Overview

overview

7

Static

static

3

347050855c...3d.exe

windows7-x64

7

347050855c...3d.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    118s
  • max time network
    119s
  • platform
    windows7_x64
  • resource
    win7-20240215-en
  • resource tags

    arch:x64arch:x86image:win7-20240215-enlocale:en-usos:windows7-x64system
  • submitted
    25-05-2024 19:55

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    347050855cb2bf86e7df79c2c443006f42bf9008eb82e82a59e814d84b58783d.exe

  • Size

    7.5MB

  • MD5

    4df7b6b2c0b2af911d07ce647e4fde06

  • SHA1

    a6b3d14d44038f7f562a28146e560e2c79502ce1

  • SHA256

    347050855cb2bf86e7df79c2c443006f42bf9008eb82e82a59e814d84b58783d

  • SHA512

    9d2842a9e23884d2b0fd83bacf59474d866f36cfed04525a8dd5484af25052086ad699a771e7a501684f560b4094de0c485982572cea8e7cb55a745d52a4f5fe

  • SSDEEP

    98304:Z8B8QTBVA/I7Cw1vYXvafY9DCMGLd51YkPu4cJMGBj4DhDZANxBYtsoIsS8LRsSr:08I0i2aQQM0LNPy8DpZ+C2o7X

Score
7/10
bootkitpersistence

Malware Config

Signatures

  • Loads dropped DLL 2 IoCs
  • Writes to the Master Boot Record (MBR) 1 TTPs 1 IoCs

    Bootkits write to the MBR to gain persistence at a level below the operating system.

    bootkitpersistence
  • Modifies registry class 46 IoCs
  • Suspicious use of SetWindowsHookEx 2 IoCs
  • Suspicious use of WriteProcessMemory 7 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\347050855cb2bf86e7df79c2c443006f42bf9008eb82e82a59e814d84b58783d.exe
    "C:\Users\Admin\AppData\Local\Temp\347050855cb2bf86e7df79c2c443006f42bf9008eb82e82a59e814d84b58783d.exe"
    1⤵
    • Loads dropped DLL
    • Writes to the Master Boot Record (MBR)
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2980
    • C:\Windows\SysWOW64\regsvr32.exe
      regsvr32 /s "C:\Users\Admin\AppData\Local\Temp\eylogin.dll"
      2⤵
      • Loads dropped DLL
      • Modifies registry class
      PID:3040

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\eylogin.dll
    Filesize

    2.1MB

    MD5

    3bdb92b38bdc6a5702ec1454534d0951

    SHA1

    9276b0c8de889744fcdf34e7c81e158830b8bcbb

    SHA256

    25ba0f3a0f6ddb0e9b0078640a8a2a2bf7e8948e0579d2080379debc8a272681

    SHA512

    cff7a9033f7a141f52f0ad3152e97a5313f1185669d9e6da4d60a68602c6a1af3ec5250e1c39ea328758419e5d0a826bb5085f3e96fa4019f3c5c2e586f1c35f

    Download Submit

  • memory/2980-0-0x0000000003A30000-0x0000000003B42000-memory.dmp

    Filesize

    1.1MB

    Download

  • memory/2980-9-0x0000000073870000-0x0000000073D3B000-memory.dmp

    Filesize

    4.8MB

    Download

  • memory/2980-10-0x0000000073870000-0x0000000073D3B000-memory.dmp

    Filesize

    4.8MB

    Download

  • memory/2980-12-0x0000000073870000-0x0000000073D3B000-memory.dmp

    Filesize

    4.8MB

    Download

  • memory/2980-13-0x0000000005030000-0x0000000005142000-memory.dmp

    Filesize

    1.1MB

    Download

  • memory/3040-5-0x00000000743D0000-0x000000007489B000-memory.dmp

    Filesize

    4.8MB

    Download

  • memory/3040-6-0x00000000743D0000-0x000000007489B000-memory.dmp

    Filesize

    4.8MB

    Download