Overview

overview

7

Static

static

3

20862f0020...bd.exe

windows7-x64

7

20862f0020...bd.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    148s
  • max time network
    150s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231215-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
  • submitted
    30/12/2023, 23:46

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    20862f00206aa4168de555a1806a77bd.exe

  • Size

    344KB

  • MD5

    20862f00206aa4168de555a1806a77bd

  • SHA1

    1e6c3d83a3ceb00ea6527dda17eefbf587e09350

  • SHA256

    7ec7fa6390a34fadae2313d37bdaf5d10a3dd87391c57e92835c7fafe89fd0e3

  • SHA512

    8f732d99b306895472354e40277f8b3aceb4971665495abc72bdc3e8b9f8a16c61aeeff61961d4f00a1c9ea151944f79989b354055d8440e1a131af47564c6f7

  • SSDEEP

    6144:UyuQUf1MgsLQcDtVnobOJwth9Pkyu+ZCF5/2JdhryOWpkYQRYUFEg9TBJu4yx:/xQQUbd9PkyzCF5OfkfkDEg9Tru3

Score
7/10
bootkitpersistence

Malware Config

Signatures

  • Checks BIOS information in registry 2 TTPs 1 IoCs

    BIOS information is often read in order to detect sandboxing environments.

  • Writes to the Master Boot Record (MBR) 1 TTPs 1 IoCs

    Bootkits write to the MBR to gain persistence at a level below the operating system.

    bootkitpersistence
  • Checks processor information in registry 2 TTPs 2 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Suspicious use of SetWindowsHookEx 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\20862f00206aa4168de555a1806a77bd.exe
    "C:\Users\Admin\AppData\Local\Temp\20862f00206aa4168de555a1806a77bd.exe"
    1⤵
    • Checks BIOS information in registry
    • Writes to the Master Boot Record (MBR)
    • Checks processor information in registry
    • Suspicious use of SetWindowsHookEx
    PID:1592

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads