Analysis
-
max time kernel
149s -
max time network
125s -
platform
windows7_x64 -
resource
win7-20231215-en -
resource tags
arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system -
submitted
30/12/2023, 21:48
Static task
static1
Behavioral task
behavioral1
Sample
1d8be23e4fb067497d62a6119b026e34.exe
Resource
win7-20231215-en
Behavioral task
behavioral2
Sample
1d8be23e4fb067497d62a6119b026e34.exe
Resource
win10v2004-20231215-en
General
-
Target
1d8be23e4fb067497d62a6119b026e34.exe
-
Size
464KB
-
MD5
1d8be23e4fb067497d62a6119b026e34
-
SHA1
018c990cea55c429fdc602d2f93d6a752edd3805
-
SHA256
4a210e3c6c2fc8cee8cfb374c61ba2a7912022e963824d8266e20748bf7398b9
-
SHA512
e486f7c4f8a56ebad70a628d5a3d8b54ddeb07a37b1b1770cbee3f88d5acb8010380a1dcd1d2ec33ba421ef9877cddb7209f0da0782e52ea8fdf92d7f38b87c3
-
SSDEEP
12288:4/pm2a4XMxWANZ8w5gUEnETQEIgDd0PrhVkq0YE6Jb2lDosy:4R0uMxBvhgUTEEIgMv0YE6ha7y
Malware Config
Signatures
-
Loads dropped DLL 9 IoCs
pid Process 2280 1d8be23e4fb067497d62a6119b026e34.exe 2280 1d8be23e4fb067497d62a6119b026e34.exe 2280 1d8be23e4fb067497d62a6119b026e34.exe 2280 1d8be23e4fb067497d62a6119b026e34.exe 2280 1d8be23e4fb067497d62a6119b026e34.exe 2280 1d8be23e4fb067497d62a6119b026e34.exe 2280 1d8be23e4fb067497d62a6119b026e34.exe 2280 1d8be23e4fb067497d62a6119b026e34.exe 2280 1d8be23e4fb067497d62a6119b026e34.exe -
Writes to the Master Boot Record (MBR) 1 TTPs 1 IoCs
Bootkits write to the MBR to gain persistence at a level below the operating system.
description ioc Process File opened for modification \??\PhysicalDrive0 1d8be23e4fb067497d62a6119b026e34.exe -
Drops file in System32 directory 4 IoCs
description ioc Process File created C:\Windows\SysWOW64\ÅôÉÙ.dll 1d8be23e4fb067497d62a6119b026e34.exe File created C:\Windows\SysWOW64\ÄÚ´æ´úÂë.txt 1d8be23e4fb067497d62a6119b026e34.exe File opened for modification C:\Windows\SysWOW64\ÅôÉÙ.dll 1d8be23e4fb067497d62a6119b026e34.exe File created C:\Windows\SysWOW64\ceAte×¢Èë.ime 1d8be23e4fb067497d62a6119b026e34.exe -
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
description ioc Process Key created \REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Main 1d8be23e4fb067497d62a6119b026e34.exe -
Suspicious behavior: EnumeratesProcesses 15 IoCs
pid Process 2280 1d8be23e4fb067497d62a6119b026e34.exe 2280 1d8be23e4fb067497d62a6119b026e34.exe 2280 1d8be23e4fb067497d62a6119b026e34.exe 2280 1d8be23e4fb067497d62a6119b026e34.exe 2280 1d8be23e4fb067497d62a6119b026e34.exe 2280 1d8be23e4fb067497d62a6119b026e34.exe 2280 1d8be23e4fb067497d62a6119b026e34.exe 2280 1d8be23e4fb067497d62a6119b026e34.exe 2280 1d8be23e4fb067497d62a6119b026e34.exe 2280 1d8be23e4fb067497d62a6119b026e34.exe 2280 1d8be23e4fb067497d62a6119b026e34.exe 2280 1d8be23e4fb067497d62a6119b026e34.exe 2280 1d8be23e4fb067497d62a6119b026e34.exe 2280 1d8be23e4fb067497d62a6119b026e34.exe 2280 1d8be23e4fb067497d62a6119b026e34.exe -
Suspicious use of AdjustPrivilegeToken 64 IoCs
description pid Process Token: 33 2280 1d8be23e4fb067497d62a6119b026e34.exe Token: SeIncBasePriorityPrivilege 2280 1d8be23e4fb067497d62a6119b026e34.exe Token: 33 2280 1d8be23e4fb067497d62a6119b026e34.exe Token: SeIncBasePriorityPrivilege 2280 1d8be23e4fb067497d62a6119b026e34.exe Token: 33 2280 1d8be23e4fb067497d62a6119b026e34.exe Token: SeIncBasePriorityPrivilege 2280 1d8be23e4fb067497d62a6119b026e34.exe Token: 33 2280 1d8be23e4fb067497d62a6119b026e34.exe Token: SeIncBasePriorityPrivilege 2280 1d8be23e4fb067497d62a6119b026e34.exe Token: 33 2280 1d8be23e4fb067497d62a6119b026e34.exe Token: SeIncBasePriorityPrivilege 2280 1d8be23e4fb067497d62a6119b026e34.exe Token: 33 2280 1d8be23e4fb067497d62a6119b026e34.exe Token: SeIncBasePriorityPrivilege 2280 1d8be23e4fb067497d62a6119b026e34.exe Token: 33 2280 1d8be23e4fb067497d62a6119b026e34.exe Token: SeIncBasePriorityPrivilege 2280 1d8be23e4fb067497d62a6119b026e34.exe Token: 33 2280 1d8be23e4fb067497d62a6119b026e34.exe Token: SeIncBasePriorityPrivilege 2280 1d8be23e4fb067497d62a6119b026e34.exe Token: 33 2280 1d8be23e4fb067497d62a6119b026e34.exe Token: SeIncBasePriorityPrivilege 2280 1d8be23e4fb067497d62a6119b026e34.exe Token: 33 2280 1d8be23e4fb067497d62a6119b026e34.exe Token: SeIncBasePriorityPrivilege 2280 1d8be23e4fb067497d62a6119b026e34.exe Token: 33 2280 1d8be23e4fb067497d62a6119b026e34.exe Token: SeIncBasePriorityPrivilege 2280 1d8be23e4fb067497d62a6119b026e34.exe Token: 33 2280 1d8be23e4fb067497d62a6119b026e34.exe Token: SeIncBasePriorityPrivilege 2280 1d8be23e4fb067497d62a6119b026e34.exe Token: 33 2280 1d8be23e4fb067497d62a6119b026e34.exe Token: SeIncBasePriorityPrivilege 2280 1d8be23e4fb067497d62a6119b026e34.exe Token: 33 2280 1d8be23e4fb067497d62a6119b026e34.exe Token: SeIncBasePriorityPrivilege 2280 1d8be23e4fb067497d62a6119b026e34.exe Token: 33 2280 1d8be23e4fb067497d62a6119b026e34.exe Token: SeIncBasePriorityPrivilege 2280 1d8be23e4fb067497d62a6119b026e34.exe Token: 33 2280 1d8be23e4fb067497d62a6119b026e34.exe Token: SeIncBasePriorityPrivilege 2280 1d8be23e4fb067497d62a6119b026e34.exe Token: 33 2280 1d8be23e4fb067497d62a6119b026e34.exe Token: SeIncBasePriorityPrivilege 2280 1d8be23e4fb067497d62a6119b026e34.exe Token: 33 2280 1d8be23e4fb067497d62a6119b026e34.exe Token: SeIncBasePriorityPrivilege 2280 1d8be23e4fb067497d62a6119b026e34.exe Token: 33 2280 1d8be23e4fb067497d62a6119b026e34.exe Token: SeIncBasePriorityPrivilege 2280 1d8be23e4fb067497d62a6119b026e34.exe Token: 33 2280 1d8be23e4fb067497d62a6119b026e34.exe Token: SeIncBasePriorityPrivilege 2280 1d8be23e4fb067497d62a6119b026e34.exe Token: 33 2280 1d8be23e4fb067497d62a6119b026e34.exe Token: SeIncBasePriorityPrivilege 2280 1d8be23e4fb067497d62a6119b026e34.exe Token: 33 2280 1d8be23e4fb067497d62a6119b026e34.exe Token: SeIncBasePriorityPrivilege 2280 1d8be23e4fb067497d62a6119b026e34.exe Token: 33 2280 1d8be23e4fb067497d62a6119b026e34.exe Token: SeIncBasePriorityPrivilege 2280 1d8be23e4fb067497d62a6119b026e34.exe Token: 33 2280 1d8be23e4fb067497d62a6119b026e34.exe Token: SeIncBasePriorityPrivilege 2280 1d8be23e4fb067497d62a6119b026e34.exe Token: 33 2280 1d8be23e4fb067497d62a6119b026e34.exe Token: SeIncBasePriorityPrivilege 2280 1d8be23e4fb067497d62a6119b026e34.exe Token: 33 2280 1d8be23e4fb067497d62a6119b026e34.exe Token: SeIncBasePriorityPrivilege 2280 1d8be23e4fb067497d62a6119b026e34.exe Token: 33 2280 1d8be23e4fb067497d62a6119b026e34.exe Token: SeIncBasePriorityPrivilege 2280 1d8be23e4fb067497d62a6119b026e34.exe Token: 33 2280 1d8be23e4fb067497d62a6119b026e34.exe Token: SeIncBasePriorityPrivilege 2280 1d8be23e4fb067497d62a6119b026e34.exe Token: 33 2280 1d8be23e4fb067497d62a6119b026e34.exe Token: SeIncBasePriorityPrivilege 2280 1d8be23e4fb067497d62a6119b026e34.exe Token: 33 2280 1d8be23e4fb067497d62a6119b026e34.exe Token: SeIncBasePriorityPrivilege 2280 1d8be23e4fb067497d62a6119b026e34.exe Token: 33 2280 1d8be23e4fb067497d62a6119b026e34.exe Token: SeIncBasePriorityPrivilege 2280 1d8be23e4fb067497d62a6119b026e34.exe Token: 33 2280 1d8be23e4fb067497d62a6119b026e34.exe Token: SeIncBasePriorityPrivilege 2280 1d8be23e4fb067497d62a6119b026e34.exe -
Suspicious use of SetWindowsHookEx 4 IoCs
pid Process 2280 1d8be23e4fb067497d62a6119b026e34.exe 2280 1d8be23e4fb067497d62a6119b026e34.exe 2280 1d8be23e4fb067497d62a6119b026e34.exe 2280 1d8be23e4fb067497d62a6119b026e34.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\1d8be23e4fb067497d62a6119b026e34.exe"C:\Users\Admin\AppData\Local\Temp\1d8be23e4fb067497d62a6119b026e34.exe"1⤵
- Loads dropped DLL
- Writes to the Master Boot Record (MBR)
- Drops file in System32 directory
- Modifies Internet Explorer settings
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
PID:2280
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
52KB
MD5c19a9f52996c85527e500747a7d69749
SHA1ad867382e1f3696f1a46a577c62e49cbd3b03a14
SHA2561c335c6d63bdf8fc0382bca35a0da10b2b0d4f338f85e18189beab13c45a942b
SHA512e54323b141d813499b9e763de8df06870fa6a225d1403bd1bec49dc4a0996d11f53706bb6fe58a11f5dc639999a51a8f99d4241b54a1edaf75ba43a30dd78f12