    71f0a0976ffb68beb323f97d898bde77

    SHA1

    c89707a323bd14f34b97390cb8be7cf92113431e

    SHA256

    5c4647f65619cae1cf6a0ee07865199b68bdd3a825501f403866e11201ccd388

    SHA512

    620c78bbacdbadb92543ecc5a7a49d43ff5a0d1ec701fb301c9cd074df3a97b0c7a786de87b7680cde8f9dc85b7a43305b4bd7e06f4b7464d7afcf97628e610e

    Download Submit

  • memory/2576-0-0x0000000000400000-0x0000000000469000-memory.dmp

    Filesize

    420KB

    Download

  • memory/2576-8-0x0000000000A40000-0x0000000000AB3000-memory.dmp

    Filesize

    460KB

    Download

  • memory/2576-7-0x0000000000A40000-0x0000000000AB3000-memory.dmp

    Filesize

    460KB

    Download

  • memory/2576-9-0x0000000002730000-0x0000000002731000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2576-17-0x0000000000400000-0x0000000000469000-memory.dmp

    Filesize

    420KB

    Download

  • memory/2576-18-0x0000000000A40000-0x0000000000AB3000-memory.dmp

    Filesize

    460KB

    Download

  • memory/2576-62-0x0000000000A40000-0x0000000000AB3000-memory.dmp

    Filesize

    460KB

    Download

  • memory/2576-63-0x0000000000400000-0x0000000000469000-memory.dmp

    Filesize

    420KB

    Download

  • memory/2576-64-0x0000000000A40000-0x0000000000AB3000-memory.dmp

    Filesize

    460KB

    Download