Analysis

  • max time kernel
    147s
  • max time network
    148s
  • platform
    windows11-21h2_x64
  • resource
    win11-20240611-en
  • resource tags

    arch:x64arch:x86image:win11-20240611-enlocale:en-usos:windows11-21h2-x64system
  • submitted
    14-06-2024 23:06

General

  • Target

    0d1a5c39dea3d740f63664dfca5219d4ecf06f6dcf03821fbbe7a1df222e63c9.exe

  • Size

    613KB

  • MD5

    43fabf19a2fbd73f2948d3eebff56439

  • SHA1

    be863b1eedfeb7d0238a182fd8dad7901e72bb13

  • SHA256

    0d1a5c39dea3d740f63664dfca5219d4ecf06f6dcf03821fbbe7a1df222e63c9

  • SHA512

    db7f5075f11d4dbd18d7de3c22a43b578692d542412681667c90786f78dc36e5a7416e3ff3780dc638600623fabd273e3c15dcd1b11204d91cc29996e54c1c8f

  • SSDEEP

    12288:5wsr4w8+A7edi7xtG56RxOEO0kwY0twCruIx:5mGceoxt68OEQd0yCruIx

Score
6/10

Malware Config

Signatures

  • Writes to the Master Boot Record (MBR) 1 TTPs 1 IoCs

    Bootkits write to the MBR to gain persistence at a level below the operating system.

Processes

  • C:\Users\Admin\AppData\Local\Temp\0d1a5c39dea3d740f63664dfca5219d4ecf06f6dcf03821fbbe7a1df222e63c9.exe
    "C:\Users\Admin\AppData\Local\Temp\0d1a5c39dea3d740f63664dfca5219d4ecf06f6dcf03821fbbe7a1df222e63c9.exe"
    1⤵
    • Writes to the Master Boot Record (MBR)
    PID:784

Network

MITRE ATT&CK Matrix ATT&CK v13

Persistence

Pre-OS Boot

1
T1542

Bootkit

1
T1542.003

Defense Evasion

Pre-OS Boot

1
T1542

Bootkit

1
T1542.003

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/784-1-0x00000000006B0000-0x00000000007B0000-memory.dmp
    Filesize

    1024KB

  • memory/784-2-0x00000000021E0000-0x000000000224B000-memory.dmp
    Filesize

    428KB

  • memory/784-3-0x0000000000400000-0x000000000046F000-memory.dmp
    Filesize

    444KB

  • memory/784-4-0x0000000000400000-0x00000000004AA000-memory.dmp
    Filesize

    680KB

  • memory/784-5-0x0000000000400000-0x00000000004AA000-memory.dmp
    Filesize

    680KB

  • memory/784-6-0x00000000006B0000-0x00000000007B0000-memory.dmp
    Filesize

    1024KB

  • memory/784-8-0x00000000021E0000-0x000000000224B000-memory.dmp
    Filesize

    428KB

  • memory/784-9-0x0000000000400000-0x000000000046F000-memory.dmp
    Filesize

    444KB