Resubmissions

15-06-2024 08:51

240615-ksac4svbld 7

15-06-2024 08:49

240615-krhcbsxhnp 7

Analysis

  • max time kernel
    117s
  • max time network
    118s
  • platform
    windows7_x64
  • resource
    win7-20231129-en
  • resource tags

    arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
  • submitted
    15-06-2024 08:51

General

  • Target

    MBROverWrite.exe

  • Size

    9.3MB

  • MD5

    97b7a6acbe691b6936777fdbfaec5bba

  • SHA1

    df0854d4301dbfb3e19b1963886fbed6a56ed971

  • SHA256

    0a9278fdc1ab7e2dc78820324bf0ddf72c2af05ae5e571ecab3b44faa507ba4c

  • SHA512

    2cf57283920bb891d83531e6b6778eba93d029d970201467be449653466546e91ad09e7bd1523aed19253fc76d7335c5703da026ed9c4119223756b314fcef10

  • SSDEEP

    196608:9sgyW3q+09iq2pPeMDGXQgz74YvICteEroxzlxZV3Gu5D4S26BAoCS38mTCZTt:4lh2prHgzswInErot14S2WlPmZ5

Score
7/10

Malware Config

Signatures

  • Loads dropped DLL 7 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\MBROverWrite.exe
    "C:\Users\Admin\AppData\Local\Temp\MBROverWrite.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2204
    • C:\Users\Admin\AppData\Local\Temp\MBROverWrite.exe
      "C:\Users\Admin\AppData\Local\Temp\MBROverWrite.exe"
      2⤵
      • Loads dropped DLL
      PID:2088

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\_MEI22042\api-ms-win-core-file-l1-2-0.dll
    Filesize

    22KB

    MD5

    41e8fa0ea82e40f56648b1c58a9ad763

    SHA1

    1ab6cafa7fb8435e8d0315e1e3e202a48d8fb4b0

    SHA256

    7509e30d7156b6a480a85280445674cc4ac64bbb8e8180b3d0f479d5edc0ce60

    SHA512

    6e00cec61c6fc19860175b47c201ad77c4af2bbad368a71d1a1bc94c972cfa25b7e449bb0dac36390a7c6235309cec23337d5f0eba659fa4b6a5dd3c190a799b

  • C:\Users\Admin\AppData\Local\Temp\_MEI22042\api-ms-win-core-file-l2-1-0.dll
    Filesize

    22KB

    MD5

    cb1ddfe277e28a19646394c1c41a0f96

    SHA1

    b2ee421e5f4d92676314e413506e699c6fa8667c

    SHA256

    37ae4f6446c94b3817a8a0b9506c67d47f2372059a8a5101152e6bf365ded2ac

    SHA512

    e9c8a010d9c71cefeaa9ec77a09715ff785decebdefd37732590b9523fc78e58c96722ffc03e26d03bce797cc1da06d21f4e8be7c1b056d2e9b7ca291c247e14

  • C:\Users\Admin\AppData\Local\Temp\_MEI22042\api-ms-win-core-localization-l1-2-0.dll
    Filesize

    22KB

    MD5

    14bc5fd174cb3854da8dc4e2a770b2ca

    SHA1

    43462798689a0e76e80fb56b908a96f97819e7e7

    SHA256

    ecfe952c778460f204f65560ff5a98f33f7a3cf98d2301983098d197bd08f0cf

    SHA512

    169e7df65bbb4864eea14ab405e55e53f755b79c5e0476bdc56cbead3edea97d09377d530729536c5584066b7bc13a00c6201e4c6dc85982ba5884eb5fe3306c

  • C:\Users\Admin\AppData\Local\Temp\_MEI22042\api-ms-win-core-processthreads-l1-1-1.dll
    Filesize

    22KB

    MD5

    e3a77ab9cb4e56c1782b5ee7f81cc80d

    SHA1

    2f37f25fe81cc8d3b84fd739222b748c1e21422b

    SHA256

    d2813925346d16942e1be36784db8eb78cc41e110ac1c81ea802b77fda321b86

    SHA512

    21ac0f5515ced436cb57e7c6db64b7dd8a595af24d1de626be13e3d6ceeae94942a4c882e1ea0bd08667ff08e3fae7d36c72a17d505ae89eaea8c0cfeed924ae

  • C:\Users\Admin\AppData\Local\Temp\_MEI22042\api-ms-win-core-timezone-l1-1-0.dll
    Filesize

    22KB

    MD5

    1873273b894647ad63134bf2a0def8fd

    SHA1

    b6f593b3b413b1f502c543fdc7a00bafb07accab

    SHA256

    0af3e58319f2ae02478a115718f813da65d1407b62fdf6ae0cfea83d664d999d

    SHA512

    4d0ed0752164cec8f66e4069931fe11af26149e0969ede498e08ec1363020115f47492810553eeb6c99fc4c6698c50056cf1f70af77791fc13214d68fe5992e8

  • C:\Users\Admin\AppData\Local\Temp\_MEI22042\python310.dll
    Filesize

    4.2MB

    MD5

    384349987b60775d6fc3a6d202c3e1bd

    SHA1

    701cb80c55f859ad4a31c53aa744a00d61e467e5

    SHA256

    f281c2e252ed59dd96726dbb2de529a2b07b818e9cc3799d1ffa9883e3028ed8

    SHA512

    6bf3ef9f08f4fc07461b6ea8d9822568ad0a0f211e471b990f62c6713adb7b6be28b90f206a4ec0673b92bae99597d1c7785381e486f6091265c7df85ff0f9b5

  • C:\Users\Admin\AppData\Local\Temp\_MEI22042\ucrtbase.dll
    Filesize

    1.1MB

    MD5

    ce61d777d8b6e98f1b85c54e8ccbadd7

    SHA1

    f3edb1780c3d0bf6603687f14716aef4fd25fb03

    SHA256

    c74c386223cca6096c17828add7c13e25525c1653fa05261c36782b287e9fe66

    SHA512

    917f2a70ffbcd7178b5a4724aefed95b02b819d867e59468a438178295959de4372e00bc6a338b60f82b296d91f1528a76778a55d239a321aecd10ea5a85eb82