2582e68d423d12beef27fd0f57ce869095953c53bc1d635e09ce003af9ac2346

Analysis

max time kernel
141s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
28-01-2024 06:52

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

iRoundPic_3.8.8_gb/iRoundPic.exe
Size

820KB
MD5

d03e02cc3449895b5c9ec507c8ef5ab6
SHA1

28b448a129ce3d7e87e6757d07f241282859597a
SHA256

6956e9a3ce908c8fe78da04611770efb6b49d4b0139a1ffdbddc35e8793faea1
SHA512

f72e542c352db3f7cee0c22aee8455b4ece12e2a023e49e76d2a60a2e0b1a00bb55f26e3f1d425a1c6384bee96d1b71bffdfceb4a5d5f764b1b5b3f542fec6f4
SSDEEP

24576:qNvpJ0osDWL/COgIFV68V4Q6dFlJCAL44zGbpdtnEP:qXT/2If68B6dFlPHzKbtEP

Score

6^/10

bootkit persistence

Malware Config

Signatures

Writes to the Master Boot Record (MBR) 1 TTPs 1 IoCs

Bootkits write to the MBR to gain persistence at a level below the operating system.

bootkit persistence

Bootkit

T1542.003

description	ioc	Process
File opened for modification	\??\PhysicalDrive0	iRoundPic.exe

Modifies registry class 7 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\spzfile	iRoundPic.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\spzfile\shell	iRoundPic.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\spzfile\shell\open	iRoundPic.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\spzfile\shell\open\command	iRoundPic.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\spzfile\shell\open\command\ = "\"C:\\Users\\Admin\\AppData\\Local\\Temp\\iRoundPic_3.8.8_gb\\iRoundPic.exe\" %1"	iRoundPic.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.spz	iRoundPic.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.spz\ = "spzfile"	iRoundPic.exe

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
4904	iRoundPic.exe
4904	iRoundPic.exe

C:\Users\Admin\AppData\Local\Temp\iRoundPic_3.8.8_gb\iRoundPic.exe
"C:\Users\Admin\AppData\Local\Temp\iRoundPic_3.8.8_gb\iRoundPic.exe"
1⤵
- Writes to the Master Boot Record (MBR)
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:4904

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Pre-OS Boot

T1542

Bootkit

T1542.003

Privilege Escalation

Defense Evasion

Pre-OS Boot

T1542

Bootkit

T1542.003

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

memory/4904-0-0x0000000000400000-0x0000000000765000-memory.dmp

Filesize
3.4MB

Download
memory/4904-1-0x00000000001D0000-0x00000000001D2000-memory.dmp

Filesize
8KB

Download
memory/4904-2-0x0000000000400000-0x0000000000765000-memory.dmp

Filesize
3.4MB

Download
memory/4904-5-0x0000000000400000-0x0000000000765000-memory.dmp

Filesize
3.4MB

Download
memory/4904-12-0x0000000005030000-0x0000000005031000-memory.dmp

Filesize
4KB

Download
memory/4904-13-0x0000000004BF0000-0x0000000004BF1000-memory.dmp

Filesize
4KB

Download
memory/4904-14-0x00000000036E0000-0x00000000036E1000-memory.dmp

Filesize
4KB

Download
memory/4904-15-0x0000000000400000-0x0000000000765000-memory.dmp

Filesize
3.4MB

Download
memory/4904-16-0x00000000001D0000-0x00000000001D2000-memory.dmp

Filesize
8KB

Download
memory/4904-20-0x0000000000400000-0x0000000000765000-memory.dmp

Filesize
3.4MB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads