Overview

overview

10

Static

static

3

BUG32.exe

windows7-x64

BUG32.exe

windows10-2004-x64

MEMZ 3.0/MEMZ.bat

windows7-x64

7

MEMZ 3.0/MEMZ.bat

windows10-2004-x64

7

MEMZ 3.0/MEMZ.exe

windows7-x64

6

MEMZ 3.0/MEMZ.exe

windows10-2004-x64

7

MEMZ-Destructive.exe

windows7-x64

6

MEMZ-Destructive.exe

windows10-2004-x64

7

Trojan.Win32.000.exe

windows7-x64

Trojan.Win32.000.exe

windows10-2004-x64

Trojan.Win...or.exe

windows7-x64

Trojan.Win...or.exe

windows10-2004-x64

Trojan.Win...sk.exe

windows7-x64

6

Trojan.Win...sk.exe

windows10-2004-x64

6

Resubmissions

03-03-2024 13:51

240303-q5vgpscb85 10

03-03-2024 13:45

240303-q2r76sbd9y 10

Analysis

  • max time kernel
    148s
  • max time network
    156s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240226-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
  • submitted
    03-03-2024 13:51

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Trojan.Win32.KillDisk.exe

  • Size

    60KB

  • MD5

    571de903333a6951b8875a73f6cf99c5

  • SHA1

    5c2ef418a36799541cec673dd7d9f87371a9e3bd

  • SHA256

    8a81a1d0fae933862b51f63064069aa5af3854763f5edc29c997964de5e284e5

  • SHA512

    dcfb8ae96ec975938592f22932a804b3105bc3293a22ed336bd9687045bc0e168e6aef9a1485f1a2d986e1d7e928221d7ee7b53f756958b700fc4dada503f309

  • SSDEEP

    1536:8f0XnibgFacx2jecu0FRf6Ut3JhH0Y4LZ2FkRg:fEecVNvhUYqS

Score
6/10
bootkitpersistence

Malware Config

Signatures

  • Writes to the Master Boot Record (MBR) 1 TTPs 1 IoCs

    Bootkits write to the MBR to gain persistence at a level below the operating system.

    bootkitpersistence
  • Drops file in Windows directory 2 IoCs
  • Modifies Internet Explorer settings 1 TTPs 33 IoCs
    adwarespyware
  • Suspicious behavior: AddClipboardFormatListener 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 2 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of FindShellTrayWindow 4 IoCs
  • Suspicious use of SendNotifyMessage 2 IoCs
  • Suspicious use of SetWindowsHookEx 10 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\Trojan.Win32.KillDisk.exe
    "C:\Users\Admin\AppData\Local\Temp\Trojan.Win32.KillDisk.exe"
    1⤵
    • Writes to the Master Boot Record (MBR)
    • Drops file in Windows directory
    PID:2296
  • C:\Windows\system32\mspaint.exe
    "C:\Windows\system32\mspaint.exe" "C:\Users\Admin\Desktop\SaveUse.emf"
    1⤵
    • Drops file in Windows directory
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of SetWindowsHookEx
    PID:3180
  • C:\Windows\system32\svchost.exe
    C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s DeviceAssociationService
    1⤵
      PID:3656
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" -nohome
      1⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:4032
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:4032 CREDAT:17410 /prefetch:2
        2⤵
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:2960
    • C:\Program Files\VideoLAN\VLC\vlc.exe
      "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file "C:\Users\Admin\Desktop\PushSave.mov"
      1⤵
      • Suspicious behavior: AddClipboardFormatListener
      • Suspicious behavior: GetForegroundWindowSpam
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SendNotifyMessage
      • Suspicious use of SetWindowsHookEx
      PID:3912

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\Local\Temp\~DF688511793CCF9BB1.TMP
      Filesize

      16KB

      MD5

      5ad5cd88c4799a17ff08a104906b55f6

      SHA1

      082501fb01a58f587c2f799070c298ea1ee93bcb

      SHA256

      6a5fa3811fbaa4a72d0bb714d3b10d4a7ce5f449deb25fe39d839affc7bebc8b

      SHA512

      b5bc662b34c762c18c9b310ade671c0882c16cd2fe336d752449e85b982ed7c7ff36ed6c84aa7c8d1d9f5374f6ccc220b1ae9aae238476e6a57556b835a628a9

      Download Submit

    • memory/3912-15-0x00007FF662A30000-0x00007FF662B28000-memory.dmp

      Filesize

      992KB

      Download

    • memory/3912-16-0x00007FFAD82A0000-0x00007FFAD82D4000-memory.dmp

      Filesize

      208KB

      Download

    • memory/3912-17-0x00007FFAC2610000-0x00007FFAC28C4000-memory.dmp

      Filesize

      2.7MB

      Download

    • memory/3912-18-0x00007FFAD28F0000-0x00007FFAD2908000-memory.dmp

      Filesize

      96KB

      Download

    • memory/3912-19-0x00007FFACE860000-0x00007FFACE877000-memory.dmp

      Filesize

      92KB

      Download

    • memory/3912-20-0x00007FFACE840000-0x00007FFACE851000-memory.dmp

      Filesize

      68KB

      Download

    • memory/3912-21-0x00007FFAC4B10000-0x00007FFAC4B27000-memory.dmp

      Filesize

      92KB

      Download

    • memory/3912-22-0x00007FFAC46C0000-0x00007FFAC46D1000-memory.dmp

      Filesize

      68KB

      Download

    • memory/3912-23-0x00007FFAC46A0000-0x00007FFAC46BD000-memory.dmp

      Filesize

      116KB

      Download

    • memory/3912-24-0x00007FFAC3C20000-0x00007FFAC3C31000-memory.dmp

      Filesize

      68KB

      Download

    • memory/3912-25-0x00007FFAC2BB0000-0x00007FFAC2DB0000-memory.dmp

      Filesize

      2.0MB

      Download

    • memory/3912-26-0x00007FFAC1560000-0x00007FFAC260B000-memory.dmp

      Filesize

      16.7MB

      Download

    • memory/3912-27-0x00007FFAC3BE0000-0x00007FFAC3C1F000-memory.dmp

      Filesize

      252KB

      Download

    • memory/3912-28-0x00007FFAC3BB0000-0x00007FFAC3BD1000-memory.dmp

      Filesize

      132KB

      Download

    • memory/3912-30-0x00007FFAC3B70000-0x00007FFAC3B81000-memory.dmp

      Filesize

      68KB

      Download

    • memory/3912-29-0x00007FFAC3B90000-0x00007FFAC3BA8000-memory.dmp

      Filesize

      96KB

      Download

    • memory/3912-31-0x00007FFAC3B50000-0x00007FFAC3B61000-memory.dmp

      Filesize

      68KB

      Download

    • memory/3912-32-0x00007FFAC3B30000-0x00007FFAC3B41000-memory.dmp

      Filesize

      68KB

      Download

    • memory/3912-33-0x00007FFAC2B90000-0x00007FFAC2BAB000-memory.dmp

      Filesize

      108KB

      Download

    • memory/3912-34-0x00007FFAC2B70000-0x00007FFAC2B81000-memory.dmp

      Filesize

      68KB

      Download

    • memory/3912-36-0x00007FFAC2B20000-0x00007FFAC2B50000-memory.dmp

      Filesize

      192KB

      Download

    • memory/3912-35-0x00007FFAC2B50000-0x00007FFAC2B68000-memory.dmp

      Filesize

      96KB

      Download

    • memory/3912-37-0x00007FFAC2AB0000-0x00007FFAC2B17000-memory.dmp

      Filesize

      412KB

      Download

    • memory/3912-38-0x00007FFAC2A40000-0x00007FFAC2AAF000-memory.dmp

      Filesize

      444KB

      Download

    • memory/3912-40-0x00007FFAC1500000-0x00007FFAC1556000-memory.dmp

      Filesize

      344KB

      Download

    • memory/3912-41-0x00007FFAC29F0000-0x00007FFAC2A18000-memory.dmp

      Filesize

      160KB

      Download

    • memory/3912-42-0x00007FFAC14D0000-0x00007FFAC14F4000-memory.dmp

      Filesize

      144KB

      Download

    • memory/3912-43-0x00007FFAC14B0000-0x00007FFAC14C7000-memory.dmp

      Filesize

      92KB

      Download

    • memory/3912-39-0x00007FFAC2A20000-0x00007FFAC2A31000-memory.dmp

      Filesize

      68KB

      Download

    • memory/3912-44-0x00007FFAC1480000-0x00007FFAC14A3000-memory.dmp

      Filesize

      140KB

      Download

    • memory/3912-46-0x00007FFAC1440000-0x00007FFAC1452000-memory.dmp

      Filesize

      72KB

      Download

    • memory/3912-45-0x00007FFAC1460000-0x00007FFAC1471000-memory.dmp

      Filesize

      68KB

      Download

    • memory/3912-47-0x00007FFAC1410000-0x00007FFAC1431000-memory.dmp

      Filesize

      132KB

      Download

    • memory/3912-48-0x00007FFAC13F0000-0x00007FFAC1403000-memory.dmp

      Filesize

      76KB

      Download

    • memory/3912-49-0x00007FFAC13D0000-0x00007FFAC13E2000-memory.dmp

      Filesize

      72KB

      Download

    • memory/3912-50-0x00007FFAC1290000-0x00007FFAC13CB000-memory.dmp

      Filesize

      1.2MB

      Download

    • memory/3912-51-0x00007FFAC1260000-0x00007FFAC128C000-memory.dmp

      Filesize

      176KB

      Download

    • memory/3912-52-0x00007FFAC10A0000-0x00007FFAC1252000-memory.dmp

      Filesize

      1.7MB

      Download

    • memory/3912-53-0x00007FFAC1040000-0x00007FFAC109C000-memory.dmp

      Filesize

      368KB

      Download

    • memory/3912-54-0x00007FFAC1020000-0x00007FFAC1031000-memory.dmp

      Filesize

      68KB

      Download

    • memory/3912-55-0x00007FFAC0F80000-0x00007FFAC1017000-memory.dmp

      Filesize

      604KB

      Download

    • memory/3912-56-0x00007FFAC0F60000-0x00007FFAC0F72000-memory.dmp

      Filesize

      72KB

      Download

    • memory/3912-57-0x00007FFAC0D20000-0x00007FFAC0F51000-memory.dmp

      Filesize

      2.2MB

      Download

    • memory/3912-58-0x00007FFAC0C00000-0x00007FFAC0D12000-memory.dmp

      Filesize

      1.1MB

      Download

    • memory/3912-59-0x00007FFAC0BC0000-0x00007FFAC0BF5000-memory.dmp

      Filesize

      212KB

      Download

    • memory/3912-60-0x00007FFAC0B90000-0x00007FFAC0BB5000-memory.dmp

      Filesize

      148KB

      Download

    • memory/3912-61-0x00007FFAC0990000-0x00007FFAC09A1000-memory.dmp

      Filesize

      68KB

      Download

    • memory/3912-62-0x00007FFAC0920000-0x00007FFAC0981000-memory.dmp

      Filesize

      388KB

      Download

    • memory/3912-63-0x00007FFAC0900000-0x00007FFAC0911000-memory.dmp

      Filesize

      68KB

      Download

    • memory/3912-64-0x00007FFAC08E0000-0x00007FFAC08F2000-memory.dmp

      Filesize

      72KB

      Download

    • memory/3912-65-0x00007FFAC08C0000-0x00007FFAC08D3000-memory.dmp

      Filesize

      76KB

      Download

    • memory/3912-66-0x00007FFAC0820000-0x00007FFAC08BF000-memory.dmp

      Filesize

      636KB

      Download

    • memory/3912-68-0x00007FFAC06F0000-0x00007FFAC07F2000-memory.dmp

      Filesize

      1.0MB

      Download

    • memory/3912-67-0x00007FFAC0800000-0x00007FFAC0811000-memory.dmp

      Filesize

      68KB

      Download

    • memory/3912-69-0x00007FFAC06D0000-0x00007FFAC06E1000-memory.dmp

      Filesize

      68KB

      Download

    • memory/3912-70-0x00007FFAC06B0000-0x00007FFAC06C1000-memory.dmp

      Filesize

      68KB

      Download

    • memory/3912-71-0x00007FFAC0690000-0x00007FFAC06A1000-memory.dmp

      Filesize

      68KB

      Download

    • memory/3912-72-0x00007FFAC0670000-0x00007FFAC0682000-memory.dmp

      Filesize

      72KB

      Download

    • memory/3912-73-0x00007FFAC0650000-0x00007FFAC0668000-memory.dmp

      Filesize

      96KB

      Download

    • memory/3912-74-0x00007FFAC0630000-0x00007FFAC0646000-memory.dmp

      Filesize

      88KB

      Download

    • memory/3912-75-0x00007FFAC0600000-0x00007FFAC0629000-memory.dmp

      Filesize

      164KB

      Download

    • memory/3912-77-0x00007FFAC05C0000-0x00007FFAC05D1000-memory.dmp

      Filesize

      68KB

      Download

    • memory/3912-78-0x00007FFAC05A0000-0x00007FFAC05B1000-memory.dmp

      Filesize

      68KB

      Download

    • memory/3912-76-0x00007FFAC05E0000-0x00007FFAC05F2000-memory.dmp

      Filesize

      72KB

      Download