d60f30517794fae283bcbdcbc601e03f931daa63de0f3bc32f972f2702249d14

Analysis

max time kernel
141s
max time network
93s
platform
windows11-21h2_x64
resource
win11-20240426-en
resource tags

arch:x64arch:x86image:win11-20240426-enlocale:en-usos:windows11-21h2-x64system
submitted
12-05-2024 16:23

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

d60f30517794fae283bcbdcbc601e03f931daa63de0f3bc32f972f2702249d14.exe
Size

1.1MB
MD5

b9d1bd701ab26ebe99c456b303d96a0c
SHA1

d8d98a1998be984f1584d89b6eb71b2a204fb38c
SHA256

d60f30517794fae283bcbdcbc601e03f931daa63de0f3bc32f972f2702249d14
SHA512

e2f5a5272fff6c28bc900c5761478132419cf88e3bd321854d549677d6acd5f9d0fad193cbe4e890eada76cffecfe482488b0c9f5928e3813cb978a4310b3e16
SSDEEP

24576:nPeGXYP3lOi7b6mdJfCZI64AbX5CN/aXfWWCGCPN:nPd8V8yjUX50Wed

Score

6^/10

bootkit persistence

Malware Config

Signatures

Writes to the Master Boot Record (MBR) 1 TTPs 1 IoCs

Bootkits write to the MBR to gain persistence at a level below the operating system.

bootkit persistence

Bootkit

T1542.003

description	ioc	Process
File opened for modification	\??\PHYSICALDRIVE0	d60f30517794fae283bcbdcbc601e03f931daa63de0f3bc32f972f2702249d14.exe

C:\Users\Admin\AppData\Local\Temp\d60f30517794fae283bcbdcbc601e03f931daa63de0f3bc32f972f2702249d14.exe
"C:\Users\Admin\AppData\Local\Temp\d60f30517794fae283bcbdcbc601e03f931daa63de0f3bc32f972f2702249d14.exe"
1⤵
- Writes to the Master Boot Record (MBR)
PID:4340

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Pre-OS Boot

T1542

Bootkit

T1542.003

Privilege Escalation

Defense Evasion

Pre-OS Boot

T1542

Bootkit

T1542.003

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

memory/4340-0-0x0000000002270000-0x0000000002271000-memory.dmp

Filesize
4KB

Download
memory/4340-1-0x0000000002920000-0x0000000002998000-memory.dmp

Filesize
480KB

Download
memory/4340-2-0x0000000000400000-0x000000000046F000-memory.dmp

Filesize
444KB

Download
memory/4340-3-0x0000000000400000-0x0000000000518000-memory.dmp

Filesize
1.1MB

Download
memory/4340-4-0x0000000000400000-0x0000000000518000-memory.dmp

Filesize
1.1MB

Download
memory/4340-7-0x0000000000400000-0x000000000046F000-memory.dmp

Filesize
444KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads