Analysis Overview
SHA256
025f83869ee5f01bc3dfc3bb3b8843075a870037aef6be668df176108e2cf302
Threat Level: Likely malicious
The file personalize.exe was found to be: Likely malicious.
Malicious Activity Summary
Modifies boot configuration data using bcdedit
Unsigned PE
Suspicious use of WriteProcessMemory
Delays execution with timeout.exe
MITRE ATT&CK Matrix V13
Analysis: static1
Detonation Overview
Reported
2024-06-13 08:53
Signatures
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-13 08:53
Reported
2024-06-13 08:56
Platform
win7-20240611-en
Max time kernel
118s
Max time network
121s
Command Line
Signatures
Modifies boot configuration data using bcdedit
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\bcdedit.exe | N/A |
Suspicious use of WriteProcessMemory
Processes
C:\Users\Admin\AppData\Local\Temp\personalize.exe
"C:\Users\Admin\AppData\Local\Temp\personalize.exe"
C:\Windows\system32\cmd.exe
"C:\Windows\system32\cmd" /c "C:\Users\Admin\AppData\Local\Temp\D2A.tmp\D2B.tmp\D3C.bat C:\Users\Admin\AppData\Local\Temp\personalize.exe"
C:\Windows\system32\bcdedit.exe
bcdedit /set {default} recoveryenabled no
C:\Windows\system32\choice.exe
choice /c yn /n /m ""
C:\Windows\system32\choice.exe
choice /c yn /n /m ""
C:\Windows\system32\notepad.exe
notepad sources\URDED.txt
Network
Files
C:\Users\Admin\AppData\Local\Temp\D2A.tmp\D2B.tmp\D3C.bat
| MD5 | 854bb3fd367a6d061dae6f6564ff2d51 |
| SHA1 | 283cbaf7f2d1ec19c67698bf90013f80397ae8ee |
| SHA256 | 4aaf15fb5689c0d61a7a62b4d40fc2494fa849c334174a69a5d99aa809512b5c |
| SHA512 | 109c05b6d83be08ffa8be3e5ae9c83153cab4b8c2c389fa15805fcb4f73feae0b7d29dd6ae80531663adde546c1b62526f7e6ae5688ba034ea28dc3825b18f3b |
Analysis: behavioral2
Detonation Overview
Submitted
2024-06-13 08:53
Reported
2024-06-13 08:56
Platform
win10v2004-20240508-en
Max time kernel
51s
Max time network
54s
Command Line
Signatures
Modifies boot configuration data using bcdedit
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\bcdedit.exe | N/A |
Delays execution with timeout.exe
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\timeout.exe | N/A |
Suspicious use of WriteProcessMemory
Processes
C:\Users\Admin\AppData\Local\Temp\personalize.exe
"C:\Users\Admin\AppData\Local\Temp\personalize.exe"
C:\Windows\system32\cmd.exe
"C:\Windows\system32\cmd" /c "C:\Users\Admin\AppData\Local\Temp\4E6E.tmp\4E6F.tmp\4E70.bat C:\Users\Admin\AppData\Local\Temp\personalize.exe"
C:\Windows\system32\bcdedit.exe
bcdedit /set {default} recoveryenabled no
C:\Windows\system32\choice.exe
choice /c yn /n /m ""
C:\Windows\system32\choice.exe
choice /c yn /n /m ""
C:\Windows\system32\notepad.exe
notepad sources\URDED.txt
C:\Windows\system32\timeout.exe
timeout /t 5 /nobreak
Network
Files
C:\Users\Admin\AppData\Local\Temp\4E6E.tmp\4E6F.tmp\4E70.bat
| MD5 | 854bb3fd367a6d061dae6f6564ff2d51 |
| SHA1 | 283cbaf7f2d1ec19c67698bf90013f80397ae8ee |
| SHA256 | 4aaf15fb5689c0d61a7a62b4d40fc2494fa849c334174a69a5d99aa809512b5c |
| SHA512 | 109c05b6d83be08ffa8be3e5ae9c83153cab4b8c2c389fa15805fcb4f73feae0b7d29dd6ae80531663adde546c1b62526f7e6ae5688ba034ea28dc3825b18f3b |