1ff67f03aa62a0effbb269f2d06011240723531b24ba2d531778eac41af8d52c

Analysis

max time kernel
141s
max time network
94s
platform
windows11-21h2_x64
resource
win11-20240426-en
resource tags

arch:x64arch:x86image:win11-20240426-enlocale:en-usos:windows11-21h2-x64system
submitted
12-05-2024 19:53

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

1ff67f03aa62a0effbb269f2d06011240723531b24ba2d531778eac41af8d52c.exe
Size

1.1MB
MD5

0c3293455aecd10edd3c7dd5cdcebf54
SHA1

aac443731bdd8aa7eaaa6d2ac4a6c44dd7d48bac
SHA256

1ff67f03aa62a0effbb269f2d06011240723531b24ba2d531778eac41af8d52c
SHA512

5d331bba8e4c565856977975c1a04a4a4a5c6976eb80ac24982885e9cff2402196dbbc89b21e169a107d941b2ce9c694b0c32ac5ab2a216b1ed4cdcda11f69e8
SSDEEP

24576:nPeGXYP3lOi7b6mdJfCZII4AbX5CN/aXfWWCGCPN:nPd8V8yZUX50Wed

Score

6^/10

bootkit persistence

Malware Config

Signatures

Writes to the Master Boot Record (MBR) 1 TTPs 1 IoCs

Bootkits write to the MBR to gain persistence at a level below the operating system.

bootkit persistence

Bootkit

T1542.003

description	ioc	Process
File opened for modification	\??\PHYSICALDRIVE0	1ff67f03aa62a0effbb269f2d06011240723531b24ba2d531778eac41af8d52c.exe

C:\Users\Admin\AppData\Local\Temp\1ff67f03aa62a0effbb269f2d06011240723531b24ba2d531778eac41af8d52c.exe
"C:\Users\Admin\AppData\Local\Temp\1ff67f03aa62a0effbb269f2d06011240723531b24ba2d531778eac41af8d52c.exe"
1⤵
- Writes to the Master Boot Record (MBR)
PID:4828

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Pre-OS Boot

T1542

Bootkit

T1542.003

Privilege Escalation

Defense Evasion

Pre-OS Boot

T1542

Bootkit

T1542.003

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

memory/4828-0-0x0000000002380000-0x0000000002381000-memory.dmp

Filesize
4KB

Download
memory/4828-1-0x00000000028D0000-0x0000000002948000-memory.dmp

Filesize
480KB

Download
memory/4828-2-0x0000000000400000-0x000000000046F000-memory.dmp

Filesize
444KB

Download
memory/4828-3-0x0000000000400000-0x0000000000518000-memory.dmp

Filesize
1.1MB

Download
memory/4828-4-0x0000000000400000-0x0000000000518000-memory.dmp

Filesize
1.1MB

Download
memory/4828-7-0x0000000000400000-0x000000000046F000-memory.dmp

Filesize
444KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads