9a7aedc24e3079877b245714478ebbdd870d6275f50b918e107f995b3c1669ad

Analysis

max time kernel
122s
max time network
125s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
13/02/2024, 08:38

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

98f790d1d93035bb237e5524b5667d0a.exe
Size

776KB
MD5

98f790d1d93035bb237e5524b5667d0a
SHA1

79c354b25e43fcc69b1cc59fe68d74fa661915cd
SHA256

9a7aedc24e3079877b245714478ebbdd870d6275f50b918e107f995b3c1669ad
SHA512

4456d554778440bea429eb87da769674e83bbda8ebc82c3ff1c3f73ce7c1a313b247eee7eaf1e1fd17efa864294e9dd06ba9686fea31a10d39a0a7a7ab7591ef
SSDEEP

12288:YtbKjmpmut21siSNt9mvHcNwWi9Y0AFyt0gfEw2fDszdVzYKj86s74Fmdot:YUKUuziSf9yHLAwqdydpYO24wqt

Score

6^/10

bootkit persistence

Malware Config

Signatures

Writes to the Master Boot Record (MBR) 1 TTPs 1 IoCs

Bootkits write to the MBR to gain persistence at a level below the operating system.

bootkit persistence

Bootkit

T1542.003

description	ioc	Process
File opened for modification	\??\PhysicalDrive0	98f790d1d93035bb237e5524b5667d0a.exe

Modifies registry class 3 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.key	98f790d1d93035bb237e5524b5667d0a.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.key\	98f790d1d93035bb237e5524b5667d0a.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.key\ = "regfile"	98f790d1d93035bb237e5524b5667d0a.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
2128	98f790d1d93035bb237e5524b5667d0a.exe

C:\Users\Admin\AppData\Local\Temp\98f790d1d93035bb237e5524b5667d0a.exe
"C:\Users\Admin\AppData\Local\Temp\98f790d1d93035bb237e5524b5667d0a.exe"
1⤵
- Writes to the Master Boot Record (MBR)
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:2128

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Pre-OS Boot

T1542

Bootkit

T1542.003

Privilege Escalation

Defense Evasion

Pre-OS Boot

T1542

Bootkit

T1542.003

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2128-0-0x0000000000400000-0x0000000000602000-memory.dmp

Filesize
2.0MB

Download
memory/2128-1-0x00000000003D0000-0x00000000003D6000-memory.dmp

Filesize
24KB

Download
memory/2128-3-0x0000000000240000-0x0000000000250000-memory.dmp

Filesize
64KB

Download
memory/2128-4-0x00000000003C0000-0x00000000003C1000-memory.dmp

Filesize
4KB

Download
memory/2128-6-0x00000000003E0000-0x00000000003E1000-memory.dmp

Filesize
4KB

Download
memory/2128-7-0x0000000000220000-0x0000000000221000-memory.dmp

Filesize
4KB

Download
memory/2128-8-0x0000000000230000-0x0000000000231000-memory.dmp

Filesize
4KB

Download
memory/2128-22-0x00000000020E0000-0x00000000020E1000-memory.dmp

Filesize
4KB

Download
memory/2128-23-0x00000000020D0000-0x00000000020D1000-memory.dmp

Filesize
4KB

Download
memory/2128-21-0x00000000020F0000-0x00000000020F1000-memory.dmp

Filesize
4KB

Download
memory/2128-20-0x00000000020C0000-0x00000000020C1000-memory.dmp

Filesize
4KB

Download
memory/2128-19-0x0000000000740000-0x0000000000741000-memory.dmp

Filesize
4KB

Download
memory/2128-18-0x00000000020B0000-0x00000000020B1000-memory.dmp

Filesize
4KB

Download
memory/2128-17-0x0000000000720000-0x0000000000721000-memory.dmp

Filesize
4KB

Download
memory/2128-16-0x0000000000730000-0x0000000000731000-memory.dmp

Filesize
4KB

Download
memory/2128-15-0x00000000002E0000-0x00000000002E1000-memory.dmp

Filesize
4KB

Download
memory/2128-14-0x0000000000370000-0x0000000000371000-memory.dmp

Filesize
4KB

Download
memory/2128-13-0x0000000000270000-0x0000000000271000-memory.dmp

Filesize
4KB

Download
memory/2128-12-0x0000000000290000-0x0000000000291000-memory.dmp

Filesize
4KB

Download
memory/2128-11-0x0000000000250000-0x0000000000251000-memory.dmp

Filesize
4KB

Download
memory/2128-10-0x0000000000260000-0x0000000000261000-memory.dmp

Filesize
4KB

Download
memory/2128-9-0x00000000003F0000-0x00000000003F1000-memory.dmp

Filesize
4KB

Download
memory/2128-24-0x0000000002110000-0x0000000002111000-memory.dmp

Filesize
4KB

Download
memory/2128-25-0x0000000002100000-0x0000000002101000-memory.dmp

Filesize
4KB

Download
memory/2128-26-0x0000000002130000-0x0000000002131000-memory.dmp

Filesize
4KB

Download
memory/2128-27-0x0000000002120000-0x0000000002121000-memory.dmp

Filesize
4KB

Download
memory/2128-28-0x0000000002930000-0x0000000002931000-memory.dmp

Filesize
4KB

Download
memory/2128-30-0x0000000002140000-0x0000000002141000-memory.dmp

Filesize
4KB

Download
memory/2128-29-0x0000000000400000-0x0000000000602000-memory.dmp

Filesize
2.0MB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads