Analysis

  • max time kernel
    143s
  • max time network
    149s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240508-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
  • submitted
    16-06-2024 22:08

General

  • Target

    668a2469327102cece9ca2e8ed40df1ee260d90e760a5fbb0804137c6ed45d97.exe

  • Size

    1.5MB

  • MD5

    93bb25377ce67906ac4bdf6851630bb8

  • SHA1

    6cfd036344bb5e0b1c39183fcf9321a9b46f1d33

  • SHA256

    668a2469327102cece9ca2e8ed40df1ee260d90e760a5fbb0804137c6ed45d97

  • SHA512

    83947844a419182bc0ae53740f7521945c922a65647ccfac09ad25905b334e0e363bde52bd62e88dd8e8265d2c4f9d48350dfc3e512bc36a1cd980c294965e82

  • SSDEEP

    49152:vWUMv5De9/yG9/ooooERQr0tb6H8RlOuQhRe4hvR:vWUMqyGB0Z6H8Rl4y0

Score
6/10

Malware Config

Signatures

  • Writes to the Master Boot Record (MBR) 1 TTPs 1 IoCs

    Bootkits write to the MBR to gain persistence at a level below the operating system.

  • Modifies registry class 4 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\668a2469327102cece9ca2e8ed40df1ee260d90e760a5fbb0804137c6ed45d97.exe
    "C:\Users\Admin\AppData\Local\Temp\668a2469327102cece9ca2e8ed40df1ee260d90e760a5fbb0804137c6ed45d97.exe"
    1⤵
    • Writes to the Master Boot Record (MBR)
    • Modifies registry class
    • Suspicious use of FindShellTrayWindow
    PID:1084
  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --field-trial-handle=4072,i,14486271492189381216,15799931579469722648,262144 --variations-seed-version --mojo-platform-channel-handle=4552 /prefetch:8
    1⤵
      PID:3520

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads