45dfd4cd57257e9fb4b967c4a6bd4059399615cf8ecb39fd692025f4f241c3d5

Analysis

max time kernel
145s
max time network
141s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
12-01-2024 23:30

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

45dfd4cd57257e9fb4b967c4a6bd4059399615cf8ecb39fd692025f4f241c3d5.exe
Size

488KB
MD5

6329f4c1f13f61e8c8ee29318e339c10
SHA1

706f36b10aeebd728458921301db16f680f6bb1a
SHA256

45dfd4cd57257e9fb4b967c4a6bd4059399615cf8ecb39fd692025f4f241c3d5
SHA512

bb450a5e9ba784e172b04e4445ea1ff728b76aab6d43961d53b6edde96fe4020a5d719728aa6eaefc483b411755497f84aa2aafc01d9dbb45da49c6555b04767
SSDEEP

12288:0iiP116ZsM+w6RSznAZ0OPHsMHT847BI:C1iZ6RSzn2Y47B

Score

6^/10

bootkit persistence

Malware Config

Signatures

Writes to the Master Boot Record (MBR) 1 TTPs 1 IoCs

Bootkits write to the MBR to gain persistence at a level below the operating system.

bootkit persistence

Bootkit

T1542.003

description	ioc	Process
File opened for modification	\??\PHYSICALDRIVE0	45dfd4cd57257e9fb4b967c4a6bd4059399615cf8ecb39fd692025f4f241c3d5.exe

Suspicious use of SetThreadContext 1 IoCs

description	pid	Process	procid_target
PID 4048 set thread context of 916	4048	45dfd4cd57257e9fb4b967c4a6bd4059399615cf8ecb39fd692025f4f241c3d5.exe	22

Suspicious use of WriteProcessMemory 9 IoCs

description	pid	Process	procid_target
PID 4048 wrote to memory of 916	4048	45dfd4cd57257e9fb4b967c4a6bd4059399615cf8ecb39fd692025f4f241c3d5.exe	22
PID 4048 wrote to memory of 916	4048	45dfd4cd57257e9fb4b967c4a6bd4059399615cf8ecb39fd692025f4f241c3d5.exe	22
PID 4048 wrote to memory of 916	4048	45dfd4cd57257e9fb4b967c4a6bd4059399615cf8ecb39fd692025f4f241c3d5.exe	22
PID 4048 wrote to memory of 916	4048	45dfd4cd57257e9fb4b967c4a6bd4059399615cf8ecb39fd692025f4f241c3d5.exe	22
PID 4048 wrote to memory of 916	4048	45dfd4cd57257e9fb4b967c4a6bd4059399615cf8ecb39fd692025f4f241c3d5.exe	22
PID 4048 wrote to memory of 916	4048	45dfd4cd57257e9fb4b967c4a6bd4059399615cf8ecb39fd692025f4f241c3d5.exe	22
PID 4048 wrote to memory of 916	4048	45dfd4cd57257e9fb4b967c4a6bd4059399615cf8ecb39fd692025f4f241c3d5.exe	22
PID 4048 wrote to memory of 916	4048	45dfd4cd57257e9fb4b967c4a6bd4059399615cf8ecb39fd692025f4f241c3d5.exe	22
PID 4048 wrote to memory of 916	4048	45dfd4cd57257e9fb4b967c4a6bd4059399615cf8ecb39fd692025f4f241c3d5.exe	22

C:\Users\Admin\AppData\Local\Temp\45dfd4cd57257e9fb4b967c4a6bd4059399615cf8ecb39fd692025f4f241c3d5.exe
"C:\Users\Admin\AppData\Local\Temp\45dfd4cd57257e9fb4b967c4a6bd4059399615cf8ecb39fd692025f4f241c3d5.exe"
1⤵
- Suspicious use of SetThreadContext
- Suspicious use of WriteProcessMemory
PID:4048
- C:\Users\Admin\AppData\Local\Temp\45dfd4cd57257e9fb4b967c4a6bd4059399615cf8ecb39fd692025f4f241c3d5.exe
  "C:\Users\Admin\AppData\Local\Temp\45dfd4cd57257e9fb4b967c4a6bd4059399615cf8ecb39fd692025f4f241c3d5.exe"
  2⤵
  - Writes to the Master Boot Record (MBR)
  PID:916

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Pre-OS Boot

T1542

Bootkit

T1542.003

Privilege Escalation

Defense Evasion

Pre-OS Boot

T1542

Bootkit

T1542.003

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

memory/916-13-0x0000000000400000-0x000000000046F000-memory.dmp

Filesize
444KB

Download
memory/916-11-0x0000000000400000-0x000000000046F000-memory.dmp

Filesize
444KB

Download
memory/916-10-0x0000000000400000-0x000000000046F000-memory.dmp

Filesize
444KB

Download
memory/916-12-0x0000000000400000-0x000000000046F000-memory.dmp

Filesize
444KB

Download
memory/916-8-0x0000000000400000-0x000000000046F000-memory.dmp

Filesize
444KB

Download
memory/916-5-0x0000000000400000-0x000000000046F000-memory.dmp

Filesize
444KB

Download
memory/916-14-0x0000000000400000-0x000000000046F000-memory.dmp

Filesize
444KB

Download
memory/4048-2-0x0000000005380000-0x0000000005924000-memory.dmp

Filesize
5.6MB

Download
memory/4048-4-0x0000000004C50000-0x0000000004CB6000-memory.dmp

Filesize
408KB

Download
memory/4048-0-0x0000000000200000-0x0000000000280000-memory.dmp

Filesize
512KB

Download
memory/4048-9-0x0000000074FF0000-0x00000000757A0000-memory.dmp

Filesize
7.7MB

Download
memory/4048-3-0x0000000004DC0000-0x0000000004DD0000-memory.dmp

Filesize
64KB

Download
memory/4048-1-0x0000000074FF0000-0x00000000757A0000-memory.dmp

Filesize
7.7MB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads