Analysis
-
max time kernel
117s -
max time network
118s -
platform
windows7_x64 -
resource
win7-20231129-en -
resource tags
arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system -
submitted
15-06-2024 08:51
Behavioral task
behavioral1
Sample
MBROverWrite.exe
Resource
win7-20231129-en
Behavioral task
behavioral2
Sample
MBROverWrite.exe
Resource
win10v2004-20240508-en
General
-
Target
MBROverWrite.exe
-
Size
9.3MB
-
MD5
97b7a6acbe691b6936777fdbfaec5bba
-
SHA1
df0854d4301dbfb3e19b1963886fbed6a56ed971
-
SHA256
0a9278fdc1ab7e2dc78820324bf0ddf72c2af05ae5e571ecab3b44faa507ba4c
-
SHA512
2cf57283920bb891d83531e6b6778eba93d029d970201467be449653466546e91ad09e7bd1523aed19253fc76d7335c5703da026ed9c4119223756b314fcef10
-
SSDEEP
196608:9sgyW3q+09iq2pPeMDGXQgz74YvICteEroxzlxZV3Gu5D4S26BAoCS38mTCZTt:4lh2prHgzswInErot14S2WlPmZ5
Malware Config
Signatures
-
Loads dropped DLL 7 IoCs
Processes:
MBROverWrite.exepid process 2088 MBROverWrite.exe 2088 MBROverWrite.exe 2088 MBROverWrite.exe 2088 MBROverWrite.exe 2088 MBROverWrite.exe 2088 MBROverWrite.exe 2088 MBROverWrite.exe -
Suspicious use of WriteProcessMemory 3 IoCs
Processes:
MBROverWrite.exedescription pid process target process PID 2204 wrote to memory of 2088 2204 MBROverWrite.exe MBROverWrite.exe PID 2204 wrote to memory of 2088 2204 MBROverWrite.exe MBROverWrite.exe PID 2204 wrote to memory of 2088 2204 MBROverWrite.exe MBROverWrite.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\MBROverWrite.exe"C:\Users\Admin\AppData\Local\Temp\MBROverWrite.exe"1⤵
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\MBROverWrite.exe"C:\Users\Admin\AppData\Local\Temp\MBROverWrite.exe"2⤵
- Loads dropped DLL
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\Local\Temp\_MEI22042\api-ms-win-core-file-l1-2-0.dllFilesize
22KB
MD541e8fa0ea82e40f56648b1c58a9ad763
SHA11ab6cafa7fb8435e8d0315e1e3e202a48d8fb4b0
SHA2567509e30d7156b6a480a85280445674cc4ac64bbb8e8180b3d0f479d5edc0ce60
SHA5126e00cec61c6fc19860175b47c201ad77c4af2bbad368a71d1a1bc94c972cfa25b7e449bb0dac36390a7c6235309cec23337d5f0eba659fa4b6a5dd3c190a799b
-
C:\Users\Admin\AppData\Local\Temp\_MEI22042\api-ms-win-core-file-l2-1-0.dllFilesize
22KB
MD5cb1ddfe277e28a19646394c1c41a0f96
SHA1b2ee421e5f4d92676314e413506e699c6fa8667c
SHA25637ae4f6446c94b3817a8a0b9506c67d47f2372059a8a5101152e6bf365ded2ac
SHA512e9c8a010d9c71cefeaa9ec77a09715ff785decebdefd37732590b9523fc78e58c96722ffc03e26d03bce797cc1da06d21f4e8be7c1b056d2e9b7ca291c247e14
-
C:\Users\Admin\AppData\Local\Temp\_MEI22042\api-ms-win-core-localization-l1-2-0.dllFilesize
22KB
MD514bc5fd174cb3854da8dc4e2a770b2ca
SHA143462798689a0e76e80fb56b908a96f97819e7e7
SHA256ecfe952c778460f204f65560ff5a98f33f7a3cf98d2301983098d197bd08f0cf
SHA512169e7df65bbb4864eea14ab405e55e53f755b79c5e0476bdc56cbead3edea97d09377d530729536c5584066b7bc13a00c6201e4c6dc85982ba5884eb5fe3306c
-
C:\Users\Admin\AppData\Local\Temp\_MEI22042\api-ms-win-core-processthreads-l1-1-1.dllFilesize
22KB
MD5e3a77ab9cb4e56c1782b5ee7f81cc80d
SHA12f37f25fe81cc8d3b84fd739222b748c1e21422b
SHA256d2813925346d16942e1be36784db8eb78cc41e110ac1c81ea802b77fda321b86
SHA51221ac0f5515ced436cb57e7c6db64b7dd8a595af24d1de626be13e3d6ceeae94942a4c882e1ea0bd08667ff08e3fae7d36c72a17d505ae89eaea8c0cfeed924ae
-
C:\Users\Admin\AppData\Local\Temp\_MEI22042\api-ms-win-core-timezone-l1-1-0.dllFilesize
22KB
MD51873273b894647ad63134bf2a0def8fd
SHA1b6f593b3b413b1f502c543fdc7a00bafb07accab
SHA2560af3e58319f2ae02478a115718f813da65d1407b62fdf6ae0cfea83d664d999d
SHA5124d0ed0752164cec8f66e4069931fe11af26149e0969ede498e08ec1363020115f47492810553eeb6c99fc4c6698c50056cf1f70af77791fc13214d68fe5992e8
-
C:\Users\Admin\AppData\Local\Temp\_MEI22042\python310.dllFilesize
4.2MB
MD5384349987b60775d6fc3a6d202c3e1bd
SHA1701cb80c55f859ad4a31c53aa744a00d61e467e5
SHA256f281c2e252ed59dd96726dbb2de529a2b07b818e9cc3799d1ffa9883e3028ed8
SHA5126bf3ef9f08f4fc07461b6ea8d9822568ad0a0f211e471b990f62c6713adb7b6be28b90f206a4ec0673b92bae99597d1c7785381e486f6091265c7df85ff0f9b5
-
C:\Users\Admin\AppData\Local\Temp\_MEI22042\ucrtbase.dllFilesize
1.1MB
MD5ce61d777d8b6e98f1b85c54e8ccbadd7
SHA1f3edb1780c3d0bf6603687f14716aef4fd25fb03
SHA256c74c386223cca6096c17828add7c13e25525c1653fa05261c36782b287e9fe66
SHA512917f2a70ffbcd7178b5a4724aefed95b02b819d867e59468a438178295959de4372e00bc6a338b60f82b296d91f1528a76778a55d239a321aecd10ea5a85eb82