3b213d65ab369c900364ac393a19f46fd9e917b023f87e66c30dcbc37c9bbc2f

Analysis

max time kernel
122s
max time network
126s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
29/02/2024, 07:41

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

3b213d65ab369c900364ac393a19f46fd9e917b023f87e66c30dcbc37c9bbc2f.exe
Size

3.0MB
MD5

d97e31d21c1f2767f179384651ee5249
SHA1

1dbd4eb8f9f36acc3533fe50aa01a3f2145bf3b8
SHA256

3b213d65ab369c900364ac393a19f46fd9e917b023f87e66c30dcbc37c9bbc2f
SHA512

82725e30ea05796fa6341448baa7a559b63473411565c93bc4251d112832733ddf8c6de4f514952e7539384522ba4dec1481c1411aa71ee5a5fe65ff7fb39727
SSDEEP

24576:jOUA9/DTjcfykoqRPgprTtkcYCu1Dl33wb1ajC4Ky3xyuTfZHFrAK:jORTj8oCaTCcYCuDHwb0X3nD33

Score

7^/10

bootkit persistence

Malware Config

Signatures

Checks BIOS information in registry 2 TTPs 1 IoCs

BIOS information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion	3b213d65ab369c900364ac393a19f46fd9e917b023f87e66c30dcbc37c9bbc2f.exe

Writes to the Master Boot Record (MBR) 1 TTPs 1 IoCs

Bootkits write to the MBR to gain persistence at a level below the operating system.

bootkit persistence

Bootkit

T1542.003

description	ioc	Process
File opened for modification	\??\PHYSICALDRIVE0	3b213d65ab369c900364ac393a19f46fd9e917b023f87e66c30dcbc37c9bbc2f.exe

Drops file in Program Files directory 1 IoCs

description	ioc	Process
File created	C:\Program Files (x86)\checkwritepermissions.exe	3b213d65ab369c900364ac393a19f46fd9e917b023f87e66c30dcbc37c9bbc2f.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	3b213d65ab369c900364ac393a19f46fd9e917b023f87e66c30dcbc37c9bbc2f.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	3b213d65ab369c900364ac393a19f46fd9e917b023f87e66c30dcbc37c9bbc2f.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	3b213d65ab369c900364ac393a19f46fd9e917b023f87e66c30dcbc37c9bbc2f.exe

C:\Users\Admin\AppData\Local\Temp\3b213d65ab369c900364ac393a19f46fd9e917b023f87e66c30dcbc37c9bbc2f.exe
"C:\Users\Admin\AppData\Local\Temp\3b213d65ab369c900364ac393a19f46fd9e917b023f87e66c30dcbc37c9bbc2f.exe"
1⤵
- Checks BIOS information in registry
- Writes to the Master Boot Record (MBR)
- Drops file in Program Files directory
- Enumerates system info in registry
PID:2232

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Pre-OS Boot

T1542

Bootkit

T1542.003

Privilege Escalation

Defense Evasion

Pre-OS Boot

T1542

Bootkit

T1542.003

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2232-0-0x0000000000E50000-0x000000000116E000-memory.dmp

Filesize
3.1MB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads