f185f4c68c51ce4f6a5053fadf93c32c06cf3f294c8fe698ab9c3030df26027f

Analysis

max time kernel
11s
max time network
131s
platform
windows7_x64
resource
win7-20231129-en
resource tags

arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
submitted
31/12/2023, 04:54

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

28fbe870202695f45eb49ab303fe5c5d.exe
Size

308KB
MD5

28fbe870202695f45eb49ab303fe5c5d
SHA1

4c17bda6caf6f6c04b673fd8105311382606f0e5
SHA256

f185f4c68c51ce4f6a5053fadf93c32c06cf3f294c8fe698ab9c3030df26027f
SHA512

9319af6fbdb1b391730d4e69bb6f06914c95dd707ee3031d2ed80b2784b0bdc4b2b735dbf56b2de720debe3f3d6ecde2620735ba0421941a2c597d8317a0bd13
SSDEEP

6144:HvOBo+b95SQg9T4Cn+jjEJM+1AZeHfvUoQX/F1OtlX444WGn4e1:q7kQg9chj4JMnZe/vUJiHn1K

Score

7^/10

bootkit persistence upx

Malware Config

Signatures

UPX packed file 4 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2392-0-0x0000000000400000-0x00000000004B7000-memory.dmp	upx
behavioral1/memory/2392-37-0x0000000000400000-0x00000000004B7000-memory.dmp	upx
behavioral1/memory/2392-67-0x0000000000400000-0x00000000004B7000-memory.dmp	upx
behavioral1/memory/2392-73-0x0000000000400000-0x00000000004B7000-memory.dmp	upx

Writes to the Master Boot Record (MBR) 1 TTPs 1 IoCs

Bootkits write to the MBR to gain persistence at a level below the operating system.

bootkit persistence

Bootkit

T1542.003

description	ioc	Process
File opened for modification	\??\PhysicalDrive0	28fbe870202695f45eb49ab303fe5c5d.exe

C:\Users\Admin\AppData\Local\Temp\28fbe870202695f45eb49ab303fe5c5d.exe
"C:\Users\Admin\AppData\Local\Temp\28fbe870202695f45eb49ab303fe5c5d.exe"
1⤵
- Writes to the Master Boot Record (MBR)
PID:2392

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Pre-OS Boot

T1542

Bootkit

T1542.003

Privilege Escalation

Defense Evasion

Pre-OS Boot

T1542

Bootkit

T1542.003

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Tar3B60.tmp

Filesize
18KB

MD5
008303950fa33af69c1199ef1573a837

SHA1
34fed78b024f273a667e2e6cb9b944c4273bff5e

SHA256
331e9ea51d55d682998fc6095a22f45c30c3dafc28dfed7860f6bc55437d99f6

SHA512
8d75d095231c523373266409a0517ba724a0a1762e017cd370c6e6a488ee68ddb1be8365e3c26ccb2423915337a631c7243c61b48cef52ace07588ad6b265f80

Download Submit
memory/2392-0-0x0000000000400000-0x00000000004B7000-memory.dmp

Filesize
732KB

Download
memory/2392-37-0x0000000000400000-0x00000000004B7000-memory.dmp

Filesize
732KB

Download
memory/2392-67-0x0000000000400000-0x00000000004B7000-memory.dmp

Filesize
732KB

Download
memory/2392-73-0x0000000000400000-0x00000000004B7000-memory.dmp

Filesize
732KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads