a522c64898d3124168b04c2c20c8b5390e6f5c24a6d122bdd1cad302cf0266a7

Analysis

max time kernel
134s
max time network
147s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
27/01/2024, 19:39

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

a522c64898d3124168b04c2c20c8b5390e6f5c24a6d122bdd1cad302cf0266a7.exe
Size

4.8MB
MD5

3aa1de974dd0317a4846b89daa8be0c6
SHA1

c12716bb695590d5b9af86dd7a47b16241349e58
SHA256

a522c64898d3124168b04c2c20c8b5390e6f5c24a6d122bdd1cad302cf0266a7
SHA512

f52dab401c525110648ecc0aff992317a8b46958e8aad38916334b9fedb8cd7ee247f866d76336f04a96c470191187b3c0609ff31fdbc300ecb17b7838bb2251
SSDEEP

98304:seLpmrmc2lAu28lkcf5YjovKqGYiOE8oLj5YINfSyo8aXN:TcmZl85gyjovK65E8ob5Sx8aXN

Score

7^/10

bootkit persistence

Malware Config

Signatures

Loads dropped DLL 3 IoCs

pid	Process
1316	a522c64898d3124168b04c2c20c8b5390e6f5c24a6d122bdd1cad302cf0266a7.exe
1316	a522c64898d3124168b04c2c20c8b5390e6f5c24a6d122bdd1cad302cf0266a7.exe
1316	a522c64898d3124168b04c2c20c8b5390e6f5c24a6d122bdd1cad302cf0266a7.exe

Writes to the Master Boot Record (MBR) 1 TTPs 1 IoCs

Bootkits write to the MBR to gain persistence at a level below the operating system.

bootkit persistence

Bootkit

T1542.003

description	ioc	Process
File opened for modification	\??\PhysicalDrive0	a522c64898d3124168b04c2c20c8b5390e6f5c24a6d122bdd1cad302cf0266a7.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

C:\Users\Admin\AppData\Local\Temp\a522c64898d3124168b04c2c20c8b5390e6f5c24a6d122bdd1cad302cf0266a7.exe
"C:\Users\Admin\AppData\Local\Temp\a522c64898d3124168b04c2c20c8b5390e6f5c24a6d122bdd1cad302cf0266a7.exe"
1⤵
- Loads dropped DLL
- Writes to the Master Boot Record (MBR)
PID:1316

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Pre-OS Boot

T1542

Bootkit

T1542.003

Privilege Escalation

Defense Evasion

Pre-OS Boot

T1542

Bootkit

T1542.003

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\LDSGameMaster\Store\360Base\360NetUL.dll

Filesize
111KB

MD5
b5e0d4a052653ef2171d26e1d8483999

SHA1
2299710ca890a3e5cba3151683b3fee15d56d237

SHA256
3f0fef56057470dffd26c01a4058deb63487490713a46fabda34b87e0d15b30a

SHA512
feebea87b525d8f7610b5b9297a4d7d430c6afddbbba19ff9eb89aa0ab2bc686c723b232321613a36d06736aa3429cda755123577e775cb9396f71ee9b10e828

Download Submit
C:\Users\Admin\AppData\Local\LDSGameMaster\Store\360Base\Utils\LDSBasic.dll

Filesize
712KB

MD5
80cfb5ef6873c342ead95d0685b95010

SHA1
9693d883928a593f9c4ca6169d3fb95a5f14b2a7

SHA256
c51b0f004003cbf0ab1806a8c872e765c5d470aa6b106ab1677e39222532d701

SHA512
1afaa504fa7562d377abb9825330eef14180bc8c0d5bd1b384e95c703a3e99d4c9117f8ea3d80ebd19e1aa0f1fbf46e7795bd9fc0777d22b0b6f91a52d7495ad

Download Submit
C:\Users\Admin\AppData\Local\Temp\{4B3F9A86-BF74-417c-9F26-FCDEF7EB08C3}.tmp\7z.dll

Filesize
163KB

MD5
f9be9442160625095182942ca99ad8f1

SHA1
e0fed7358f0fc179cb9accbe0728a2572a588109

SHA256
235f1a76da332c5b9838313818d4082dfa9382256f916b3a1735c82ff31653da

SHA512
585aa0d00e01fcb8f2972576fc769f18a5c682b7a6caffd727f6ac3b91a28b69f76fd2f113250e9e594b69c9bd5e0351c3203aad52c3afe8ca27ccb900f68b36

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads