Overview

overview

7

Static

static

3

3a1ac507da...2d.exe

windows7-x64

7

3a1ac507da...2d.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    102s
  • max time network
    46s
  • platform
    windows7_x64
  • resource
    win7-20231215-en
  • resource tags

    arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
  • submitted
    31-12-2023 14:40

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    3a1ac507da24db9cc7329ed666b89d2d.exe

  • Size

    922KB

  • MD5

    3a1ac507da24db9cc7329ed666b89d2d

  • SHA1

    4c964315387ec86cb9116157bf574d580e77168b

  • SHA256

    e8f3aa04ff847a28bd0804f78fe19c50365521f8d4f96decdb89b1b3aa736a01

  • SHA512

    591f0646da5a143a5cb33e9b17e9a8de841bf90f4fde64ccdfe93030234b101c441929d9feb3edff4acbbe7533c3fa071193343220740f656bb6fffdefaebf43

  • SSDEEP

    12288:lTXOmFqdGPNR3XV6BdTIsF8KJHYW9FyK/eXZDxMlTrAqQZKeb:lT/7nV2IQYQyK2XL4lQZKA

Score
7/10
bootkitpersistence

Malware Config

Signatures

  • Loads dropped DLL 4 IoCs
  • Writes to the Master Boot Record (MBR) 1 TTPs 1 IoCs

    Bootkits write to the MBR to gain persistence at a level below the operating system.

    bootkitpersistence
  • Suspicious use of SetWindowsHookEx 7 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\3a1ac507da24db9cc7329ed666b89d2d.exe
    "C:\Users\Admin\AppData\Local\Temp\3a1ac507da24db9cc7329ed666b89d2d.exe"
    1⤵
    • Loads dropped DLL
    • Writes to the Master Boot Record (MBR)
    • Suspicious use of SetWindowsHookEx
    PID:2652

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • \Users\Admin\AppData\Local\Temp\E_60003\dp1.fne
    Filesize

    112KB

    MD5

    e4858add2d887c47dfa51bd1dcb79a41

    SHA1

    f91bc828ddd46ba7541701d3acc51502879dda8c

    SHA256

    39833271737161ce755aa02ccd9a814475df63cf746ce84c836d19b4154edf78

    SHA512

    4af41d926bb5466ada21957007a92d8399e2bcd5278d85b6061408c58db95872285180ecae2033ddc41d5185a046ffc5d30bc73c1fdd48aa2e300b5209e1f99b

    Download Submit

  • \Users\Admin\AppData\Local\Temp\E_60003\krnln.fnr
    Filesize

    996KB

    MD5

    ddaf7a94619cbeaac4e0c04dbf9bce99

    SHA1

    ff142c73c0237ce29ff594cb6c287e5d210370b5

    SHA256

    fb6522d23bdb2eb2a48b5ee6d3cdfba2d1dda848922ad99dc939d718a3ab383c

    SHA512

    730268e14454f0a778db85056ae383416ea337b962aac812c6761dbe3ca0e20176c2fc1c02585bd3843cff3779b8160a92e66c773b6febd6f5165c400f89cbce

    Download Submit

  • \Users\Admin\AppData\Local\Temp\E_60003\shell.fne
    Filesize

    40KB

    MD5

    ff9ee704e385d5616dee39bf45a5b1c9

    SHA1

    205ffd103debfabbebff12e90f36715da6f29708

    SHA256

    dc34e743eb41360865131301ee67234317f570f2098df9ac1a45faa6662ecdff

    SHA512

    39ee60b5a9b931f7831efd6bd49b222cbdc5c7f2e7040564ae8f14f43de8561450a987eb6165935abe00f183a746d8135b10730d734d4233433d226d577f6e60

    Download Submit

  • \Users\Admin\AppData\Local\Temp\E_60003\xplib.fne
    Filesize

    40KB

    MD5

    1f9c82ece3c8f3bb23fe73538ffc57ef

    SHA1

    8b709ed09aeb296f1aa21d8a58c5086301e5853e

    SHA256

    02e71c2980dff2c5e6f737cca330d5abaf564f4a4f20ae48c03230eeb6ca8ec2

    SHA512

    9d682940ecc60aaacaac93d2f0333dc15c718014c2797821a6a6ce3090554fc6cb63aa56698c03f0850a71f139c68a3e42929bc5048a432ff5c11d24bd1f902d

    Download Submit

  • memory/2652-0-0x0000000000400000-0x000000000045C000-memory.dmp

    Filesize

    368KB

    Download

  • memory/2652-11-0x00000000003C0000-0x00000000003CB000-memory.dmp

    Filesize

    44KB

    Download

  • memory/2652-8-0x00000000003A0000-0x00000000003B1000-memory.dmp

    Filesize

    68KB

    Download

  • memory/2652-14-0x00000000003D0000-0x00000000003EE000-memory.dmp

    Filesize

    120KB

    Download