Overview

overview

7

Static

static

3

26a4078204...56.exe

windows7-x64

7

26a4078204...56.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    149s
  • max time network
    151s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240508-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
  • submitted
    26-05-2024 21:55

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    26a40782040216e2fc0333e5f287e2f50d3611b0962153fd0a6740c2521d4756.exe

  • Size

    14.9MB

  • MD5

    76b2fc40769689455303764527e69aa8

  • SHA1

    688e05dc834fa66dba8ba7d7e19ad52e0eb2d1a2

  • SHA256

    26a40782040216e2fc0333e5f287e2f50d3611b0962153fd0a6740c2521d4756

  • SHA512

    742c3991198693c8b596f42926fd582091ae2a5ca3dc43c08fd9bd2ff73d7b639db4e5e4e75ff427b536d4797ec11dfecf875e47f9f53843b083457b48f0f316

  • SSDEEP

    393216:wgKtWvY83DTZhifTO69l42BO/jJrSF9WjfA:wCZt69W2A/gzWTA

Score
7/10
bootkitpersistence

Malware Config

Signatures

  • Loads dropped DLL 2 IoCs
  • Writes to the Master Boot Record (MBR) 1 TTPs 1 IoCs

    Bootkits write to the MBR to gain persistence at a level below the operating system.

    bootkitpersistence
  • Program crash 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\26a40782040216e2fc0333e5f287e2f50d3611b0962153fd0a6740c2521d4756.exe
    "C:\Users\Admin\AppData\Local\Temp\26a40782040216e2fc0333e5f287e2f50d3611b0962153fd0a6740c2521d4756.exe"
    1⤵
    • Loads dropped DLL
    • Writes to the Master Boot Record (MBR)
    PID:1164
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 1164 -s 1260
      2⤵
      • Program crash
      PID:2268
  • C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 1164 -ip 1164
    1⤵
      PID:3448

    Network

    MITRE ATT&CK Matrix ATT&CK v13

    Initial Access

    Execution

    Persistence

    Pre-OS Boot

    1
    T1542

    Bootkit

    1
    T1542.003

    Privilege Escalation

    Defense Evasion

    Pre-OS Boot

    1
    T1542

    Bootkit

    1
    T1542.003

    Credential Access

    Discovery

    Lateral Movement

    Collection

    Exfiltration

    Command and Control

    Impact

    Resource Development

    Reconnaissance

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\Local\Temp\netul.dll
      Filesize

      1.9MB

      MD5

      47f5fe83659f9ea0c7b204a3e76f78b1

      SHA1

      cc1e2e5e7601473e69a28f4ab4a7ed29a07dbada

      SHA256

      e834072d776786c0a9336225b18a1b4da91f3fd056277af61ba97a203c8bbb5a

      SHA512

      18c50b839b40b5706da9b0b948ea7ea85718cd38cd463d44750fa608ac14a1b45eb498c5d73460f4b67c9d9677fc3227be0ca48024aaf2b76dcebd09900e5e64

      Download Submit
    • C:\Users\Admin\AppData\Local\Temp\{72B28451-AF4E-4922-9DAD-6599D6D1AB6C}.tmp\7z.dll
      Filesize

      1.1MB

      MD5

      e88522eb3a28fde2182a67e9e03566c9

      SHA1

      dfce7b03a4dda7f655b813884e8be685e428887a

      SHA256

      1d0784c649107d74957fd11274dde22fefc8235869f8365fb1b39e46b96eca3c

      SHA512

      477d90a3194f7d41e5eb988e72eb8ffd8c0198f3d5e2fa4eb77a683dfb3846c5c8d4129df53bab5e2c277217b2e9f98366ccccdc46d674fb52c5a998d697e7c5

      Download Submit