63f4a4b367edd742486de711afd2bac8d87e0357ea3cff3171c46705bb75a16c | Triage

Submit
Reports

Overview

overview

8

Static

static

3

Guess.exe

windows11-21h2-x64

Resubmissions

20-04-2024 12:06

240420-n9vl6agd39 3

20-04-2024 11:54

240420-n21hfagg31 8

Sharing

General

Target

Guess.exe
Size

118KB
Sample

240420-n21hfagg31
MD5

a4a72f6f847a97c6827fb2c14c2e5aac
SHA1

7a516e225397c7e3929e6930163dd6a2a748b056
SHA256

63f4a4b367edd742486de711afd2bac8d87e0357ea3cff3171c46705bb75a16c
SHA512

61490e0d7fd27ce5c0eda21fb8339762b9ecefa2e8c419dbbe4a0bca765e5d75425c6311916de74983bde5a7b12d7fe10a42ed7390157cb054bb1622a567f9c5
SSDEEP

1536:RIkxWPP1B4/XgAgsCHDPJmxvWhygM5z8lrSI+2A2arufN1jkgpPTIyUF:R9sH1B4/tC4xhowuAO4F

Score

8^/10

bootkit persistence

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

Guess.exe

Resource

win11-20240412-en

bootkit persistence

windows11-21h2-x64

18 signatures

1800 seconds

Malware Config

Targets

- Target
  
  Guess.exe
- Size
  
  118KB
- MD5
  
  a4a72f6f847a97c6827fb2c14c2e5aac
- SHA1
  
  7a516e225397c7e3929e6930163dd6a2a748b056
- SHA256
  
  63f4a4b367edd742486de711afd2bac8d87e0357ea3cff3171c46705bb75a16c
- SHA512
  
  61490e0d7fd27ce5c0eda21fb8339762b9ecefa2e8c419dbbe4a0bca765e5d75425c6311916de74983bde5a7b12d7fe10a42ed7390157cb054bb1622a567f9c5
- SSDEEP
  
  1536:RIkxWPP1B4/XgAgsCHDPJmxvWhygM5z8lrSI+2A2arufN1jkgpPTIyUF:R9sH1B4/tC4xhowuAO4F
Score

8^/10

bootkit persistence
- Downloads MZ/PE file
- Executes dropped EXE
- Legitimate hosting services abused for malware hosting/C2
- Writes to the Master Boot Record (MBR)
  Bootkits write to the MBR to gain persistence at a level below the operating system.
  bootkit persistence
behavioral1

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Pre-OS Boot

Bootkit

Privilege Escalation

Defense Evasion

Pre-OS Boot

Bootkit

Credential Access

Discovery

System Information Discovery

Query Registry

Lateral Movement

Collection

Exfiltration

Command and Control

Web Service

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

bootkitpersistence

© 2018-2024

Terms | Privacy