Analysis
-
max time kernel
127s -
max time network
143s -
platform
windows10-2004_x64 -
resource
win10v2004-20240226-en -
resource tags
arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system -
submitted
02/03/2024, 16:33
Static task
static1
Behavioral task
behavioral1
Sample
89f5c115b09af059deb77ada004bf3a92b06ca46df2346ed2d67f9926a32cdde.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
89f5c115b09af059deb77ada004bf3a92b06ca46df2346ed2d67f9926a32cdde.exe
Resource
win10v2004-20240226-en
General
-
Target
89f5c115b09af059deb77ada004bf3a92b06ca46df2346ed2d67f9926a32cdde.exe
-
Size
4.8MB
-
MD5
223fbaa81eefd21f6cfa65f6788c8cd9
-
SHA1
cc718fb2ca5e375c6c30fb703e4b9d708c9b6002
-
SHA256
89f5c115b09af059deb77ada004bf3a92b06ca46df2346ed2d67f9926a32cdde
-
SHA512
1ebf751f9e9232ce6110157ac65b8d5ae0ffa6a4632845149eada926fe4410207fc7557c722cb0882399efd40074a58f0f39e0402abba6fd8806a51868688372
-
SSDEEP
98304:seLpmrmc2lAu28lkcf5YjovKqGYiOE8oLj5YINfSyo8aXj:TcmZl85gyjovK65E8ob5Sx8aXj
Malware Config
Signatures
-
Loads dropped DLL 3 IoCs
pid Process 4860 89f5c115b09af059deb77ada004bf3a92b06ca46df2346ed2d67f9926a32cdde.exe 4860 89f5c115b09af059deb77ada004bf3a92b06ca46df2346ed2d67f9926a32cdde.exe 4860 89f5c115b09af059deb77ada004bf3a92b06ca46df2346ed2d67f9926a32cdde.exe -
Writes to the Master Boot Record (MBR) 1 TTPs 1 IoCs
Bootkits write to the MBR to gain persistence at a level below the operating system.
description ioc Process File opened for modification \??\PhysicalDrive0 89f5c115b09af059deb77ada004bf3a92b06ca46df2346ed2d67f9926a32cdde.exe -
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
Processes
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
234KB
MD5cd03029957ebc78c0ca7a6c02a9ca846
SHA10044114b8073781479044f0294701be9611be2ac
SHA256139fdd92e6ddf1aac0761a68502b374daa32e82039621018511dc491ed9b4048
SHA51214c641cb9536def0ddc1969d50b97b83a23017c97373e3ad74d3fbf9825ac81f3fdf8169281c8ad4cebd45d9c9ae05f752d553ba4653e620889b274479cb7c32
-
Filesize
908KB
MD57ca588270a0287be204d5f30feb77fdf
SHA13f3549e07f81428ecde0c21e218617244222c788
SHA256784add510e7b1fe03e2c3556b39e354c147e2eb7d2c892bb0b2d10b37b3e6827
SHA5120d950a06c79133ff1dfc2e08f2dfdaa28e6b5fefb10d6dfbc738bc4ff957f26f4ea50631132922a02c8247de81eaf70cffa2830fd5716da21bff806922bf6e6b
-
Filesize
804KB
MD56837c9030e9b8170f8ea811cbd613988
SHA126a4c69b86c4971b471d2ae0aaff328878ca6db4
SHA256d89e72967228a6c0d51416e944e06434cccfe01add0d828f9de943ce923b1a06
SHA5120ef6adf2d5ca8fb7a8af64d40eb9d6044e491dc6dd9fd7c657897a2b2022d62ae51530e0dd629c5436e79e916c3b1eb7b7be3a3a29ebe5528473c365a074bcf2