Overview

overview

7

Static

static

3

2782816506...33.exe

windows7-x64

2782816506...33.exe

windows10-2004-x64

Analysis

  • max time kernel
    29s
  • max time network
    33s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231222-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231222-enlocale:en-usos:windows10-2004-x64system
  • submitted
    31/12/2023, 04:07

Sharing

Copy URL
Twitter E-mail

Errors

Reason
Machine shutdown
Report Analysis Logs

General

  • Target

    278281650629a0d4989dd889017bec33.exe

  • Size

    96KB

  • MD5

    278281650629a0d4989dd889017bec33

  • SHA1

    eafa0b49289881294cb01f7cd6f5d516513baf9e

  • SHA256

    863508a1bf61baaec543b2c797dadd9e8cad5f3ab6a88bfbf16e3d1a5dc31371

  • SHA512

    bf91aef41f54e9d8a3bac4897fe4e50aedd44f15a11f2cc12a6a301b6dfdf7538d25911e6f6292e86078ca666caec71a43f2b9f71cbdcc4787e6c520fe9cfafb

  • SSDEEP

    1536:JWZYJMempRzD2q6JA1vMM5Js7B4kW/5Dv/rlK1V1flUmvgw89jVP:mpN9aQMqvz4Rf4w8X

Score
7/10
bootkitpersistence

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Writes to the Master Boot Record (MBR) 1 TTPs 1 IoCs

    Bootkits write to the MBR to gain persistence at a level below the operating system.

    bootkitpersistence
  • Runs ping.exe 1 TTPs 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 2 IoCs
  • Suspicious use of WriteProcessMemory 6 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\278281650629a0d4989dd889017bec33.exe
    "C:\Users\Admin\AppData\Local\Temp\278281650629a0d4989dd889017bec33.exe"
    1⤵
    • Writes to the Master Boot Record (MBR)
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of WriteProcessMemory
    PID:5008
    • C:\Users\Admin\AppData\Local\Temp\vji5AC3.tmp
      "C:\Users\Admin\AppData\Local\Temp\vji5AC3.tmp"
      2⤵
      • Executes dropped EXE
      PID:1012
    • C:\Windows\SysWOW64\CMD.exe
      CMD /C ""C:\Users\Admin\AppData\Local\Temp\vji5AB3.cmd" "C:\Users\Admin\AppData\Local\Temp\278281650629a0d4989dd889017bec33.exe""
      2⤵
        PID:4140
    • C:\Windows\SysWOW64\PING.EXE
      ping 192.192.192.192 -n 1 -w 5000
      1⤵
      • Runs ping.exe
      PID:1068

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • memory/5008-0-0x0000000000400000-0x000000000040E000-memory.dmp

      Filesize

      56KB

      Download

    • memory/5008-9-0x0000000000400000-0x000000000040E000-memory.dmp

      Filesize

      56KB

      Download