Overview

overview

10

Static

static

3

Psychomeme.exe

windows7-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Psychomeme.exe

  • Size

    54KB

  • Sample

    240328-2vtyzabf48

  • MD5

    3521b518a78b571b405383936f50b644

  • SHA1

    dbe5c078f9fbef3fa38a32a9d240a55f377ca517

  • SHA256

    a7f94a16e6e782ced5bde00435b7a6049a703d91e2908bbbff7cf3dbf5b1a239

  • SHA512

    dade4826f26c2852717b3d303ea062de5da8d4facb5679716cbe2b84575765117f497e2d50232e8960d92fc3c188a1562fd3151f8e0786a83abb6137914c8524

  • SSDEEP

    768:zDbptWjCyfjTrXBbXV5Z9OzNKOjpY6D0oyxAowZAGa0fbQLH:fbpzkbDOk+pYKaXGcLH

Score
10/10
bootkitdiscoveryevasionexploitpersistence

Malware Config

Targets

    • Target

      Psychomeme.exe

    • Size

      54KB

    • MD5

      3521b518a78b571b405383936f50b644

    • SHA1

      dbe5c078f9fbef3fa38a32a9d240a55f377ca517

    • SHA256

      a7f94a16e6e782ced5bde00435b7a6049a703d91e2908bbbff7cf3dbf5b1a239

    • SHA512

      dade4826f26c2852717b3d303ea062de5da8d4facb5679716cbe2b84575765117f497e2d50232e8960d92fc3c188a1562fd3151f8e0786a83abb6137914c8524

    • SSDEEP

      768:zDbptWjCyfjTrXBbXV5Z9OzNKOjpY6D0oyxAowZAGa0fbQLH:fbpzkbDOk+pYKaXGcLH

    Score
    10/10
    bootkitdiscoveryevasionexploitpersistence

    • Modifies WinLogon for persistence

      persistence

    • Disables RegEdit via registry modification

      evasion

    • Possible privilege escalation attempt

      exploit

    • Modifies file permissions

      discovery

    • Modifies WinLogon

      persistence

    • Writes to the Master Boot Record (MBR)

      Bootkits write to the MBR to gain persistence at a level below the operating system.

      bootkitpersistence
    behavioral1

MITRE ATT&CK Enterprise v15

Tasks