Analysis
-
max time kernel
141s -
max time network
123s -
platform
windows10-2004_x64 -
resource
win10v2004-20240419-en -
resource tags
arch:x64arch:x86image:win10v2004-20240419-enlocale:en-usos:windows10-2004-x64system -
submitted
07/05/2024, 04:16
Behavioral task
behavioral1
Sample
SecuriteInfo.com.PUA.Agent.1483.15930.exe
Resource
win7-20240419-en
Behavioral task
behavioral2
Sample
SecuriteInfo.com.PUA.Agent.1483.15930.exe
Resource
win10v2004-20240419-en
General
-
Target
SecuriteInfo.com.PUA.Agent.1483.15930.exe
-
Size
2.3MB
-
MD5
59fdd05b8090846c2fb71f445f449dec
-
SHA1
c913e02d60d255e3b3c62fb77834bec4b48bab48
-
SHA256
85840fb457d34c82233a6594b127d4ed0d85c93d4be740c0df7b0c019cf5cbd4
-
SHA512
fa53247ff72828883c55867dcbadac7794de98ecfc1ed87ffa1ab44c4b60ada21975b53ef9d5a2901fa6d4612c675040fcc8fbd3d0eaa48be15647a22af32ebc
-
SSDEEP
49152:W2MEdPw+PjHTlp8ubiPTV+AXTHHXcdm29XtYZPY0KqD224avU:E8bTb7bETVRHYm298Y0KqD224avU
Malware Config
Signatures
-
Executes dropped EXE 1 IoCs
pid Process 2816 Ver36FE.tmp -
resource yara_rule behavioral2/memory/1644-0-0x0000000000400000-0x00000000009A9000-memory.dmp upx behavioral2/memory/1644-7-0x0000000000400000-0x00000000009A9000-memory.dmp upx -
Writes to the Master Boot Record (MBR) 1 TTPs 2 IoCs
Bootkits write to the MBR to gain persistence at a level below the operating system.
description ioc Process File opened for modification \??\PhysicalDrive0 Ver36FE.tmp File opened for modification \??\PhysicalDrive0 SecuriteInfo.com.PUA.Agent.1483.15930.exe -
Suspicious use of SetWindowsHookEx 2 IoCs
pid Process 1644 SecuriteInfo.com.PUA.Agent.1483.15930.exe 1644 SecuriteInfo.com.PUA.Agent.1483.15930.exe -
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 1644 wrote to memory of 2816 1644 SecuriteInfo.com.PUA.Agent.1483.15930.exe 83 PID 1644 wrote to memory of 2816 1644 SecuriteInfo.com.PUA.Agent.1483.15930.exe 83 PID 1644 wrote to memory of 2816 1644 SecuriteInfo.com.PUA.Agent.1483.15930.exe 83
Processes
-
C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.PUA.Agent.1483.15930.exe"C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.PUA.Agent.1483.15930.exe"1⤵
- Writes to the Master Boot Record (MBR)
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1644 -
C:\Users\Admin\AppData\Local\Temp\Ver36FE.tmpC:\Users\Admin\AppData\Local\Temp\Ver36FE.tmp 219028293_gsds/2.366.1011/2 startinstall2⤵
- Executes dropped EXE
- Writes to the Master Boot Record (MBR)
PID:2816
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
100KB
MD583f56b363eaf6bd2766ebacf70995bcb
SHA1cecb73bd12537567b14784541546760badc175d6
SHA2560d3ad00de0f06289d7919e66a4956d281473d20b256a5aed2903c5a6acfde74e
SHA5125252638dde71d938e7d999ff1b485181e0771baa7e5b55e316eddbd2fdb1c6da14b878c279ebd85d826d604160acd2d354b24bff58bea6a841d6e907c0f82fa9