91a45c416324ed3a8c184e349214e7c82d6df0df4fe6d06f3c7818c0d322373b

Analysis

max time kernel
15s
max time network
16s
platform
windows7_x64
resource
win7-20240220-en
resource tags

arch:x64arch:x86image:win7-20240220-enlocale:en-usos:windows7-x64system
submitted
28-04-2024 23:17

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

ttt.exe
Size

421KB
MD5

9185b776b7a981d060b0bb0d7ffed201
SHA1

427982fb520c099e8d2e831ace18294ade871aff
SHA256

91a45c416324ed3a8c184e349214e7c82d6df0df4fe6d06f3c7818c0d322373b
SHA512

cb46ca0c3156dc7b177fdb73869e13b229cbab8918dbb4b61a854765313fc9526aa5d7b944aa4b9acb77717c5ffd8fe955ba4eb48d75e2528ec844bfcf4aa5e8
SSDEEP

12288:zZMh/qXO/ljOBYbPUV7TRnP+vacQlokO+bW:Wh/qXIvbPUFxqaQ2W

Score

6^/10

bootkit persistence

Malware Config

Signatures

Writes to the Master Boot Record (MBR) 1 TTPs 1 IoCs

Bootkits write to the MBR to gain persistence at a level below the operating system.

bootkit persistence

Bootkit

T1542.003

description	ioc	Process
File opened for modification	\??\PHYSICALDRIVE0	ttt.exe

C:\Users\Admin\AppData\Local\Temp\ttt.exe
"C:\Users\Admin\AppData\Local\Temp\ttt.exe"
1⤵
- Writes to the Master Boot Record (MBR)
PID:2852

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Pre-OS Boot

T1542

Bootkit

T1542.003

Privilege Escalation

Defense Evasion

Pre-OS Boot

T1542

Bootkit

T1542.003

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads