232e37f46934a69faabc777bc37bb41b113c984f6c2b3fcda3af8e982e63f919

Analysis

max time kernel
141s
max time network
124s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
11/01/2024, 10:44

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

534dee86498e7e44ba82dc10921e8fea.exe
Size

158KB
MD5

534dee86498e7e44ba82dc10921e8fea
SHA1

6344056035c8342ba4614a8a5c70461efe6a31b5
SHA256

232e37f46934a69faabc777bc37bb41b113c984f6c2b3fcda3af8e982e63f919
SHA512

92edff417c5f8efa51e04e5ead97ed40855acbb6a849d4ca5748901ff4f79bc8b15813fac78f7e3c7cbd82a43f1838972ce6d036285495a392891a045afadb06
SSDEEP

3072:Wo7/uZASUJkBhNZAxdJIeQ7hqrw1o98PsMBv3MCmJpfVM:/QAS4KfKx/8GcsMBvMCmJpfK

Score

10^/10

bootkit evasion persistence

Malware Config

Signatures

Modifies firewall policy service 2 TTPs 2 IoCs

evasion

Modify Registry

T1112

Windows Service

T1543.003

description	ioc	Process
Key created	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile	534dee86498e7e44ba82dc10921e8fea.exe
Set value (int)	\REGISTRY\MACHINE\SYSTEM\ControlSet001\services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\EnableFirewall = "0"	534dee86498e7e44ba82dc10921e8fea.exe

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\mdc = "C:\\Users\\Admin\\AppData\\Local\\Temp\\534dee86498e7e44ba82dc10921e8fea.exe"	534dee86498e7e44ba82dc10921e8fea.exe

Writes to the Master Boot Record (MBR) 1 TTPs 1 IoCs

Bootkits write to the MBR to gain persistence at a level below the operating system.

bootkit persistence

Bootkit

T1542.003

description	ioc	Process
File opened for modification	\??\PhysicalDrive0	534dee86498e7e44ba82dc10921e8fea.exe

C:\Users\Admin\AppData\Local\Temp\534dee86498e7e44ba82dc10921e8fea.exe
"C:\Users\Admin\AppData\Local\Temp\534dee86498e7e44ba82dc10921e8fea.exe"
1⤵
- Modifies firewall policy service
- Adds Run key to start application
- Writes to the Master Boot Record (MBR)
PID:2252

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Create or Modify System Process

T1543

Windows Service

T1543.003

Pre-OS Boot

T1542

Bootkit

T1542.003

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Create or Modify System Process

T1543

Windows Service

T1543.003

Defense Evasion

Modify Registry

T1112

Pre-OS Boot

T1542

Bootkit

T1542.003

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2252-0-0x0000000000400000-0x0000000000431000-memory.dmp

Filesize
196KB

Download
memory/2252-2-0x0000000000270000-0x0000000000271000-memory.dmp

Filesize
4KB

Download
memory/2252-3-0x0000000000260000-0x0000000000261000-memory.dmp

Filesize
4KB

Download
memory/2252-1-0x00000000002F0000-0x0000000000332000-memory.dmp

Filesize
264KB

Download
memory/2252-8-0x00000000003F0000-0x00000000003F1000-memory.dmp

Filesize
4KB

Download
memory/2252-11-0x0000000000840000-0x0000000000841000-memory.dmp

Filesize
4KB

Download
memory/2252-10-0x0000000000860000-0x0000000000861000-memory.dmp

Filesize
4KB

Download
memory/2252-9-0x0000000000600000-0x0000000000601000-memory.dmp

Filesize
4KB

Download
memory/2252-7-0x00000000003E0000-0x00000000003E1000-memory.dmp

Filesize
4KB

Download
memory/2252-6-0x00000000005F0000-0x00000000005F1000-memory.dmp

Filesize
4KB

Download
memory/2252-19-0x0000000002280000-0x0000000002281000-memory.dmp

Filesize
4KB

Download
memory/2252-18-0x0000000002290000-0x0000000002291000-memory.dmp

Filesize
4KB

Download
memory/2252-17-0x0000000002260000-0x0000000002261000-memory.dmp

Filesize
4KB

Download
memory/2252-16-0x0000000002270000-0x0000000002271000-memory.dmp

Filesize
4KB

Download
memory/2252-15-0x0000000002240000-0x0000000002241000-memory.dmp

Filesize
4KB

Download
memory/2252-14-0x0000000002250000-0x0000000002251000-memory.dmp

Filesize
4KB

Download
memory/2252-13-0x0000000000870000-0x0000000000871000-memory.dmp

Filesize
4KB

Download
memory/2252-12-0x0000000002230000-0x0000000002231000-memory.dmp

Filesize
4KB

Download
memory/2252-5-0x00000000005D0000-0x00000000005D1000-memory.dmp

Filesize
4KB

Download
memory/2252-20-0x00000000022B0000-0x00000000022B1000-memory.dmp

Filesize
4KB

Download
memory/2252-4-0x00000000005E0000-0x00000000005E2000-memory.dmp

Filesize
8KB

Download
memory/2252-21-0x00000000022A0000-0x00000000022A1000-memory.dmp

Filesize
4KB

Download
memory/2252-22-0x00000000022D0000-0x00000000022D1000-memory.dmp

Filesize
4KB

Download
memory/2252-23-0x00000000022C0000-0x00000000022C1000-memory.dmp

Filesize
4KB

Download
memory/2252-24-0x00000000022F0000-0x00000000022F1000-memory.dmp

Filesize
4KB

Download
memory/2252-25-0x00000000022E0000-0x00000000022E1000-memory.dmp

Filesize
4KB

Download
memory/2252-27-0x0000000002300000-0x0000000002301000-memory.dmp

Filesize
4KB

Download
memory/2252-26-0x0000000002310000-0x0000000002311000-memory.dmp

Filesize
4KB

Download
memory/2252-28-0x0000000002330000-0x0000000002331000-memory.dmp

Filesize
4KB

Download
memory/2252-29-0x0000000002320000-0x0000000002321000-memory.dmp

Filesize
4KB

Download
memory/2252-30-0x0000000002350000-0x0000000002351000-memory.dmp

Filesize
4KB

Download
memory/2252-31-0x0000000002340000-0x0000000002341000-memory.dmp

Filesize
4KB

Download
memory/2252-32-0x0000000002370000-0x0000000002371000-memory.dmp

Filesize
4KB

Download
memory/2252-33-0x0000000002360000-0x0000000002361000-memory.dmp

Filesize
4KB

Download
memory/2252-63-0x0000000002560000-0x0000000002561000-memory.dmp

Filesize
4KB

Download
memory/2252-62-0x0000000002570000-0x0000000002571000-memory.dmp

Filesize
4KB

Download
memory/2252-61-0x0000000002540000-0x0000000002541000-memory.dmp

Filesize
4KB

Download
memory/2252-60-0x0000000002520000-0x0000000002521000-memory.dmp

Filesize
4KB

Download
memory/2252-59-0x0000000002530000-0x0000000002531000-memory.dmp

Filesize
4KB

Download
memory/2252-58-0x0000000002500000-0x0000000002501000-memory.dmp

Filesize
4KB

Download
memory/2252-57-0x0000000002510000-0x0000000002511000-memory.dmp

Filesize
4KB

Download
memory/2252-56-0x00000000024E0000-0x00000000024E1000-memory.dmp

Filesize
4KB

Download
memory/2252-55-0x00000000024F0000-0x00000000024F1000-memory.dmp

Filesize
4KB

Download
memory/2252-53-0x00000000024A0000-0x00000000024A1000-memory.dmp

Filesize
4KB

Download
memory/2252-54-0x00000000024C0000-0x00000000024C1000-memory.dmp

Filesize
4KB

Download
memory/2252-52-0x00000000024B0000-0x00000000024B1000-memory.dmp

Filesize
4KB

Download
memory/2252-51-0x0000000002480000-0x0000000002481000-memory.dmp

Filesize
4KB

Download
memory/2252-50-0x0000000002490000-0x0000000002491000-memory.dmp

Filesize
4KB

Download
memory/2252-49-0x0000000002460000-0x0000000002461000-memory.dmp

Filesize
4KB

Download
memory/2252-48-0x0000000002470000-0x0000000002471000-memory.dmp

Filesize
4KB

Download
memory/2252-47-0x0000000002440000-0x0000000002441000-memory.dmp

Filesize
4KB

Download
memory/2252-46-0x0000000002450000-0x0000000002451000-memory.dmp

Filesize
4KB

Download
memory/2252-45-0x0000000002420000-0x0000000002421000-memory.dmp

Filesize
4KB

Download
memory/2252-44-0x0000000002430000-0x0000000002431000-memory.dmp

Filesize
4KB

Download
memory/2252-43-0x0000000002400000-0x0000000002401000-memory.dmp

Filesize
4KB

Download
memory/2252-42-0x0000000002410000-0x0000000002411000-memory.dmp

Filesize
4KB

Download
memory/2252-41-0x00000000023E0000-0x00000000023E1000-memory.dmp

Filesize
4KB

Download
memory/2252-40-0x00000000023F0000-0x00000000023F1000-memory.dmp

Filesize
4KB

Download
memory/2252-39-0x00000000023C0000-0x00000000023C1000-memory.dmp

Filesize
4KB

Download
memory/2252-38-0x00000000023D0000-0x00000000023D1000-memory.dmp

Filesize
4KB

Download
memory/2252-37-0x00000000023A0000-0x00000000023A1000-memory.dmp

Filesize
4KB

Download
memory/2252-36-0x00000000023B0000-0x00000000023B1000-memory.dmp

Filesize
4KB

Download
memory/2252-35-0x0000000002380000-0x0000000002381000-memory.dmp

Filesize
4KB

Download
memory/2252-34-0x0000000002390000-0x0000000002391000-memory.dmp

Filesize
4KB

Download
memory/2252-76-0x0000000000400000-0x0000000000431000-memory.dmp

Filesize
196KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads