45cbe77c994e29e8ce6dda58f98a7bb97adbd81793e23f1d17dd4c0b4eccb021

Analysis

max time kernel
17s
max time network
122s
platform
windows7_x64
resource
win7-20231129-en
resource tags

arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
submitted
09-01-2024 15:59

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

4ebd922312ecb04cd7e925526a288613.exe
Size

248KB
MD5

4ebd922312ecb04cd7e925526a288613
SHA1

a0578371a41fe7fd661afe68263366bf68268e75
SHA256

45cbe77c994e29e8ce6dda58f98a7bb97adbd81793e23f1d17dd4c0b4eccb021
SHA512

98162f2ff1376ab9207b52747ce6e279731178f20e4ae74fddafdedc63a171d87526abb069cff2d893414fab26c62a0294bc6f613dd50eaa04ca7a4eda4685ac
SSDEEP

6144:PAfgMHa+c6RV4HX44VajIPBBjQWcS2Z948gmDfiGif2:oRHnW4M3P/jQWcLZ948ZI2

Score

7^/10

bootkit persistence upx

Malware Config

Signatures

UPX packed file 4 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2128-0-0x0000000000400000-0x0000000000491000-memory.dmp	upx
behavioral1/memory/2128-11-0x0000000000400000-0x0000000000491000-memory.dmp	upx
behavioral1/memory/2128-64-0x0000000000400000-0x0000000000491000-memory.dmp	upx
behavioral1/memory/2128-70-0x0000000000400000-0x0000000000491000-memory.dmp	upx

Writes to the Master Boot Record (MBR) 1 TTPs 1 IoCs

Bootkits write to the MBR to gain persistence at a level below the operating system.

bootkit persistence

Bootkit

T1542.003

description	ioc	Process
File opened for modification	\??\PhysicalDrive0	4ebd922312ecb04cd7e925526a288613.exe

C:\Users\Admin\AppData\Local\Temp\4ebd922312ecb04cd7e925526a288613.exe
"C:\Users\Admin\AppData\Local\Temp\4ebd922312ecb04cd7e925526a288613.exe"
1⤵
- Writes to the Master Boot Record (MBR)
PID:2128

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Pre-OS Boot

T1542

Bootkit

T1542.003

Privilege Escalation

Defense Evasion

Pre-OS Boot

T1542

Bootkit

T1542.003

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

Filesize
5KB

MD5
62ec03143663a41d7f7f031e3db13ea5

SHA1
6a8d6690573a75467248eada09b5ba8f59c84061

SHA256
45d52e9274126add8386bb399053e0ab74f347a21f142266b3eaa1617f414f21

SHA512
457f2b09d0b564839b8b2b359fb618448086447b4888b886e93366c6325302ae00c3d9776af7a2951620d54dc8666716bd8cbde4b92d5427b6572e3d9a4bc69a

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar46C5.tmp

Filesize
86KB

MD5
c905e9a2778e3356fda336ee2b104122

SHA1
0994b529c072843289d9ee92413a108c9f22da5e

SHA256
90306a8747d4f7c3265f4b08cfe8462546aec6a443549ad2816f47dbdbb6c493

SHA512
4bf551e8e73962a926720caa77f39c3915e935a01b8621e579feff59edee13e7b9dc799ec46fca173471e40cb250c1c64897b59592b655827fd128cd2af17b97

Download Submit
memory/2128-0-0x0000000000400000-0x0000000000491000-memory.dmp

Filesize
580KB

Download
memory/2128-11-0x0000000000400000-0x0000000000491000-memory.dmp

Filesize
580KB

Download
memory/2128-64-0x0000000000400000-0x0000000000491000-memory.dmp

Filesize
580KB

Download
memory/2128-70-0x0000000000400000-0x0000000000491000-memory.dmp

Filesize
580KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads