8bffe3b57d9058d6af48500d88305cc6395dc8cd9c336b3b219e92726d41cfdb

Analysis

max time kernel
140s
max time network
134s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
15-05-2024 19:48

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

8bffe3b57d9058d6af48500d88305cc6395dc8cd9c336b3b219e92726d41cfdb.exe
Size

1.1MB
MD5

31caa648461ab749389078d6af3884db
SHA1

b01a786ae89158322eaf462553ba3320ad548e11
SHA256

8bffe3b57d9058d6af48500d88305cc6395dc8cd9c336b3b219e92726d41cfdb
SHA512

bb44fa5f3b5c0be743128ce76e20e54d6f7b2218cc55184151f57599eed478c93ed9b72a39ca7c58c4c6d1e3c29a2acfb0df84a321ea0f275308a3d482d7deeb
SSDEEP

24576:FI7m4LjGr35sk7kN9h/Fdff2RbLbyBDOYO5cd4e7:FI7Sj77kN9h/QblYO5e

Score

6^/10

bootkit persistence

Malware Config

Signatures

Writes to the Master Boot Record (MBR) 1 TTPs 1 IoCs

Bootkits write to the MBR to gain persistence at a level below the operating system.

bootkit persistence

Bootkit

T1542.003

description	ioc	Process
File opened for modification	\??\PHYSICALDRIVE0	8bffe3b57d9058d6af48500d88305cc6395dc8cd9c336b3b219e92726d41cfdb.exe

C:\Users\Admin\AppData\Local\Temp\8bffe3b57d9058d6af48500d88305cc6395dc8cd9c336b3b219e92726d41cfdb.exe
"C:\Users\Admin\AppData\Local\Temp\8bffe3b57d9058d6af48500d88305cc6395dc8cd9c336b3b219e92726d41cfdb.exe"
1⤵
- Writes to the Master Boot Record (MBR)
PID:640

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Pre-OS Boot

T1542

Bootkit

T1542.003

Privilege Escalation

Defense Evasion

Pre-OS Boot

T1542

Bootkit

T1542.003

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

memory/640-0-0x00000000007C0000-0x00000000007C1000-memory.dmp

Filesize
4KB

Download
memory/640-1-0x0000000002790000-0x00000000027FF000-memory.dmp

Filesize
444KB

Download
memory/640-2-0x0000000000400000-0x000000000046F000-memory.dmp

Filesize
444KB

Download
memory/640-3-0x0000000000400000-0x000000000051B000-memory.dmp

Filesize
1.1MB

Download
memory/640-4-0x0000000000400000-0x000000000051B000-memory.dmp

Filesize
1.1MB

Download
memory/640-7-0x0000000000400000-0x000000000046F000-memory.dmp

Filesize
444KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads