Analysis

  • max time kernel
    146s
  • max time network
    154s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240221-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240221-enlocale:en-usos:windows10-2004-x64system
  • submitted
    23/02/2024, 11:33

General

  • Target

    fabda82b69857866e19c933af976f4d8779fe8a797a0c92338d4ef5cbb68d6a4.exe

  • Size

    3.8MB

  • MD5

    bb6125e59ee56310c627ecead3e4b319

  • SHA1

    d99df8e3249441a9d58003ac1cf2a63c000e899c

  • SHA256

    fabda82b69857866e19c933af976f4d8779fe8a797a0c92338d4ef5cbb68d6a4

  • SHA512

    3efec680dd34ed5044cbb39f95391a834def0f60e2eaa838e19b8542f7f5795e5d3288db56d71257ffdc84207d5897e2b0d11f736c6ecee1172c5b6f0a7fa537

  • SSDEEP

    49152:v7Idf70vsomJNLUhLaV+fYmKMuSGOp09B/pwJrN6GFVfoPpNf9CXOnMh61RpvPNy:DIdfiKLegiKBVPG5o28N15nMApRq

Malware Config

Signatures

  • Loads dropped DLL 2 IoCs
  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

  • Writes to the Master Boot Record (MBR) 1 TTPs 1 IoCs

    Bootkits write to the MBR to gain persistence at a level below the operating system.

  • Modifies system certificate store 2 TTPs 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\fabda82b69857866e19c933af976f4d8779fe8a797a0c92338d4ef5cbb68d6a4.exe
    "C:\Users\Admin\AppData\Local\Temp\fabda82b69857866e19c933af976f4d8779fe8a797a0c92338d4ef5cbb68d6a4.exe"
    1⤵
    • Loads dropped DLL
    • Writes to the Master Boot Record (MBR)
    • Modifies system certificate store
    PID:5112

Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Users\Admin\AppData\Local\Temp\{0E39DB11-68C9-42ac-A91E-1B12697282D7}.tmp\NetBridge.dll

          Filesize

          238KB

          MD5

          8786d469338c30e0ba9fedfc62bd5197

          SHA1

          5fb12028ceae9772f938e1b98b699f0e02e32718

          SHA256

          beeaf8b72f7008e9adabacfcd85e32a50747a0dfb5c86802aeb973bd1f5c3d2f

          SHA512

          5db1e5b78e62cda81a63e8e712e720f87a7c7a539237a55a9098c076f9fb4e0b5adb83383c23657b4ccc90c117e55e3946a399cdf3d15cb94444b203d9d6c45c

        • C:\Users\Admin\AppData\Local\Temp\{0E39DB11-68C9-42ac-A91E-1B12697282D7}.tmp\NetBridge.dll

          Filesize

          42KB

          MD5

          9a850b21b2d3a290ca9be5e389ae965d

          SHA1

          c6fb8fd418ce2320e391548085c6c5b05b015c58

          SHA256

          7e60476d6d53e694ffc5ff8d880a948637c3aa4c20d6bba04b441dcf8d6f8056

          SHA512

          61e26b9f730714da90533b8206906c5c30ae269f6c865cc54dbf65f9aaf7dcaf08a03f8428857856f3e88fce7a6cf576e62a8348cc7d2ac2bd280413b7cc9e7b

        • C:\Users\Admin\AppData\Local\Temp\{8E8FED7A-6766-4aa2-917C-D2020CF5B0ED}.tmp\7z.dll

          Filesize

          1.1MB

          MD5

          2706693dda10c6cc79eed24c56d4e5ef

          SHA1

          4f34ef1bd49273a0d260b9dab15c73eb0ccb6383

          SHA256

          0edad8a1af22d5b97c1f324791c86243a6ecce7b5a9d2f30415af99aba9129c3

          SHA512

          7e7f7ae894528587ba33b6e10999549bb9a2ec2748b5662fa1b8806e5f4ce33af47507b3ef2954f2747a76b5b7c775c1cd671061f577c5016d1f8ba165bbe21c