Overview

overview

6

Static

static

1

a87b7213d0...90.exe

windows7-x64

6

a87b7213d0...90.exe

windows10-2004-x64

6

Analysis

  • max time kernel
    149s
  • max time network
    152s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240226-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
  • submitted
    10-03-2024 20:46

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    a87b7213d0205f2c9502cdf218378dde2474c74f71757ae18dfe23e14e61ed90.exe

  • Size

    1.0MB

  • MD5

    96769de10b692d3d67b1505b57f3fbf7

  • SHA1

    d158cfa191c15745cd5e93debee3d46a019d88d7

  • SHA256

    a87b7213d0205f2c9502cdf218378dde2474c74f71757ae18dfe23e14e61ed90

  • SHA512

    9e0530aaf97307fbe1d9f7fb28b534ae1225fb1f9b6dfa8226dfd1ae3e48edb03ab663445304a8767235b5748c052101b9b8e7da4274c7dd43af9d51433612e2

  • SSDEEP

    24576:vU9BO4+sT99C+cU0mhWDmKYwaUFvv+4DTo4:vU9Br+sT99CvU0XtYvUNmyTF

Score
6/10
bootkitpersistence

Malware Config

Signatures

  • Writes to the Master Boot Record (MBR) 1 TTPs 1 IoCs

    Bootkits write to the MBR to gain persistence at a level below the operating system.

    bootkitpersistence
  • Executes dropped EXE 1 IoCs
  • Suspicious use of SetWindowsHookEx 2 IoCs
  • Suspicious use of WriteProcessMemory 2 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\a87b7213d0205f2c9502cdf218378dde2474c74f71757ae18dfe23e14e61ed90.exe
    "C:\Users\Admin\AppData\Local\Temp\a87b7213d0205f2c9502cdf218378dde2474c74f71757ae18dfe23e14e61ed90.exe"
    1⤵
    • Writes to the Master Boot Record (MBR)
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:4756
    • C:\Users\Public\Documents\Wondershare\NFWCHK.exe
      C:\Users\Public\Documents\Wondershare\NFWCHK.exe
      2⤵
      • Executes dropped EXE
      PID:2152

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\wsWAE.log
    Filesize

    1KB

    MD5

    b7377f3d6bc7dd86767a7cab65f2dd3f

    SHA1

    c43d8d8c7ff8a0b8a59d63ef328c09d8a7d6d1ce

    SHA256

    34e97d0b52d16347c7e85e224223bf69fe7a442c961a0b916d46d67c1ea22f38

    SHA512

    9a725a987cf7089d733a14ecc5190d1d314d46d76be92e223391a6a59d6931349b1efb0fc5c8544200f64d1469376a3e2bfec1cdb1b583400adc6c6f64d7fb8f

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\wsWAE.log
    Filesize

    3KB

    MD5

    8df946e1abeb4b1ac7c32ffceedacc5e

    SHA1

    3547eaf2d0ff502b6f8b0842c57623d1b9809c9b

    SHA256

    67fabefd9fcc524ffe74e277ad28229ac031b5d17aae626658e2c13704207311

    SHA512

    7e30328e69d197ffd06bf207a8ddc09dfdc4202ff16fb3233b15b7da70df9cf38ba5fb498adcd06d3f1aab8025bddc72a5f3141cdf2a30962bd6c03c07af7901

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\wsWAE.log
    Filesize

    3KB

    MD5

    e13c48ce8c2753911cb69fa4b582ca25

    SHA1

    c0a8dc38705b3621ee6423dbc59a4c0830bdfcbd

    SHA256

    b6fa19b98f56a124d074dc4519e62c29f5950e04fd6e2427efd7120d6281931a

    SHA512

    b8404efaa78fec2801ef1f2f166bcb905954a56a1d60d51acfa8db97545c2bdb2e702f65d695eedc800d8f3ea1e2fe07c652c25600311b260e7caad6df7023cb

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\wsWAE.log
    Filesize

    548B

    MD5

    384c8b7ef03dbd189a182a64e211c0ea

    SHA1

    c258f2fdd58829ee00a1eeaef3a079c7a34d51da

    SHA256

    316f908fffb2e9e59525aa350866e3ab16dce294bb913ebb036cc96cac7655e5

    SHA512

    a5da42c2cfe98085b98e7e3dda7d104f945a1959cda7b368519a649cd0d49492c4789ca6048c8ddef0cd6ec917803bc4708204a23134ed38d4309c061900644a

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\wsWAE.log
    Filesize

    4KB

    MD5

    9b75802d793bc45e0fbf25be538205c1

    SHA1

    7657ae639a77a9624c6d8637bc3165973a5ec660

    SHA256

    a92c984da82789090425a4a94fd35990f15eb3c90b5c17e42513f1c6b4419e74

    SHA512

    c0508c24416cc04056334de66988abb00a44e25956c9a57c58bc832fd74e505a046c612504289d15000d3e1adcbb40942cf915ab45974ee9f5a09a306e6105b8

    Download Submit

  • C:\Users\Public\Documents\Wondershare\NFWCHK.exe
    Filesize

    7KB

    MD5

    27cfb3990872caa5930fa69d57aefe7b

    SHA1

    5e1c80d61e8db0cdc0c9b9fa3b2e36d156d45f8f

    SHA256

    43881549228975c7506b050bce4d9b671412d3cdc08c7516c9dbbb7f50c25146

    SHA512

    a1509024872c99c1cf63f42d9f3c5f063afde4e9490c21611551ddd2322d136ce9240256113c525305346cf7b66ccca84c3df67637c8fecbfeebf14ffa373a2a

    Download Submit

  • C:\Users\Public\Documents\Wondershare\NFWCHK.exe.config
    Filesize

    229B

    MD5

    ad0967a0ab95aa7d71b3dc92b71b8f7a

    SHA1

    ed63f517e32094c07a2c5b664ed1cab412233ab5

    SHA256

    9c1212bc648a2533b53a2d0afcec518846d97630afb013742a9622f0df7b04fc

    SHA512

    85766a907331f60044ec205cf345453fc3d44bfcac296ac93a12e8a752b84290dfd94f73b71de82f46f9503177d29602cbb87549f89dc61373d889b4ea26634b

    Download Submit

  • memory/2152-80-0x000000001B520000-0x000000001B540000-memory.dmp

    Filesize

    128KB

    Download

  • memory/2152-84-0x000000001BDB0000-0x000000001BE12000-memory.dmp

    Filesize

    392KB

    Download

  • memory/2152-79-0x000000001B4E0000-0x000000001B4F8000-memory.dmp

    Filesize

    96KB

    Download

  • memory/2152-78-0x0000000001090000-0x00000000010A0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/2152-81-0x00007FF9437D0000-0x00007FF944171000-memory.dmp

    Filesize

    9.6MB

    Download

  • memory/2152-82-0x000000001B540000-0x000000001B84E000-memory.dmp

    Filesize

    3.1MB

    Download

  • memory/2152-83-0x000000001BCF0000-0x000000001BD39000-memory.dmp

    Filesize

    292KB

    Download

  • memory/2152-77-0x00007FF9437D0000-0x00007FF944171000-memory.dmp

    Filesize

    9.6MB

    Download

  • memory/2152-85-0x000000001C2F0000-0x000000001C7BE000-memory.dmp

    Filesize

    4.8MB

    Download

  • memory/2152-86-0x000000001C860000-0x000000001C8FC000-memory.dmp

    Filesize

    624KB

    Download

  • memory/2152-87-0x000000001BC80000-0x000000001BC88000-memory.dmp

    Filesize

    32KB

    Download

  • memory/2152-88-0x000000001CC30000-0x000000001CC6E000-memory.dmp

    Filesize

    248KB

    Download

  • memory/2152-90-0x00007FF9437D0000-0x00007FF944171000-memory.dmp

    Filesize

    9.6MB

    Download

  • memory/2152-76-0x000000001B490000-0x000000001B4B4000-memory.dmp

    Filesize

    144KB

    Download