Analysis
-
max time kernel
141s -
max time network
126s -
platform
windows7_x64 -
resource
win7-20240221-en -
resource tags
arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system -
submitted
04-06-2024 04:31
Static task
static1
Behavioral task
behavioral1
Sample
e6cc8f867f6a25f66b250cf69ed81ce6bf490a31d635ec56c48a5276635718b3.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
e6cc8f867f6a25f66b250cf69ed81ce6bf490a31d635ec56c48a5276635718b3.exe
Resource
win10v2004-20240508-en
General
-
Target
e6cc8f867f6a25f66b250cf69ed81ce6bf490a31d635ec56c48a5276635718b3.exe
-
Size
556KB
-
MD5
88eca40b0256d7ac3ad86f83ff88ced5
-
SHA1
1e0928a72f8558e09cffeb6e6ad685263e83e3aa
-
SHA256
e6cc8f867f6a25f66b250cf69ed81ce6bf490a31d635ec56c48a5276635718b3
-
SHA512
5ac293ae29e14d4c5c14a14e081ca261dff2065f38bd4fae9871ed0c6a2b53af8b789ad11adf7a9852a77180e4b97f2d3190857f5d4da4af381c146a3c1c3df2
-
SSDEEP
12288:KSMtegzbFdXPXTlNt/bROIUAs+IoNtTirdIJ:pIz//Tx/bRbUL+1TEdIJ
Malware Config
Signatures
-
Writes to the Master Boot Record (MBR) 1 TTPs 1 IoCs
Bootkits write to the MBR to gain persistence at a level below the operating system.
description ioc Process File opened for modification \??\PhysicalDrive0 e6cc8f867f6a25f66b250cf69ed81ce6bf490a31d635ec56c48a5276635718b3.exe -
Suspicious use of SetWindowsHookEx 6 IoCs
pid Process 856 e6cc8f867f6a25f66b250cf69ed81ce6bf490a31d635ec56c48a5276635718b3.exe 856 e6cc8f867f6a25f66b250cf69ed81ce6bf490a31d635ec56c48a5276635718b3.exe 856 e6cc8f867f6a25f66b250cf69ed81ce6bf490a31d635ec56c48a5276635718b3.exe 856 e6cc8f867f6a25f66b250cf69ed81ce6bf490a31d635ec56c48a5276635718b3.exe 856 e6cc8f867f6a25f66b250cf69ed81ce6bf490a31d635ec56c48a5276635718b3.exe 856 e6cc8f867f6a25f66b250cf69ed81ce6bf490a31d635ec56c48a5276635718b3.exe