a4b62fc90b4eadee96e29976f2f7c0a71d2926ed69b03de4cb1d49b4ce09cacf

Analysis

max time kernel
149s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
25-05-2024 17:01

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

a4b62fc90b4eadee96e29976f2f7c0a71d2926ed69b03de4cb1d49b4ce09cacf.exe
Size

1.1MB
MD5

69ec8e88699ec0a8e33e36fb5112229f
SHA1

1bd20cdddb9ad0ce38a3a3084b30fe5ba541c02d
SHA256

a4b62fc90b4eadee96e29976f2f7c0a71d2926ed69b03de4cb1d49b4ce09cacf
SHA512

cc24aa416d2c4fa9f88714ab06d2c7e8aa95ad091e95a8207f17dbb3f95be264c10bfc3fdaffcba299de6560f5523a8f7f0a4f254236a32ae1998c859d705f69
SSDEEP

24576:sBbp8mBDQAPQT1+X/a8FFKXrHn5tyofvCA1bmCm8YHitk6wHypM2L:ybp88F7a2KXrf7CWYHDW

Score

6^/10

bootkit persistence

Malware Config

Signatures

Writes to the Master Boot Record (MBR) 1 TTPs 1 IoCs
Bootkits write to the MBR to gain persistence at a level below the operating system.
bootkit persistence

Bootkit
T1542.003

Processes:

a4b62fc90b4eadee96e29976f2f7c0a71d2926ed69b03de4cb1d49b4ce09cacf.exe

description ioc process

File opened for modification \??\PhysicalDrive0 a4b62fc90b4eadee96e29976f2f7c0a71d2926ed69b03de4cb1d49b4ce09cacf.exe

description	ioc	process
File opened for modification	\??\PhysicalDrive0	a4b62fc90b4eadee96e29976f2f7c0a71d2926ed69b03de4cb1d49b4ce09cacf.exe

Suspicious use of AdjustPrivilegeToken 3 IoCs

Processes:

a4b62fc90b4eadee96e29976f2f7c0a71d2926ed69b03de4cb1d49b4ce09cacf.exe

description	pid	process
Token: SeDebugPrivilege	2228	a4b62fc90b4eadee96e29976f2f7c0a71d2926ed69b03de4cb1d49b4ce09cacf.exe
Token: SeDebugPrivilege	2228	a4b62fc90b4eadee96e29976f2f7c0a71d2926ed69b03de4cb1d49b4ce09cacf.exe
Token: SeDebugPrivilege	2228	a4b62fc90b4eadee96e29976f2f7c0a71d2926ed69b03de4cb1d49b4ce09cacf.exe

Suspicious use of SetWindowsHookEx 2 IoCs

Processes:

a4b62fc90b4eadee96e29976f2f7c0a71d2926ed69b03de4cb1d49b4ce09cacf.exe

pid	process
2228	a4b62fc90b4eadee96e29976f2f7c0a71d2926ed69b03de4cb1d49b4ce09cacf.exe
2228	a4b62fc90b4eadee96e29976f2f7c0a71d2926ed69b03de4cb1d49b4ce09cacf.exe

C:\Users\Admin\AppData\Local\Temp\a4b62fc90b4eadee96e29976f2f7c0a71d2926ed69b03de4cb1d49b4ce09cacf.exe
"C:\Users\Admin\AppData\Local\Temp\a4b62fc90b4eadee96e29976f2f7c0a71d2926ed69b03de4cb1d49b4ce09cacf.exe"
1⤵
- Writes to the Master Boot Record (MBR)
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
PID:2228

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Pre-OS Boot

T1542

Bootkit

T1542.003

Privilege Escalation

Defense Evasion

Pre-OS Boot

T1542

Bootkit

T1542.003

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2228-0-0x0000000000400000-0x0000000000980A97-memory.dmp

Filesize
5.5MB

Download
memory/2228-1-0x0000000000400000-0x0000000000980A97-memory.dmp

Filesize
5.5MB

Download
memory/2228-2-0x0000000000400000-0x0000000000980A97-memory.dmp

Filesize
5.5MB

Download
memory/2228-5-0x0000000000401000-0x0000000000861000-memory.dmp

Filesize
4.4MB

Download
memory/2228-9-0x0000000000400000-0x0000000000980A97-memory.dmp

Filesize
5.5MB

Download
memory/2228-10-0x0000000000400000-0x0000000000980A97-memory.dmp

Filesize
5.5MB

Download
memory/2228-11-0x0000000000400000-0x0000000000980A97-memory.dmp

Filesize
5.5MB

Download
memory/2228-12-0x0000000000400000-0x0000000000980A97-memory.dmp

Filesize
5.5MB

Download
memory/2228-13-0x0000000000401000-0x0000000000861000-memory.dmp

Filesize
4.4MB

Download
memory/2228-14-0x0000000000400000-0x0000000000980A97-memory.dmp

Filesize
5.5MB

Download
memory/2228-15-0x0000000000400000-0x0000000000980A97-memory.dmp

Filesize
5.5MB

Download
memory/2228-16-0x0000000000400000-0x0000000000980A97-memory.dmp

Filesize
5.5MB

Download
memory/2228-17-0x0000000000400000-0x0000000000980A97-memory.dmp

Filesize
5.5MB

Download
memory/2228-18-0x0000000000400000-0x0000000000980A97-memory.dmp

Filesize
5.5MB

Download
memory/2228-19-0x0000000000400000-0x0000000000980A97-memory.dmp

Filesize
5.5MB

Download
memory/2228-20-0x0000000000400000-0x0000000000980A97-memory.dmp

Filesize
5.5MB

Download
memory/2228-21-0x0000000000400000-0x0000000000980A97-memory.dmp

Filesize
5.5MB

Download
memory/2228-22-0x0000000000400000-0x0000000000980A97-memory.dmp

Filesize
5.5MB

Download
memory/2228-23-0x0000000000400000-0x0000000000980A97-memory.dmp

Filesize
5.5MB

Download
memory/2228-24-0x0000000000400000-0x0000000000980A97-memory.dmp

Filesize
5.5MB

Download
memory/2228-25-0x0000000000400000-0x0000000000980A97-memory.dmp

Filesize
5.5MB

Download