Overview

overview

10

Static

static

3

Psychomeme.exe

windows7-x64

10

Sharing

Copy URL Twitter E-mail

General

  • Target

    Psychomeme.exe

  • Size

    52KB

  • Sample

    240328-11v8jshg8x

  • MD5

    242a020df3b6260fbe24f698d31b3693

  • SHA1

    a16937b6fec7e31930c951fa857fdfa0002cf8a5

  • SHA256

    db7935d13c23e61389c5084279f3a6fe89dc9265198e3d81b7dd2f3bfaf94ee4

  • SHA512

    8abad129d9727ffe9a76da99ea50317ec67cd5c1034aa130b89c9f12af262341939a9cd0371c4fbed6f5be13ffd74eabf1cb96b2c57e862eaceadb57d3977663

  • SSDEEP

    768:TZRTbgpIJQDTdedbKv5ZadNKOjpY6D0oyxAowZAGa0fbQLH:9R7QebDi+pYKaXGcLH

Score
10/10
bootkitdiscoveryevasionexploitpersistence

Malware Config

Targets

    • Target

      Psychomeme.exe

    • Size

      52KB

    • MD5

      242a020df3b6260fbe24f698d31b3693

    • SHA1

      a16937b6fec7e31930c951fa857fdfa0002cf8a5

    • SHA256

      db7935d13c23e61389c5084279f3a6fe89dc9265198e3d81b7dd2f3bfaf94ee4

    • SHA512

      8abad129d9727ffe9a76da99ea50317ec67cd5c1034aa130b89c9f12af262341939a9cd0371c4fbed6f5be13ffd74eabf1cb96b2c57e862eaceadb57d3977663

    • SSDEEP

      768:TZRTbgpIJQDTdedbKv5ZadNKOjpY6D0oyxAowZAGa0fbQLH:9R7QebDi+pYKaXGcLH

    Score
    10/10
    bootkitdiscoveryevasionexploitpersistence

    • Modifies WinLogon for persistence

      persistence

    • Disables RegEdit via registry modification

      evasion

    • Possible privilege escalation attempt

      exploit

    • Modifies file permissions

      discovery

    • Modifies WinLogon

      persistence

    • Writes to the Master Boot Record (MBR)

      Bootkits write to the MBR to gain persistence at a level below the operating system.

      bootkitpersistence
    behavioral1

MITRE ATT&CK Enterprise v15

Tasks