Overview
overview
10Static
static
7samples3.zip
windows7-x64
1samples3.zip
windows10-2004-x64
105cf6eee9b...b3.exe
windows7-x64
105cf6eee9b...b3.exe
windows10-2004-x64
10d332c0478...a7.exe
windows7-x64
90d332c0478...a7.exe
windows10-2004-x64
90fd8500fde...1e.exe
windows7-x64
10fd8500fde...1e.exe
windows10-2004-x64
111edf9436a...ed.pdf
windows7-x64
111edf9436a...ed.pdf
windows10-2004-x64
119a640415b...5c.exe
windows7-x64
1019a640415b...5c.exe
windows10-2004-x64
1033aa57b04b...cb.exe
windows7-x64
633aa57b04b...cb.exe
windows10-2004-x64
63643464a22...19.exe
windows7-x64
33643464a22...19.exe
windows10-2004-x64
337e2f97755...26.exe
windows7-x64
137e2f97755...26.exe
windows10-2004-x64
154cd11236f...ff.exe
windows7-x64
654cd11236f...ff.exe
windows10-2004-x64
655bc661ad4...8c.exe
windows7-x64
955bc661ad4...8c.exe
windows10-2004-x64
7603d665f09...68.exe
windows7-x64
1603d665f09...68.exe
windows10-2004-x64
16ea27a0861...7e.exe
windows7-x64
16ea27a0861...7e.exe
windows10-2004-x64
373af283fcb...0c.exe
windows7-x64
873af283fcb...0c.exe
windows10-2004-x64
87e41197b74...67.exe
windows7-x64
97e41197b74...67.exe
windows10-2004-x64
9a878fed055...99.exe
windows7-x64
3a878fed055...99.exe
windows10-2004-x64
3Analysis
-
max time kernel
5s -
max time network
4s -
platform
windows7_x64 -
resource
win7-20231215-en -
resource tags
arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system -
submitted
01-01-2024 15:27
Behavioral task
behavioral1
Sample
samples3.zip
Resource
win7-20231129-en
Behavioral task
behavioral2
Sample
samples3.zip
Resource
win10v2004-20231215-en
Behavioral task
behavioral3
Sample
05cf6eee9b0b2c049cec8ce775de0636ade55f23a51dc833170f09445719abb3.exe
Resource
win7-20231129-en
Behavioral task
behavioral4
Sample
05cf6eee9b0b2c049cec8ce775de0636ade55f23a51dc833170f09445719abb3.exe
Resource
win10v2004-20231215-en
Behavioral task
behavioral5
Sample
0d332c04780976b3cf6d505b5d7060c2f40399f581a8629885ad086e967f68a7.exe
Resource
win7-20231215-en
Behavioral task
behavioral6
Sample
0d332c04780976b3cf6d505b5d7060c2f40399f581a8629885ad086e967f68a7.exe
Resource
win10v2004-20231215-en
Behavioral task
behavioral7
Sample
0fd8500fdef116abae01a1dcfed2db9784bbcb753488710aa1048f2aa0fd111e.exe
Resource
win7-20231215-en
Behavioral task
behavioral8
Sample
0fd8500fdef116abae01a1dcfed2db9784bbcb753488710aa1048f2aa0fd111e.exe
Resource
win10v2004-20231215-en
Behavioral task
behavioral9
Sample
11edf9436a9205c88c2a815cf6ebfb0a7a42eb150a2649766b3bb30350ee35ed.pdf
Resource
win7-20231215-en
Behavioral task
behavioral10
Sample
11edf9436a9205c88c2a815cf6ebfb0a7a42eb150a2649766b3bb30350ee35ed.pdf
Resource
win10v2004-20231222-en
Behavioral task
behavioral11
Sample
19a640415bb2bbc2f2624c204f6c5771b908b6c54b88976eb0daa76a29af255c.exe
Resource
win7-20231215-en
Behavioral task
behavioral12
Sample
19a640415bb2bbc2f2624c204f6c5771b908b6c54b88976eb0daa76a29af255c.exe
Resource
win10v2004-20231215-en
Behavioral task
behavioral13
Sample
33aa57b04bbdcf9617ed334dda4aee9502be652771899c75937f0e1223c7e2cb.exe
Resource
win7-20231215-en
Behavioral task
behavioral14
Sample
33aa57b04bbdcf9617ed334dda4aee9502be652771899c75937f0e1223c7e2cb.exe
Resource
win10v2004-20231215-en
Behavioral task
behavioral15
Sample
3643464a225aa2ad5c9c9657d4fd05b943fdd9c04ca36b9d3610a04332909d19.exe
Resource
win7-20231215-en
Behavioral task
behavioral16
Sample
3643464a225aa2ad5c9c9657d4fd05b943fdd9c04ca36b9d3610a04332909d19.exe
Resource
win10v2004-20231215-en
Behavioral task
behavioral17
Sample
37e2f977559a58cb33f7128ad7699a5c4f7c0013d8d83b1eda93a59ae35ba526.exe
Resource
win7-20231129-en
Behavioral task
behavioral18
Sample
37e2f977559a58cb33f7128ad7699a5c4f7c0013d8d83b1eda93a59ae35ba526.exe
Resource
win10v2004-20231222-en
Behavioral task
behavioral19
Sample
54cd11236fdc2a40b505598541f64e8a6bd9ea84552b6d5946777badf8a2b7ff.exe
Resource
win7-20231215-en
Behavioral task
behavioral20
Sample
54cd11236fdc2a40b505598541f64e8a6bd9ea84552b6d5946777badf8a2b7ff.exe
Resource
win10v2004-20231215-en
Behavioral task
behavioral21
Sample
55bc661ad4439400fc434fd6bab66f598c7272854f0453b451e31b84265eff8c.exe
Resource
win7-20231215-en
Behavioral task
behavioral22
Sample
55bc661ad4439400fc434fd6bab66f598c7272854f0453b451e31b84265eff8c.exe
Resource
win10v2004-20231215-en
Behavioral task
behavioral23
Sample
603d665f09a9a199a4b5b9f8d1841a07ae9c525f275fc54c7cb15953d73ff568.exe
Resource
win7-20231129-en
Behavioral task
behavioral24
Sample
603d665f09a9a199a4b5b9f8d1841a07ae9c525f275fc54c7cb15953d73ff568.exe
Resource
win10v2004-20231215-en
Behavioral task
behavioral25
Sample
6ea27a08617ed35f8340fcc9eda5ccd7316eed9b192e3a7efd4cd5e1b8a4fc7e.exe
Resource
win7-20231129-en
Behavioral task
behavioral26
Sample
6ea27a08617ed35f8340fcc9eda5ccd7316eed9b192e3a7efd4cd5e1b8a4fc7e.exe
Resource
win10v2004-20231215-en
Behavioral task
behavioral27
Sample
73af283fcb06a9ea35ea6ad24b62b302459594f4b09dbba2d74001bf90ab020c.exe
Resource
win7-20231215-en
Behavioral task
behavioral28
Sample
73af283fcb06a9ea35ea6ad24b62b302459594f4b09dbba2d74001bf90ab020c.exe
Resource
win10v2004-20231215-en
Behavioral task
behavioral29
Sample
7e41197b74e2dcc6c0563d4b71a4ad16293909889ce4f1c5ab214bdd59088667.exe
Resource
win7-20231215-en
Behavioral task
behavioral30
Sample
7e41197b74e2dcc6c0563d4b71a4ad16293909889ce4f1c5ab214bdd59088667.exe
Resource
win10v2004-20231222-en
Behavioral task
behavioral31
Sample
a878fed05519b4e0898e26a79cc646c0bb7b9e380c94f06baecc750f0ab97b99.exe
Resource
win7-20231215-en
Behavioral task
behavioral32
Sample
a878fed05519b4e0898e26a79cc646c0bb7b9e380c94f06baecc750f0ab97b99.exe
Resource
win10v2004-20231222-en
General
-
Target
54cd11236fdc2a40b505598541f64e8a6bd9ea84552b6d5946777badf8a2b7ff.exe
-
Size
163KB
-
MD5
f435c9ea441e60844f6cd74a3d7510c1
-
SHA1
8cf5e06091086822efea0e6e1d3acdaee6c56f95
-
SHA256
54cd11236fdc2a40b505598541f64e8a6bd9ea84552b6d5946777badf8a2b7ff
-
SHA512
c529064ec99ead01fa97ba0e309cbf5c8d263a3537605115a884e888a2ef1865691216eb96c8f6ca023d41ec74041cc9128dacca51e2d9585e7e10e6eb914e6c
-
SSDEEP
3072:00tTiVVFj3dTcAskPC+G4+6mIc4RmwE4j2lmm4c+JttZOKih7bDHLLbD:0VVLTnq+upI5Rmww/GtZObvbD
Malware Config
Signatures
-
Writes to the Master Boot Record (MBR) 1 TTPs 1 IoCs
Bootkits write to the MBR to gain persistence at a level below the operating system.
Processes:
54cd11236fdc2a40b505598541f64e8a6bd9ea84552b6d5946777badf8a2b7ff.exedescription ioc process File opened for modification \??\PHYSICALDRIVE0 54cd11236fdc2a40b505598541f64e8a6bd9ea84552b6d5946777badf8a2b7ff.exe -
Suspicious use of AdjustPrivilegeToken 16 IoCs
Processes:
vds.exedescription pid process Token: SeLoadDriverPrivilege 2680 vds.exe Token: SeLoadDriverPrivilege 2680 vds.exe Token: SeLoadDriverPrivilege 2680 vds.exe Token: SeLoadDriverPrivilege 2680 vds.exe Token: SeLoadDriverPrivilege 2680 vds.exe Token: SeLoadDriverPrivilege 2680 vds.exe Token: SeLoadDriverPrivilege 2680 vds.exe Token: SeLoadDriverPrivilege 2680 vds.exe Token: SeLoadDriverPrivilege 2680 vds.exe Token: SeLoadDriverPrivilege 2680 vds.exe Token: SeLoadDriverPrivilege 2680 vds.exe Token: SeLoadDriverPrivilege 2680 vds.exe Token: SeLoadDriverPrivilege 2680 vds.exe Token: SeLoadDriverPrivilege 2680 vds.exe Token: SeLoadDriverPrivilege 2680 vds.exe Token: SeLoadDriverPrivilege 2680 vds.exe -
Suspicious use of WriteProcessMemory 12 IoCs
Processes:
54cd11236fdc2a40b505598541f64e8a6bd9ea84552b6d5946777badf8a2b7ff.execmd.execmd.exedescription pid process target process PID 2000 wrote to memory of 2196 2000 54cd11236fdc2a40b505598541f64e8a6bd9ea84552b6d5946777badf8a2b7ff.exe cmd.exe PID 2000 wrote to memory of 2196 2000 54cd11236fdc2a40b505598541f64e8a6bd9ea84552b6d5946777badf8a2b7ff.exe cmd.exe PID 2000 wrote to memory of 2196 2000 54cd11236fdc2a40b505598541f64e8a6bd9ea84552b6d5946777badf8a2b7ff.exe cmd.exe PID 2196 wrote to memory of 2068 2196 cmd.exe diskpart.exe PID 2196 wrote to memory of 2068 2196 cmd.exe diskpart.exe PID 2196 wrote to memory of 2068 2196 cmd.exe diskpart.exe PID 2000 wrote to memory of 2640 2000 54cd11236fdc2a40b505598541f64e8a6bd9ea84552b6d5946777badf8a2b7ff.exe cmd.exe PID 2000 wrote to memory of 2640 2000 54cd11236fdc2a40b505598541f64e8a6bd9ea84552b6d5946777badf8a2b7ff.exe cmd.exe PID 2000 wrote to memory of 2640 2000 54cd11236fdc2a40b505598541f64e8a6bd9ea84552b6d5946777badf8a2b7ff.exe cmd.exe PID 2640 wrote to memory of 2676 2640 cmd.exe diskpart.exe PID 2640 wrote to memory of 2676 2640 cmd.exe diskpart.exe PID 2640 wrote to memory of 2676 2640 cmd.exe diskpart.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\54cd11236fdc2a40b505598541f64e8a6bd9ea84552b6d5946777badf8a2b7ff.exe"C:\Users\Admin\AppData\Local\Temp\54cd11236fdc2a40b505598541f64e8a6bd9ea84552b6d5946777badf8a2b7ff.exe"1⤵
- Writes to the Master Boot Record (MBR)
- Suspicious use of WriteProcessMemory
PID:2000 -
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c %systemroot%\system32\diskpart.exe /S drive_clean_0.scp2⤵
- Suspicious use of WriteProcessMemory
PID:2196 -
C:\Windows\system32\diskpart.exeC:\Windows\system32\diskpart.exe /S drive_clean_0.scp3⤵PID:2068
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c %systemroot%\system32\diskpart.exe /S drive_rescan_0.scp2⤵
- Suspicious use of WriteProcessMemory
PID:2640 -
C:\Windows\system32\diskpart.exeC:\Windows\system32\diskpart.exe /S drive_rescan_0.scp3⤵PID:2676
-
C:\Windows\System32\vdsldr.exeC:\Windows\System32\vdsldr.exe -Embedding1⤵PID:2728
-
C:\Windows\System32\vds.exeC:\Windows\System32\vds.exe1⤵
- Suspicious use of AdjustPrivilegeToken
PID:2680
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\Local\Temp\drive_clean_0.scpFilesize
22B
MD5ac9b31ab3ed20dbe98674c6da0142492
SHA152713a41696fca7362cfc28b883729136ead9dff
SHA2565c7a7823458cb3aa4305b03c8353809ce13169dce9e895ee195795e5e3abca75
SHA5120cbf5afa71f4797a391158d5d9afa7771cf45c66108f89c8a70442bef084091bb5b5e736879c27267c2723214d9ca4457d88b908ed2ad2645e816d0ccfd3ed2d
-
C:\Users\Admin\AppData\Local\Temp\drive_rescan_0.scpFilesize
8B
MD573e37297f08b2da29d5f4f2631b32044
SHA154f4310189a98538d79570237b4184a6524ee6da
SHA2561ce233f67aef85aa4e5a11cf1c78114508d371931e09e6097df5924516051d20
SHA512ca2afe275620bf4d5e7dab254360e00e791aec7601773d022dd5153ff4048f2ed8cdb017b072f4c561b307e088564650342abfd2f19dc04b2f07864d593350d8