a17343227ffd56ad6cae37885507d13b8da7e85d40f9718400e79f5670b4a07f

Analysis

max time kernel
140s
max time network
120s
platform
windows7_x64
resource
win7-20231129-en
resource tags

arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
submitted
10/01/2024, 10:38

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

5055800587ff74d767ad9d7822e735c0.exe
Size

238KB
MD5

5055800587ff74d767ad9d7822e735c0
SHA1

7f2efdbaaed85e983c06a040537453b1fb15d1be
SHA256

a17343227ffd56ad6cae37885507d13b8da7e85d40f9718400e79f5670b4a07f
SHA512

ba106f705dfb6c161dec09a1c9e4a2a3981a037a8648afaee1e36801bbfb2b20f408b6126f5794db068e7ab7d0b115fd05876a2fe2032c1d1415f901476eda70
SSDEEP

6144:t9gQWC2QQ250OwGof4B98gWNlPTGQQm6agrd:tqQjQ2m8yNtTird

Score

6^/10

bootkit persistence

Malware Config

Signatures

Writes to the Master Boot Record (MBR) 1 TTPs 1 IoCs

Bootkits write to the MBR to gain persistence at a level below the operating system.

bootkit persistence

Bootkit

T1542.003

description	ioc	Process
File opened for modification	\??\PhysicalDrive0	5055800587ff74d767ad9d7822e735c0.exe

C:\Users\Admin\AppData\Local\Temp\5055800587ff74d767ad9d7822e735c0.exe
"C:\Users\Admin\AppData\Local\Temp\5055800587ff74d767ad9d7822e735c0.exe"
1⤵
- Writes to the Master Boot Record (MBR)
PID:2888

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Pre-OS Boot

T1542

Bootkit

T1542.003

Privilege Escalation

Defense Evasion

Pre-OS Boot

T1542

Bootkit

T1542.003

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2888-11-0x0000000000870000-0x0000000000871000-memory.dmp

Filesize
4KB

Download
memory/2888-12-0x00000000008A0000-0x00000000008A1000-memory.dmp

Filesize
4KB

Download
memory/2888-10-0x0000000000220000-0x0000000000221000-memory.dmp

Filesize
4KB

Download
memory/2888-9-0x00000000007F0000-0x00000000007F1000-memory.dmp

Filesize
4KB

Download
memory/2888-8-0x0000000000110000-0x0000000000111000-memory.dmp

Filesize
4KB

Download
memory/2888-7-0x00000000007C0000-0x00000000007C1000-memory.dmp

Filesize
4KB

Download
memory/2888-6-0x00000000007D0000-0x00000000007D1000-memory.dmp

Filesize
4KB

Download
memory/2888-5-0x00000000007E0000-0x00000000007E1000-memory.dmp

Filesize
4KB

Download
memory/2888-4-0x00000000000F0000-0x00000000000F1000-memory.dmp

Filesize
4KB

Download
memory/2888-3-0x0000000000100000-0x0000000000101000-memory.dmp

Filesize
4KB

Download
memory/2888-2-0x0000000000810000-0x0000000000811000-memory.dmp

Filesize
4KB

Download
memory/2888-1-0x00000000001D0000-0x0000000000213000-memory.dmp

Filesize
268KB

Download
memory/2888-0-0x0000000001000000-0x0000000001062000-memory.dmp

Filesize
392KB

Download
memory/2888-13-0x0000000001000000-0x0000000001062000-memory.dmp

Filesize
392KB

Download
memory/2888-15-0x00000000001D0000-0x0000000000213000-memory.dmp

Filesize
268KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads