88aed89c6ab9c640c79069ff683d3f80bfd9e464c61dd045c524ea643226feb4

Analysis

max time kernel
142s
max time network
157s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
21/05/2024, 23:24 UTC

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

88aed89c6ab9c640c79069ff683d3f80bfd9e464c61dd045c524ea643226feb4.exe
Size

3.8MB
MD5

1850c1568c050d43c151f33e21bd9845
SHA1

fe38252bc5e059b57cb86cba13a51fe63dbbe44c
SHA256

88aed89c6ab9c640c79069ff683d3f80bfd9e464c61dd045c524ea643226feb4
SHA512

ac4e5c8889e89fad5336cdd964397d7dbd04725926376a70549cfdd10ae825024222fd9fa679c9b95b54ddf6f8c180e04c40679ed4f504180f8c20d48470124e
SSDEEP

98304:S98oB054pnlAlOeOONTw43gi67Q5iryIRl0xlvJOtBaqf:S98356CXT870oHzKAaqf

Score

7^/10

bootkit persistence

Malware Config

Signatures

Loads dropped DLL 3 IoCs

pid	Process
4964	88aed89c6ab9c640c79069ff683d3f80bfd9e464c61dd045c524ea643226feb4.exe
4964	88aed89c6ab9c640c79069ff683d3f80bfd9e464c61dd045c524ea643226feb4.exe
4964	88aed89c6ab9c640c79069ff683d3f80bfd9e464c61dd045c524ea643226feb4.exe

Writes to the Master Boot Record (MBR) 1 TTPs 1 IoCs

Bootkits write to the MBR to gain persistence at a level below the operating system.

bootkit persistence

Bootkit

T1542.003

description	ioc	Process
File opened for modification	\??\PhysicalDrive0	88aed89c6ab9c640c79069ff683d3f80bfd9e464c61dd045c524ea643226feb4.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

C:\Users\Admin\AppData\Local\Temp\88aed89c6ab9c640c79069ff683d3f80bfd9e464c61dd045c524ea643226feb4.exe
"C:\Users\Admin\AppData\Local\Temp\88aed89c6ab9c640c79069ff683d3f80bfd9e464c61dd045c524ea643226feb4.exe"
1⤵
- Loads dropped DLL
- Writes to the Master Boot Record (MBR)
PID:4964

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=4264 --field-trial-handle=2692,i,8678872182442199182,12502579059484928042,262144 --variations-seed-version /prefetch:8
1⤵
PID:3484

Network

DNS

241.150.49.20.in-addr.arpa

Remote address:

8.8.8.8:53

Request

241.150.49.20.in-addr.arpa

IN PTR

Response
DNS

91.90.14.23.in-addr.arpa

Remote address:

8.8.8.8:53

Request

91.90.14.23.in-addr.arpa

IN PTR

Response

91.90.14.23.in-addr.arpa

IN PTR

a23-14-90-91deploystaticakamaitechnologiescom
DNS

s.ludashi.com

88aed89c6ab9c640c79069ff683d3f80bfd9e464c61dd045c524ea643226feb4.exe

Remote address:

8.8.8.8:53

Request

s.ludashi.com

IN A

Response

s.ludashi.com

IN A

47.117.76.6
DNS

s.ludashi.com

88aed89c6ab9c640c79069ff683d3f80bfd9e464c61dd045c524ea643226feb4.exe

Remote address:

8.8.8.8:53

Request

s.ludashi.com

IN A
DNS

zhushou.ludashi.com

88aed89c6ab9c640c79069ff683d3f80bfd9e464c61dd045c524ea643226feb4.exe

Remote address:

8.8.8.8:53

Request

zhushou.ludashi.com

IN A

Response

zhushou.ludashi.com

IN A

120.27.83.10
DNS

zhushou.ludashi.com

88aed89c6ab9c640c79069ff683d3f80bfd9e464c61dd045c524ea643226feb4.exe

Remote address:

8.8.8.8:53

Request

zhushou.ludashi.com

IN A
DNS

71.31.126.40.in-addr.arpa

Remote address:

8.8.8.8:53

Request

71.31.126.40.in-addr.arpa

IN PTR

Response
DNS

95.221.229.192.in-addr.arpa

Remote address:

8.8.8.8:53

Request

95.221.229.192.in-addr.arpa

IN PTR

Response
DNS

183.142.211.20.in-addr.arpa

Remote address:

8.8.8.8:53

Request

183.142.211.20.in-addr.arpa

IN PTR

Response
DNS

103.169.127.40.in-addr.arpa

Remote address:

8.8.8.8:53

Request

103.169.127.40.in-addr.arpa

IN PTR

Response
DNS

206.23.85.13.in-addr.arpa

Remote address:

8.8.8.8:53

Request

206.23.85.13.in-addr.arpa

IN PTR

Response
DNS

chromewebstore.googleapis.com

Remote address:

8.8.8.8:53

Request

chromewebstore.googleapis.com

IN A

Response

chromewebstore.googleapis.com

IN A

142.250.187.202

chromewebstore.googleapis.com

IN A

142.250.187.234

chromewebstore.googleapis.com

IN A

142.250.178.10

chromewebstore.googleapis.com

IN A

172.217.16.234

chromewebstore.googleapis.com

IN A

142.250.200.10

chromewebstore.googleapis.com

IN A

142.250.200.42

chromewebstore.googleapis.com

IN A

216.58.201.106

chromewebstore.googleapis.com

IN A

216.58.204.74

chromewebstore.googleapis.com

IN A

216.58.213.10

chromewebstore.googleapis.com

IN A

216.58.212.202

chromewebstore.googleapis.com

IN A

216.58.212.234

chromewebstore.googleapis.com

IN A

172.217.169.74

chromewebstore.googleapis.com

IN A

172.217.169.42

chromewebstore.googleapis.com

IN A

142.250.179.234

chromewebstore.googleapis.com

IN A

142.250.180.10
DNS

chromewebstore.googleapis.com

Remote address:

8.8.8.8:53

Request

chromewebstore.googleapis.com

IN Unknown

Response
DNS

202.187.250.142.in-addr.arpa

Remote address:

8.8.8.8:53

Request

202.187.250.142.in-addr.arpa

IN PTR

Response

202.187.250.142.in-addr.arpa

IN PTR

lhr25s33-in-f101e100net
DNS

240.221.184.93.in-addr.arpa

Remote address:

8.8.8.8:53

Request

240.221.184.93.in-addr.arpa

IN PTR

Response
DNS

123.10.44.20.in-addr.arpa

Remote address:

8.8.8.8:53

Request

123.10.44.20.in-addr.arpa

IN PTR

Response

120.27.83.10:80

zhushou.ludashi.com

88aed89c6ab9c640c79069ff683d3f80bfd9e464c61dd045c524ea643226feb4.exe

260 B
5
47.117.76.6:80

s.ludashi.com

88aed89c6ab9c640c79069ff683d3f80bfd9e464c61dd045c524ea643226feb4.exe

260 B
5
47.117.76.6:80

s.ludashi.com

88aed89c6ab9c640c79069ff683d3f80bfd9e464c61dd045c524ea643226feb4.exe

260 B
5
142.250.187.202:443

chromewebstore.googleapis.com

tls

2.0kB
7.9kB
16
17

8.8.8.8:53

241.150.49.20.in-addr.arpa

dns

72 B
158 B
1
1

DNS Request

241.150.49.20.in-addr.arpa
8.8.8.8:53

91.90.14.23.in-addr.arpa

dns

70 B
133 B
1
1

DNS Request

91.90.14.23.in-addr.arpa
8.8.8.8:53

s.ludashi.com

dns

88aed89c6ab9c640c79069ff683d3f80bfd9e464c61dd045c524ea643226feb4.exe

118 B
75 B
2
1

DNS Request

s.ludashi.com

DNS Request

s.ludashi.com

DNS Response

47.117.76.6
8.8.8.8:53

zhushou.ludashi.com

dns

88aed89c6ab9c640c79069ff683d3f80bfd9e464c61dd045c524ea643226feb4.exe

130 B
81 B
2
1

DNS Request

zhushou.ludashi.com

DNS Request

zhushou.ludashi.com

DNS Response

120.27.83.10
8.8.8.8:53

71.31.126.40.in-addr.arpa

dns

71 B
157 B
1
1

DNS Request

71.31.126.40.in-addr.arpa
8.8.8.8:53

95.221.229.192.in-addr.arpa

dns

73 B
144 B
1
1

DNS Request

95.221.229.192.in-addr.arpa
8.8.8.8:53

183.142.211.20.in-addr.arpa

dns

73 B
159 B
1
1

DNS Request

183.142.211.20.in-addr.arpa
8.8.8.8:53

103.169.127.40.in-addr.arpa

dns

73 B
147 B
1
1

DNS Request

103.169.127.40.in-addr.arpa
8.8.8.8:53

206.23.85.13.in-addr.arpa

dns

71 B
145 B
1
1

DNS Request

206.23.85.13.in-addr.arpa
8.8.8.8:53

chromewebstore.googleapis.com

dns

75 B
315 B
1
1

DNS Request

chromewebstore.googleapis.com

DNS Response

142.250.187.202

142.250.187.234

142.250.178.10

172.217.16.234

142.250.200.10

142.250.200.42

216.58.201.106

216.58.204.74

216.58.213.10

216.58.212.202

216.58.212.234

172.217.169.74

172.217.169.42

142.250.179.234

142.250.180.10
8.8.8.8:53

chromewebstore.googleapis.com

dns

75 B
132 B
1
1

DNS Request

chromewebstore.googleapis.com
8.8.8.8:53

202.187.250.142.in-addr.arpa

dns

74 B
113 B
1
1

DNS Request

202.187.250.142.in-addr.arpa
8.8.8.8:53

240.221.184.93.in-addr.arpa

dns

73 B
144 B
1
1

DNS Request

240.221.184.93.in-addr.arpa
8.8.8.8:53

123.10.44.20.in-addr.arpa

dns

71 B
145 B
1
1

DNS Request

123.10.44.20.in-addr.arpa

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Pre-OS Boot

T1542

Bootkit

T1542.003

Privilege Escalation

Defense Evasion

Pre-OS Boot

T1542

Bootkit

T1542.003

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\LDSGameMaster\Store\360Base.dll

Filesize
862KB

MD5
ab00bed7cb2b7a8290e247fc34aaa5ff

SHA1
d6014e2920d9b587a8e12ae1ba0f1e1fc9edffa8

SHA256
ceffaedc050688e8dcc11ec30b703c63fefbfcf479558604fdb0ea42bcb497c0

SHA512
fbe3bf5e142d689bb15d05503fcf5c807aad5bcb99a02dc99590589ee66f7942a0d8365d470041972212dbdf9c232ab4bbab25e79d7bcd43f001a95d9012cca6

Download Submit
C:\Users\Admin\AppData\Local\Temp\{4D137226-ECDF-4d9d-8850-9997FF8D83D9}.tmp\7z.dll

Filesize
1.0MB

MD5
b902e3ce824b63d3220bff0150097f83

SHA1
efb511c687b1376b683cac4dfe26e044535aa8d3

SHA256
bc19ccc142de96f79288a7edd5468b5e9a96a35a64c888a6e9a9733933c4ae51

SHA512
ace3714e3d5c1409636478564c4ea1828c97cbeacea0e1ab95ec353e898bafcef0c682c780cbfa49589a480d36f0962c805508f4df1b430efb5955c9290b9656

Download Submit
C:\Users\Admin\AppData\Local\Temp\{A0B8C305-1D23-4bc9-8429-AF822BACE323}.tmp\360NetUL.dll

Filesize
234KB

MD5
cd03029957ebc78c0ca7a6c02a9ca846

SHA1
0044114b8073781479044f0294701be9611be2ac

SHA256
139fdd92e6ddf1aac0761a68502b374daa32e82039621018511dc491ed9b4048

SHA512
14c641cb9536def0ddc1969d50b97b83a23017c97373e3ad74d3fbf9825ac81f3fdf8169281c8ad4cebd45d9c9ae05f752d553ba4653e620889b274479cb7c32

Download Submit
C:\Users\Admin\AppData\Local\Temp\{A0B8C305-1D23-4bc9-8429-AF822BACE323}.tmp\NetBridge.dll

Filesize
238KB

MD5
8786d469338c30e0ba9fedfc62bd5197

SHA1
5fb12028ceae9772f938e1b98b699f0e02e32718

SHA256
beeaf8b72f7008e9adabacfcd85e32a50747a0dfb5c86802aeb973bd1f5c3d2f

SHA512
5db1e5b78e62cda81a63e8e712e720f87a7c7a539237a55a9098c076f9fb4e0b5adb83383c23657b4ccc90c117e55e3946a399cdf3d15cb94444b203d9d6c45c

Download Submit
C:\Users\Admin\AppData\Local\Temp\{A0B8C305-1D23-4bc9-8429-AF822BACE323}.tmp\Utils\LDSBasic.dll

Filesize
2.0MB

MD5
cc7b7a2d031fbef005b82bc5221e6046

SHA1
61b9cf646825c37e5262ab5b2ecc755d72770393

SHA256
28f4e42556497b05a017309c69c7e62683a043ab1c452170056a1b5f77175633

SHA512
ec67289b40e88acb946c18890e40e53322b386ce17c351c5fbbebccae84b6d16c2df79ebe79a143d1276101151544aa24a65bdd3101cfd096390034aa70d3e29

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

DNS Request

DNS Request

DNS Request

DNS Request

DNS Response

DNS Request

DNS Request

DNS Response

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Response

DNS Request

DNS Request

DNS Request

DNS Request

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

We care about your privacy.