Malware Analysis Report

2024-09-23 13:17

Sample ID 240612-2l5n4stcnc
Target 34214083ce60696dc171d58c3152856c1a0eb661a4741e22a340bdd52258b130
SHA256 34214083ce60696dc171d58c3152856c1a0eb661a4741e22a340bdd52258b130
Tags
bootkit persistence
score
6/10

Table of Contents

Analysis Overview

MITRE ATT&CK Matrix

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
6/10

SHA256

34214083ce60696dc171d58c3152856c1a0eb661a4741e22a340bdd52258b130

Threat Level: Shows suspicious behavior

The file 34214083ce60696dc171d58c3152856c1a0eb661a4741e22a340bdd52258b130 was found to be: Shows suspicious behavior.

Malicious Activity Summary

bootkit persistence

Writes to the Master Boot Record (MBR)

Unsigned PE

MITRE ATT&CK Matrix V13

Analysis: static1

Detonation Overview

Reported

2024-06-12 22:41

Signatures

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-12 22:41

Reported

2024-06-12 22:43

Platform

win7-20240611-en

Max time kernel

88s

Max time network

93s

Command Line

"C:\Users\Admin\AppData\Local\Temp\34214083ce60696dc171d58c3152856c1a0eb661a4741e22a340bdd52258b130.exe"

Signatures

Writes to the Master Boot Record (MBR)

bootkit persistence
Description Indicator Process Target
File opened for modification \??\PHYSICALDRIVE0 C:\Users\Admin\AppData\Local\Temp\34214083ce60696dc171d58c3152856c1a0eb661a4741e22a340bdd52258b130.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\34214083ce60696dc171d58c3152856c1a0eb661a4741e22a340bdd52258b130.exe

"C:\Users\Admin\AppData\Local\Temp\34214083ce60696dc171d58c3152856c1a0eb661a4741e22a340bdd52258b130.exe"

C:\Windows\system32\LogonUI.exe

"LogonUI.exe" /flags:0x0

C:\Windows\system32\LogonUI.exe

"LogonUI.exe" /flags:0x1

Network

N/A

Files

memory/1976-0-0x0000000002980000-0x0000000002981000-memory.dmp

memory/2460-1-0x00000000026E0000-0x00000000026E1000-memory.dmp