Analysis

  • max time kernel
    135s
  • max time network
    104s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240426-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
  • submitted
    26/05/2024, 09:11

General

  • Target

    6837f512cdacef6feeb2a7c92cf79bd1047c5a1e1530fceea56f95174e196fea.exe

  • Size

    7.5MB

  • MD5

    0be852528cd35c46e52851ba3fc30852

  • SHA1

    2bec30a7b31e04794b3a534a0d711e21665d9f5f

  • SHA256

    6837f512cdacef6feeb2a7c92cf79bd1047c5a1e1530fceea56f95174e196fea

  • SHA512

    4db8aa8b0ee9fc02421e6b3f54f3b6700fdeaee15cc7ddbf900c752bc5a1ba08948c3bf5382d6f11f3028900d3ab61765d267bdff9dea879125d9adfce8276e9

  • SSDEEP

    98304:mdGYuKuGLSkuAGvnvah+loowTcnOkhUwaq+6JRn/6i6sxuETOWIkI2dIvwpsVp:mdFhLSrnflZlnXaq+At6sxuwBI2dIt

Malware Config

Signatures

  • UPX packed file 23 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

  • Writes to the Master Boot Record (MBR) 1 TTPs 1 IoCs

    Bootkits write to the MBR to gain persistence at a level below the operating system.

  • Suspicious behavior: EnumeratesProcesses 2 IoCs
  • Suspicious use of SetWindowsHookEx 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\6837f512cdacef6feeb2a7c92cf79bd1047c5a1e1530fceea56f95174e196fea.exe
    "C:\Users\Admin\AppData\Local\Temp\6837f512cdacef6feeb2a7c92cf79bd1047c5a1e1530fceea56f95174e196fea.exe"
    1⤵
    • Writes to the Master Boot Record (MBR)
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of SetWindowsHookEx
    PID:3240

Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • memory/3240-2-0x0000000001770000-0x0000000001771000-memory.dmp

          Filesize

          4KB

        • memory/3240-6-0x00000000017D0000-0x00000000017D1000-memory.dmp

          Filesize

          4KB

        • memory/3240-5-0x00000000017C0000-0x00000000017C1000-memory.dmp

          Filesize

          4KB

        • memory/3240-7-0x0000000000400000-0x0000000001186000-memory.dmp

          Filesize

          13.5MB

        • memory/3240-9-0x0000000000628000-0x0000000000A13000-memory.dmp

          Filesize

          3.9MB

        • memory/3240-4-0x00000000017B0000-0x00000000017B1000-memory.dmp

          Filesize

          4KB

        • memory/3240-45-0x0000000010000000-0x000000001003E000-memory.dmp

          Filesize

          248KB

        • memory/3240-39-0x0000000010000000-0x000000001003E000-memory.dmp

          Filesize

          248KB

        • memory/3240-53-0x0000000010000000-0x000000001003E000-memory.dmp

          Filesize

          248KB

        • memory/3240-51-0x0000000010000000-0x000000001003E000-memory.dmp

          Filesize

          248KB

        • memory/3240-49-0x0000000010000000-0x000000001003E000-memory.dmp

          Filesize

          248KB

        • memory/3240-47-0x0000000010000000-0x000000001003E000-memory.dmp

          Filesize

          248KB

        • memory/3240-37-0x0000000010000000-0x000000001003E000-memory.dmp

          Filesize

          248KB

        • memory/3240-36-0x0000000010000000-0x000000001003E000-memory.dmp

          Filesize

          248KB

        • memory/3240-33-0x0000000010000000-0x000000001003E000-memory.dmp

          Filesize

          248KB

        • memory/3240-31-0x0000000010000000-0x000000001003E000-memory.dmp

          Filesize

          248KB

        • memory/3240-29-0x0000000010000000-0x000000001003E000-memory.dmp

          Filesize

          248KB

        • memory/3240-54-0x0000000000400000-0x0000000001186000-memory.dmp

          Filesize

          13.5MB

        • memory/3240-25-0x0000000010000000-0x000000001003E000-memory.dmp

          Filesize

          248KB

        • memory/3240-23-0x0000000010000000-0x000000001003E000-memory.dmp

          Filesize

          248KB

        • memory/3240-22-0x0000000010000000-0x000000001003E000-memory.dmp

          Filesize

          248KB

        • memory/3240-19-0x0000000010000000-0x000000001003E000-memory.dmp

          Filesize

          248KB

        • memory/3240-17-0x0000000010000000-0x000000001003E000-memory.dmp

          Filesize

          248KB

        • memory/3240-15-0x0000000010000000-0x000000001003E000-memory.dmp

          Filesize

          248KB

        • memory/3240-13-0x0000000010000000-0x000000001003E000-memory.dmp

          Filesize

          248KB

        • memory/3240-12-0x0000000010000000-0x000000001003E000-memory.dmp

          Filesize

          248KB

        • memory/3240-11-0x0000000010000000-0x000000001003E000-memory.dmp

          Filesize

          248KB

        • memory/3240-43-0x0000000010000000-0x000000001003E000-memory.dmp

          Filesize

          248KB

        • memory/3240-41-0x0000000010000000-0x000000001003E000-memory.dmp

          Filesize

          248KB

        • memory/3240-27-0x0000000010000000-0x000000001003E000-memory.dmp

          Filesize

          248KB

        • memory/3240-3-0x00000000017A0000-0x00000000017A1000-memory.dmp

          Filesize

          4KB

        • memory/3240-1-0x0000000001760000-0x0000000001761000-memory.dmp

          Filesize

          4KB

        • memory/3240-0-0x0000000001740000-0x0000000001741000-memory.dmp

          Filesize

          4KB

        • memory/3240-55-0x0000000000400000-0x0000000001186000-memory.dmp

          Filesize

          13.5MB

        • memory/3240-56-0x0000000000628000-0x0000000000A13000-memory.dmp

          Filesize

          3.9MB

        • memory/3240-57-0x0000000000400000-0x0000000001186000-memory.dmp

          Filesize

          13.5MB