Overview

overview

7

Static

static

3

969f133d61...67.exe

windows7-x64

7

969f133d61...67.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    149s
  • max time network
    122s
  • platform
    windows7_x64
  • resource
    win7-20231129-en
  • resource tags

    arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
  • submitted
    12/02/2024, 07:31

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    969f133d61986ccccfdfc4c6f746b867.exe

  • Size

    500KB

  • MD5

    969f133d61986ccccfdfc4c6f746b867

  • SHA1

    71075f4b24aafd1339627dee3f7531f12fe60938

  • SHA256

    cc756b37d620316333438196441d932dba6748092b17a162eded5ba4bb4689fa

  • SHA512

    8abadbb818d3d6e320f9df3e8b19e0322c30aa8d50701a7b5806f6f731558f43fec7c5c8acb8d59a1d80cdf95a5c5931926bb8df4841889ec2e33815b0d9e3eb

  • SSDEEP

    12288:AggTl+IQtTDtW70TsVK5bfeaUmKcc7HIUriC:2lGtAdK5WaU4iri

Score
7/10
bootkitpersistence

Malware Config

Signatures

  • Executes dropped EXE 3 IoCs
  • Loads dropped DLL 6 IoCs
  • Writes to the Master Boot Record (MBR) 1 TTPs 2 IoCs

    Bootkits write to the MBR to gain persistence at a level below the operating system.

    bootkitpersistence
  • Drops file in System32 directory 1 IoCs
  • Suspicious use of SetThreadContext 4 IoCs
  • Drops file in Program Files directory 2 IoCs
  • Modifies Internet Explorer settings 1 TTPs 6 IoCs
    adwarespyware
  • Modifies registry class 64 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 40 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\969f133d61986ccccfdfc4c6f746b867.exe
    "C:\Users\Admin\AppData\Local\Temp\969f133d61986ccccfdfc4c6f746b867.exe"
    1⤵
    • Suspicious use of SetThreadContext
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2040
    • C:\Users\Admin\AppData\Local\Temp\969f133d61986ccccfdfc4c6f746b867.exe
      "C:\Users\Admin\AppData\Local\Temp\969f133d61986ccccfdfc4c6f746b867.exe"
      2⤵
      • Writes to the Master Boot Record (MBR)
      • Suspicious use of SetThreadContext
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:1232
      • C:\Users\Admin\AppData\Local\Temp\969f133d61986ccccfdfc4c6f746b867.exe
        "C:\Users\Admin\AppData\Local\Temp\969f133d61986ccccfdfc4c6f746b867.exe"
        3⤵
        • Loads dropped DLL
        • Drops file in System32 directory
        • Drops file in Program Files directory
        • Suspicious use of SetWindowsHookEx
        • Suspicious use of WriteProcessMemory
        PID:2140
  • C:\Program Files (x86)\vsc1.exe
    "C:\Program Files (x86)\vsc1.exe"
    1⤵
    • Executes dropped EXE
    • Suspicious use of SetThreadContext
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2636
    • C:\Program Files (x86)\vsc1.exe
      "C:\Program Files (x86)\vsc1.exe"
      2⤵
      • Executes dropped EXE
      • Writes to the Master Boot Record (MBR)
      • Suspicious use of SetThreadContext
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2868
      • C:\Program Files (x86)\vsc1.exe
        "C:\Program Files (x86)\vsc1.exe"
        3⤵
        • Executes dropped EXE
        • Loads dropped DLL
        • Modifies Internet Explorer settings
        • Modifies registry class
        • Suspicious use of SetWindowsHookEx
        PID:1076

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Program Files (x86)\vsc1.exe
    Filesize

    500KB

    MD5

    969f133d61986ccccfdfc4c6f746b867

    SHA1

    71075f4b24aafd1339627dee3f7531f12fe60938

    SHA256

    cc756b37d620316333438196441d932dba6748092b17a162eded5ba4bb4689fa

    SHA512

    8abadbb818d3d6e320f9df3e8b19e0322c30aa8d50701a7b5806f6f731558f43fec7c5c8acb8d59a1d80cdf95a5c5931926bb8df4841889ec2e33815b0d9e3eb

    Download Submit

  • \Windows\SysWOW64\MSWINSCK.ocx
    Filesize

    124KB

    MD5

    40fce4be52f6015c23fd96a4b3351357

    SHA1

    f4a23cee42125f20444a4b005555d631df2aaacf

    SHA256

    a0bf5f1ed8d34fd0b6cb1432618986f90256ef4f8c86a1460823e6dfa8edd8ca

    SHA512

    69f7a8c8a5e82a2c975e410d834aa24ed0b1a32f592fb85eac15b8d3c1bee2dc1c1c88c0dbba0435339cde92e437efebf66c7c15dde1153338b4bd3e536fc922

    Download Submit

  • memory/1076-94-0x0000000000400000-0x000000000043C000-memory.dmp

    Filesize

    240KB

    Download

  • memory/1076-81-0x0000000000400000-0x000000000043C000-memory.dmp

    Filesize

    240KB

    Download

  • memory/1076-89-0x0000000000400000-0x000000000043B22C-memory.dmp

    Filesize

    236KB

    Download

  • memory/1232-10-0x000000007EFDE000-0x000000007EFDF000-memory.dmp

    Filesize

    4KB

    Download

  • memory/1232-14-0x0000000000400000-0x0000000000446000-memory.dmp

    Filesize

    280KB

    Download

  • memory/1232-12-0x0000000000400000-0x0000000000446000-memory.dmp

    Filesize

    280KB

    Download

  • memory/1232-17-0x0000000000400000-0x0000000000446000-memory.dmp

    Filesize

    280KB

    Download

  • memory/1232-87-0x0000000000400000-0x0000000000446000-memory.dmp

    Filesize

    280KB

    Download

  • memory/1232-2-0x0000000000400000-0x0000000000446000-memory.dmp

    Filesize

    280KB

    Download

  • memory/1232-6-0x0000000000400000-0x0000000000446000-memory.dmp

    Filesize

    280KB

    Download

  • memory/1232-4-0x0000000000400000-0x0000000000446000-memory.dmp

    Filesize

    280KB

    Download

  • memory/2140-22-0x0000000000400000-0x000000000043C000-memory.dmp

    Filesize

    240KB

    Download

  • memory/2140-45-0x0000000000400000-0x000000000043C000-memory.dmp

    Filesize

    240KB

    Download

  • memory/2140-46-0x0000000000400000-0x000000000043B22C-memory.dmp

    Filesize

    236KB

    Download

  • memory/2140-18-0x0000000000400000-0x000000000043C000-memory.dmp

    Filesize

    240KB

    Download

  • memory/2140-20-0x0000000000400000-0x000000000043C000-memory.dmp

    Filesize

    240KB

    Download

  • memory/2140-28-0x0000000000400000-0x000000000043C000-memory.dmp

    Filesize

    240KB

    Download

  • memory/2140-30-0x0000000000400000-0x000000000043C000-memory.dmp

    Filesize

    240KB

    Download

  • memory/2140-24-0x0000000000400000-0x000000000043C000-memory.dmp

    Filesize

    240KB

    Download

  • memory/2868-77-0x0000000000400000-0x0000000000446000-memory.dmp

    Filesize

    280KB

    Download

  • memory/2868-88-0x0000000000400000-0x0000000000446000-memory.dmp

    Filesize

    280KB

    Download