8f87d4d79aaf451e4706832d07e8145cfb2f2f26b46c572c3ec31d4098ce9f89

Analysis

max time kernel
147s
max time network
151s
platform
windows11-21h2_x64
resource
win11-20240419-en
resource tags

arch:x64arch:x86image:win11-20240419-enlocale:en-usos:windows11-21h2-x64system
submitted
11-05-2024 11:41

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

8f87d4d79aaf451e4706832d07e8145cfb2f2f26b46c572c3ec31d4098ce9f89.exe
Size

1.1MB
MD5

d987fb6f91354e0f3b5c713cc8ecf298
SHA1

0db3565de533b2f60ed67f343786c3bd1bf6c9b5
SHA256

8f87d4d79aaf451e4706832d07e8145cfb2f2f26b46c572c3ec31d4098ce9f89
SHA512

a95003f2bc3872577340d9be504b766ce2ef9674bde653afec8e1621d500b65aa785dd340b8c91c5a0e3a9729b6e88e2f1422af13f9920cc83d2c2d52871e0c4
SSDEEP

24576:nPeGXYP3lOi7b6mdJfCZIP4AbX5CN/aXfWWCGCPN:nPd8V8yAUX50Wed

Score

6^/10

bootkit persistence

Malware Config

Signatures

Writes to the Master Boot Record (MBR) 1 TTPs 1 IoCs

Bootkits write to the MBR to gain persistence at a level below the operating system.

bootkit persistence

Bootkit

T1542.003

description	ioc	Process
File opened for modification	\??\PHYSICALDRIVE0	8f87d4d79aaf451e4706832d07e8145cfb2f2f26b46c572c3ec31d4098ce9f89.exe

C:\Users\Admin\AppData\Local\Temp\8f87d4d79aaf451e4706832d07e8145cfb2f2f26b46c572c3ec31d4098ce9f89.exe
"C:\Users\Admin\AppData\Local\Temp\8f87d4d79aaf451e4706832d07e8145cfb2f2f26b46c572c3ec31d4098ce9f89.exe"
1⤵
- Writes to the Master Boot Record (MBR)
PID:2332

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Pre-OS Boot

T1542

Bootkit

T1542.003

Privilege Escalation

Defense Evasion

Pre-OS Boot

T1542

Bootkit

T1542.003

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2332-0-0x0000000002390000-0x0000000002391000-memory.dmp

Filesize
4KB

Download
memory/2332-2-0x0000000000400000-0x000000000046F000-memory.dmp

Filesize
444KB

Download
memory/2332-1-0x00000000028A0000-0x0000000002918000-memory.dmp

Filesize
480KB

Download
memory/2332-3-0x0000000000400000-0x0000000000518000-memory.dmp

Filesize
1.1MB

Download
memory/2332-4-0x0000000000400000-0x0000000000518000-memory.dmp

Filesize
1.1MB

Download
memory/2332-7-0x0000000000400000-0x000000000046F000-memory.dmp

Filesize
444KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads