Overview

overview

7

Static

static

3

2e5a410c69...a9.exe

windows7-x64

7

2e5a410c69...a9.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    136s
  • max time network
    125s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240426-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
  • submitted
    25-05-2024 21:44

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    2e5a410c694726f0c826c356116396cc37b171c336659fa21b179de9e05636a9.exe

  • Size

    9.6MB

  • MD5

    d90b61917249690341983fc73106f683

  • SHA1

    dcc6b6e797937ea3957aafd3468fe506a625c7ea

  • SHA256

    2e5a410c694726f0c826c356116396cc37b171c336659fa21b179de9e05636a9

  • SHA512

    bdf043195c5d4e688382aafee63151b77394584b0fed12026859be34497769d2b6bb4bb3b8bb58cd2e4fc0ed5c8181594819d212c186e234bce881fc04127450

  • SSDEEP

    196608:oBn8wpgQJdDarfJC5r/by5n8wBi3fY6MzYepRh2eYrrmGb7RhqxoGlHA:oawp54r85aJ4fQsepRhf+hb7RhooGlg

Score
7/10
bootkitpersistence

Malware Config

Signatures

  • Loads dropped DLL 2 IoCs
  • Writes to the Master Boot Record (MBR) 1 TTPs 1 IoCs

    Bootkits write to the MBR to gain persistence at a level below the operating system.

    bootkitpersistence
  • Suspicious behavior: EnumeratesProcesses 2 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2e5a410c694726f0c826c356116396cc37b171c336659fa21b179de9e05636a9.exe
    "C:\Users\Admin\AppData\Local\Temp\2e5a410c694726f0c826c356116396cc37b171c336659fa21b179de9e05636a9.exe"
    1⤵
    • Loads dropped DLL
    • Writes to the Master Boot Record (MBR)
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    PID:2816

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\Dama2.dll
    Filesize

    1.3MB

    MD5

    fda3af5b11fab5947d6425cbd7203068

    SHA1

    34358f5f9dbc93881ea0c4a7d2de58c904ff0447

    SHA256

    92d68af707bc50be849e0d85f0f85aa019251ee8db27f9701e48edcdae29666f

    SHA512

    02881c44628a6709d26ee07204b9d5221059d59f6651102af8b80b01f1d48248fc94daa80095086a0ebc408642e89ad3324c7fb1c49a5b4d98a34319e9769a56

    Download Submit
  • C:\Users\Admin\AppData\Local\Temp\UU.dll
    Filesize

    159KB

    MD5

    ab250ee54abc6c32975a544e9aafd661

    SHA1

    be850caea2e01544ed948b66d62785f4215cb0d8

    SHA256

    8eb01061f3815509a7e5d4d9010ace0e35fdd75597f22bb477e6caac6cd7d7d4

    SHA512

    54a58ccd07191018c3c3f6c06098e59dfe23b5a39347b9252710003e4f4296ff04a8905e05779e0e26b04f448945b2fb5168f1c24a3d250062f81e599db2c399

    Download Submit
  • memory/2816-0-0x0000000000400000-0x0000000001D27000-memory.dmp
    Filesize

    25.2MB

    Download
  • memory/2816-1-0x0000000000400000-0x0000000001D27000-memory.dmp
    Filesize

    25.2MB

    Download
  • memory/2816-2-0x0000000000401000-0x00000000005C8000-memory.dmp
    Filesize

    1.8MB

    Download
  • memory/2816-3-0x0000000000400000-0x0000000001D27000-memory.dmp
    Filesize

    25.2MB

    Download
  • memory/2816-14-0x0000000000400000-0x0000000001D27000-memory.dmp
    Filesize

    25.2MB

    Download
  • memory/2816-17-0x00000000058D0000-0x0000000005B1E000-memory.dmp
    Filesize

    2.3MB

    Download
  • memory/2816-16-0x00000000058D0000-0x0000000005B1E000-memory.dmp
    Filesize

    2.3MB

    Download
  • memory/2816-19-0x00000000058D0000-0x0000000005B1E000-memory.dmp
    Filesize

    2.3MB

    Download
  • memory/2816-23-0x0000000000400000-0x0000000001D27000-memory.dmp
    Filesize

    25.2MB

    Download
  • memory/2816-24-0x0000000000400000-0x0000000001D27000-memory.dmp
    Filesize

    25.2MB

    Download