Overview

overview

7

Static

static

3

843044238f...c3.exe

windows7-x64

7

843044238f...c3.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    150s
  • max time network
    127s
  • platform
    windows7_x64
  • resource
    win7-20240508-en
  • resource tags

    arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
  • submitted
    24-05-2024 03:43

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    843044238f9a0cd0610f0c8cb6321f57af75185497d1729b693c19782164bac3.exe

  • Size

    11.6MB

  • MD5

    4a5b6655693f6e515c031234e64d54cc

  • SHA1

    2c3a053d06d258e0a05c25f34da37bbe2ac66043

  • SHA256

    843044238f9a0cd0610f0c8cb6321f57af75185497d1729b693c19782164bac3

  • SHA512

    79caff70c7dea96dd729a22d440bfc9e81eb14846b84a508aea3af247294471b37be92f3166cf80e36d1db6b6a321e377fd5b17a0207652a3e16046d1e3ed077

  • SSDEEP

    196608:fiOiHDI/zJVYCLc9BDal6mpRx5CbOmmPPK6YmQXe:fiVKztc9sMmpRPCbOVPPimQXe

Score
7/10
bootkitpersistence

Malware Config

Signatures

  • Loads dropped DLL 1 IoCs
  • Writes to the Master Boot Record (MBR) 1 TTPs 1 IoCs

    Bootkits write to the MBR to gain persistence at a level below the operating system.

    bootkitpersistence
  • Suspicious use of NtSetInformationThreadHideFromDebugger 64 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Enumerates system info in registry 2 TTPs 2 IoCs
  • Suspicious use of AdjustPrivilegeToken 56 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\843044238f9a0cd0610f0c8cb6321f57af75185497d1729b693c19782164bac3.exe
    "C:\Users\Admin\AppData\Local\Temp\843044238f9a0cd0610f0c8cb6321f57af75185497d1729b693c19782164bac3.exe"
    1⤵
    • Loads dropped DLL
    • Writes to the Master Boot Record (MBR)
    • Suspicious use of NtSetInformationThreadHideFromDebugger
    • Enumerates system info in registry
    • Suspicious use of AdjustPrivilegeToken
    PID:1252

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\SoftAttr.ini
    Filesize

    692B

    MD5

    878e7771285099057b64f2faf9997907

    SHA1

    0b4b44b06b7e6e401a1a5fc0a3073d85526b3e1e

    SHA256

    b5e8a1f6852da2566b72c3748c700f7fbcf3034beedeb1b7bf292b25fd6521ae

    SHA512

    0f7585043a3f0d456754e4635c013933e35dc65434ffabc5997d2760ec0a23c3dab1abba74fff3267350350e204d7412e1ed9555dd6cd7ab392786cff3d467ba

    Download Submit
  • \Users\Admin\AppData\Local\Temp\843044238f9a0cd0610f0c8cb6321f57af75185497d1729b693c19782164bac3.exd
    Filesize

    5.4MB

    MD5

    2985b5ebb5de67055b3ff1beaf03ccdf

    SHA1

    d83eb958ae9bdcce1ecd9a7a2d40d18b0b18ef8b

    SHA256

    2b7668deb4ef3c7ba1e7a322747487d083a2a10f4aa2268ded8ca196144c805f

    SHA512

    f61d884515da79491577086d8dcc4fd05cad2ddcc64f00d5d25c93c00a874340fa436f753a39107490ce7351ba3c26cdfa9eb3d70ed20323767b6b6f053c97e9

    Download Submit
  • memory/1252-508-0x00000000033A0000-0x00000000034B1000-memory.dmp
    Filesize

    1.1MB

    Download
  • memory/1252-7987-0x0000000000400000-0x00000000010176F6-memory.dmp
    Filesize

    12.1MB

    Download
  • memory/1252-506-0x00000000033A0000-0x00000000034B1000-memory.dmp
    Filesize

    1.1MB

    Download
  • memory/1252-526-0x00000000033A0000-0x00000000034B1000-memory.dmp
    Filesize

    1.1MB

    Download
  • memory/1252-538-0x00000000033A0000-0x00000000034B1000-memory.dmp
    Filesize

    1.1MB

    Download
  • memory/1252-536-0x00000000033A0000-0x00000000034B1000-memory.dmp
    Filesize

    1.1MB

    Download
  • memory/1252-534-0x00000000033A0000-0x00000000034B1000-memory.dmp
    Filesize

    1.1MB

    Download
  • memory/1252-532-0x00000000033A0000-0x00000000034B1000-memory.dmp
    Filesize

    1.1MB

    Download
  • memory/1252-4-0x0000000002BB0000-0x00000000030CA000-memory.dmp
    Filesize

    5.1MB

    Download
  • memory/1252-528-0x00000000033A0000-0x00000000034B1000-memory.dmp
    Filesize

    1.1MB

    Download
  • memory/1252-524-0x00000000033A0000-0x00000000034B1000-memory.dmp
    Filesize

    1.1MB

    Download
  • memory/1252-522-0x00000000033A0000-0x00000000034B1000-memory.dmp
    Filesize

    1.1MB

    Download
  • memory/1252-520-0x00000000033A0000-0x00000000034B1000-memory.dmp
    Filesize

    1.1MB

    Download
  • memory/1252-518-0x00000000033A0000-0x00000000034B1000-memory.dmp
    Filesize

    1.1MB

    Download
  • memory/1252-516-0x00000000033A0000-0x00000000034B1000-memory.dmp
    Filesize

    1.1MB

    Download
  • memory/1252-515-0x00000000033A0000-0x00000000034B1000-memory.dmp
    Filesize

    1.1MB

    Download
  • memory/1252-512-0x00000000033A0000-0x00000000034B1000-memory.dmp
    Filesize

    1.1MB

    Download
  • memory/1252-510-0x00000000033A0000-0x00000000034B1000-memory.dmp
    Filesize

    1.1MB

    Download
  • memory/1252-530-0x00000000033A0000-0x00000000034B1000-memory.dmp
    Filesize

    1.1MB

    Download
  • memory/1252-5-0x0000000076FF0000-0x0000000077037000-memory.dmp
    Filesize

    284KB

    Download
  • memory/1252-558-0x00000000033A0000-0x00000000034B1000-memory.dmp
    Filesize

    1.1MB

    Download
  • memory/1252-566-0x00000000033A0000-0x00000000034B1000-memory.dmp
    Filesize

    1.1MB

    Download
  • memory/1252-564-0x00000000033A0000-0x00000000034B1000-memory.dmp
    Filesize

    1.1MB

    Download
  • memory/1252-562-0x00000000033A0000-0x00000000034B1000-memory.dmp
    Filesize

    1.1MB

    Download
  • memory/1252-560-0x00000000033A0000-0x00000000034B1000-memory.dmp
    Filesize

    1.1MB

    Download
  • memory/1252-554-0x00000000033A0000-0x00000000034B1000-memory.dmp
    Filesize

    1.1MB

    Download
  • memory/1252-556-0x00000000033A0000-0x00000000034B1000-memory.dmp
    Filesize

    1.1MB

    Download
  • memory/1252-552-0x00000000033A0000-0x00000000034B1000-memory.dmp
    Filesize

    1.1MB

    Download
  • memory/1252-550-0x00000000033A0000-0x00000000034B1000-memory.dmp
    Filesize

    1.1MB

    Download
  • memory/1252-548-0x00000000033A0000-0x00000000034B1000-memory.dmp
    Filesize

    1.1MB

    Download
  • memory/1252-546-0x00000000033A0000-0x00000000034B1000-memory.dmp
    Filesize

    1.1MB

    Download
  • memory/1252-544-0x00000000033A0000-0x00000000034B1000-memory.dmp
    Filesize

    1.1MB

    Download
  • memory/1252-542-0x00000000033A0000-0x00000000034B1000-memory.dmp
    Filesize

    1.1MB

    Download
  • memory/1252-540-0x00000000033A0000-0x00000000034B1000-memory.dmp
    Filesize

    1.1MB

    Download
  • memory/1252-2241-0x0000000003210000-0x0000000003391000-memory.dmp
    Filesize

    1.5MB

    Download
  • memory/1252-3-0x0000000000400000-0x00000000010176F6-memory.dmp
    Filesize

    12.1MB

    Download
  • memory/1252-505-0x00000000033A0000-0x00000000034B1000-memory.dmp
    Filesize

    1.1MB

    Download
  • memory/1252-7989-0x0000000002BB0000-0x00000000030CA000-memory.dmp
    Filesize

    5.1MB

    Download