Analysis
-
max time kernel
146s -
max time network
150s -
platform
windows11-21h2_x64 -
resource
win11-20240611-en -
resource tags
arch:x64arch:x86image:win11-20240611-enlocale:en-usos:windows11-21h2-x64system -
submitted
12-06-2024 12:50
Static task
static1
Behavioral task
behavioral1
Sample
e6ada880f4bf67aafc7d02f9c47574a303893dba27dda0d15ea9ed272e2f6e0a.exe
Resource
win10v2004-20240508-en
Behavioral task
behavioral2
Sample
e6ada880f4bf67aafc7d02f9c47574a303893dba27dda0d15ea9ed272e2f6e0a.exe
Resource
win11-20240611-en
General
-
Target
e6ada880f4bf67aafc7d02f9c47574a303893dba27dda0d15ea9ed272e2f6e0a.exe
-
Size
642KB
-
MD5
4727a22dee422049d5efce557bf9e65b
-
SHA1
709f2f0a72dd80108ad0f5e21c3180cf94bd736e
-
SHA256
e6ada880f4bf67aafc7d02f9c47574a303893dba27dda0d15ea9ed272e2f6e0a
-
SHA512
89db6ad551ad8056933398fef7a78291031c5c4a88654e80c61d18643522c0c0ed4478d7cb55b17800d1c1ca258bbc36e1ebad4a6e2d9bb5fa86f2560fc9dec9
-
SSDEEP
12288:9tAQi/obT6vSTbrXCmNGmFwzXVMzrI7kfZyBYWasP6Ns3:/i/8T3brXDtswE7GyBYNN2
Malware Config
Signatures
-
Writes to the Master Boot Record (MBR) 1 TTPs 1 IoCs
Bootkits write to the MBR to gain persistence at a level below the operating system.
Processes:
e6ada880f4bf67aafc7d02f9c47574a303893dba27dda0d15ea9ed272e2f6e0a.exedescription ioc process File opened for modification \??\PHYSICALDRIVE0 e6ada880f4bf67aafc7d02f9c47574a303893dba27dda0d15ea9ed272e2f6e0a.exe
Processes
Network
MITRE ATT&CK Matrix ATT&CK v13
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/3608-1-0x0000000001FD0000-0x00000000020D0000-memory.dmpFilesize
1024KB
-
memory/3608-2-0x0000000003970000-0x00000000039DB000-memory.dmpFilesize
428KB
-
memory/3608-3-0x0000000000400000-0x000000000046F000-memory.dmpFilesize
444KB
-
memory/3608-4-0x0000000000400000-0x0000000001C1C000-memory.dmpFilesize
24.1MB
-
memory/3608-5-0x0000000000400000-0x0000000001C1C000-memory.dmpFilesize
24.1MB
-
memory/3608-6-0x0000000001FD0000-0x00000000020D0000-memory.dmpFilesize
1024KB
-
memory/3608-8-0x0000000003970000-0x00000000039DB000-memory.dmpFilesize
428KB
-
memory/3608-9-0x0000000000400000-0x000000000046F000-memory.dmpFilesize
444KB