Analysis

  • max time kernel
    150s
  • max time network
    151s
  • platform
    windows7_x64
  • resource
    win7-20240220-en
  • resource tags

    arch:x64arch:x86image:win7-20240220-enlocale:en-usos:windows7-x64system
  • submitted
    10-03-2024 02:32

General

  • Target

    bd70320e7e461bd644373c7ee9b385ae.exe

  • Size

    26KB

  • MD5

    bd70320e7e461bd644373c7ee9b385ae

  • SHA1

    22c090e49d305d2254ae47bbf25e1aeb61e3a7d4

  • SHA256

    041f381f32ab32960f0ca733243e766a537a80773665b3c9855e08625d0f53a8

  • SHA512

    984b2cd7b8a8c5ca75e481772ce94470cb4d5ec2bd23970bf20b422db5155c08a770642496a492c0fb787c095487cc00288e2f1f22c5ad07c8da2b06d229817b

  • SSDEEP

    768:mb1kNbf6EBlHKwTvtRL0aswhUMRwkkS6:U1kNbyEBBJJz/hHRwk

Malware Config

Signatures

  • Modifies visibility of file extensions in Explorer 2 TTPs 1 IoCs
  • Writes to the Master Boot Record (MBR) 1 TTPs 1 IoCs

    Bootkits write to the MBR to gain persistence at a level below the operating system.

  • Modifies Internet Explorer settings 1 TTPs 2 IoCs
  • Modifies Internet Explorer start page 1 TTPs 1 IoCs
  • Modifies registry class 39 IoCs
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious behavior: RenamesItself 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 2 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\bd70320e7e461bd644373c7ee9b385ae.exe
    "C:\Users\Admin\AppData\Local\Temp\bd70320e7e461bd644373c7ee9b385ae.exe"
    1⤵
    • Modifies visibility of file extensions in Explorer
    • Writes to the Master Boot Record (MBR)
    • Modifies Internet Explorer settings
    • Modifies Internet Explorer start page
    • Modifies registry class
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious behavior: RenamesItself
    • Suspicious use of AdjustPrivilegeToken
    PID:2176

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads