Analysis
-
max time kernel
32s -
max time network
20s -
platform
windows7_x64 -
resource
win7-20240221-en -
resource tags
arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system -
submitted
19-04-2024 08:29
Static task
static1
Behavioral task
behavioral1
Sample
PLAY_M~1.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
PLAY_M~1.exe
Resource
win10v2004-20240412-en
Behavioral task
behavioral3
Sample
PLAY_M~2.exe
Resource
win7-20240221-en
Behavioral task
behavioral4
Sample
PLAY_M~2.exe
Resource
win10v2004-20240412-en
General
-
Target
PLAY_M~2.exe
-
Size
158KB
-
MD5
236c9737940082a1d8117ed3af345800
-
SHA1
b23c213cc80bc72f8049ff969a5b077a506acb43
-
SHA256
66305ad462848ea10ae813baa57efae22aef8ac41513b6937717875375c9b0e1
-
SHA512
1357292e2929e56113f373735d32ee789762c8d197eaf4fbabbd745564b7569b010bca44bc736f57710fb94984391f4ac6bd816c0102211b3960373c15900d8d
-
SSDEEP
3072:3v+fjieg9/iQhMPSO+4oV2ugfhdpyYeHXf07sjXgK9ce2:/3egpzhMPSh4hPpteHpjwK9c
Malware Config
Signatures
-
Writes to the Master Boot Record (MBR) 1 TTPs 1 IoCs
Bootkits write to the MBR to gain persistence at a level below the operating system.
Processes:
PLAY_M~2.exedescription ioc process File opened for modification \??\physicaldrive0 PLAY_M~2.exe -
Suspicious behavior: RenamesItself 1 IoCs
Processes:
PLAY_M~2.exepid process 2092 PLAY_M~2.exe -
Suspicious use of AdjustPrivilegeToken 1 IoCs
Processes:
PLAY_M~2.exedescription pid process Token: SeShutdownPrivilege 2092 PLAY_M~2.exe