Overview

overview

7

Static

static

3

226a219536...04.exe

windows7-x64

7

226a219536...04.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    118s
  • max time network
    119s
  • platform
    windows7_x64
  • resource
    win7-20231129-en
  • resource tags

    arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
  • submitted
    31/12/2023, 00:59

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    226a219536e4ec011d44e74650455e04.exe

  • Size

    344KB

  • MD5

    226a219536e4ec011d44e74650455e04

  • SHA1

    4047a8bfe816fd684b0c5a03e3fe297ea253e592

  • SHA256

    623683db1d6af3e783264c488e66c0536d0253976b255dbe488ffb99fca047e1

  • SHA512

    509a000bfede46b559822613476d24333a99cfd92366cb1ebf0538525f0e6611c77d0bc917fc56962e2faff3fc0ff08897f022f1b4df3ce115dcff7b1bedb658

  • SSDEEP

    6144:gQ0uize3ljwCPbp17u2Bc+zh2EgBu/YF098gWNlPTGQQm6agrd:gwVljnPP7ul+zFI5NtTird

Score
7/10
bootkitpersistence

Malware Config

Signatures

  • Executes dropped EXE 2 IoCs
  • Loads dropped DLL 2 IoCs
  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Writes to the Master Boot Record (MBR) 1 TTPs 1 IoCs

    Bootkits write to the MBR to gain persistence at a level below the operating system.

    bootkitpersistence
  • Drops file in System32 directory 3 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\226a219536e4ec011d44e74650455e04.exe
    "C:\Users\Admin\AppData\Local\Temp\226a219536e4ec011d44e74650455e04.exe"
    1⤵
    • Loads dropped DLL
    • Adds Run key to start application
    • Writes to the Master Boot Record (MBR)
    • Suspicious use of WriteProcessMemory
    PID:2020
    • C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\4.exe
      C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\4.exe
      2⤵
      • Executes dropped EXE
      • Drops file in System32 directory
      PID:2680
  • C:\Windows\SysWOW64\VPort1.1.exe
    C:\Windows\SysWOW64\VPort1.1.exe
    1⤵
    • Executes dropped EXE
    • Drops file in System32 directory
    PID:2592

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\4.exe
    Filesize

    178KB

    MD5

    68a98913b6caf4c662fc84aa1023c524

    SHA1

    3afa43fd4a03d889e2b4873edd9e8c9a1a53d6d1

    SHA256

    85ef3534bca5cedb2fbf822ff9e8d02dd9f26cd6508bfbbd12e873075867e7d2

    SHA512

    1b5460ec4abf2131b2768ba8c8bc3b32858fa53fa5013306cd108526d8d1712052bbcec0a8da2bc15263c362a59c5390965ccf51781d64b8e3c70d12c8a69e19

    Download Submit

  • memory/2020-7-0x0000000000380000-0x0000000000381000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2020-4-0x00000000000F0000-0x00000000000F1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2020-11-0x0000000000400000-0x0000000000401000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2020-12-0x00000000001C0000-0x00000000001C1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2020-10-0x0000000000470000-0x0000000000471000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2020-9-0x0000000000440000-0x0000000000441000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2020-8-0x0000000000110000-0x0000000000111000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2020-0-0x0000000001000000-0x0000000001098000-memory.dmp

    Filesize

    608KB

    Download

  • memory/2020-2-0x0000000000420000-0x0000000000421000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2020-6-0x00000000003E0000-0x00000000003E1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2020-5-0x00000000003F0000-0x00000000003F1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2020-3-0x0000000000100000-0x0000000000101000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2020-1-0x0000000000390000-0x00000000003D3000-memory.dmp

    Filesize

    268KB

    Download

  • memory/2020-31-0x0000000000390000-0x00000000003D3000-memory.dmp

    Filesize

    268KB

    Download

  • memory/2020-30-0x0000000001000000-0x0000000001098000-memory.dmp

    Filesize

    608KB

    Download

  • memory/2592-28-0x0000000000400000-0x0000000000478000-memory.dmp

    Filesize

    480KB

    Download

  • memory/2680-29-0x0000000000400000-0x0000000000478000-memory.dmp

    Filesize

    480KB

    Download

  • memory/2680-22-0x0000000000220000-0x0000000000221000-memory.dmp

    Filesize

    4KB

    Download