Analysis
-
max time kernel
143s -
max time network
149s -
platform
windows10-2004_x64 -
resource
win10v2004-20240508-en -
resource tags
arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system -
submitted
16-06-2024 22:08
Static task
static1
Behavioral task
behavioral1
Sample
668a2469327102cece9ca2e8ed40df1ee260d90e760a5fbb0804137c6ed45d97.exe
Resource
win7-20240220-en
Behavioral task
behavioral2
Sample
668a2469327102cece9ca2e8ed40df1ee260d90e760a5fbb0804137c6ed45d97.exe
Resource
win10v2004-20240508-en
General
-
Target
668a2469327102cece9ca2e8ed40df1ee260d90e760a5fbb0804137c6ed45d97.exe
-
Size
1.5MB
-
MD5
93bb25377ce67906ac4bdf6851630bb8
-
SHA1
6cfd036344bb5e0b1c39183fcf9321a9b46f1d33
-
SHA256
668a2469327102cece9ca2e8ed40df1ee260d90e760a5fbb0804137c6ed45d97
-
SHA512
83947844a419182bc0ae53740f7521945c922a65647ccfac09ad25905b334e0e363bde52bd62e88dd8e8265d2c4f9d48350dfc3e512bc36a1cd980c294965e82
-
SSDEEP
49152:vWUMv5De9/yG9/ooooERQr0tb6H8RlOuQhRe4hvR:vWUMqyGB0Z6H8Rl4y0
Malware Config
Signatures
-
Writes to the Master Boot Record (MBR) 1 TTPs 1 IoCs
Bootkits write to the MBR to gain persistence at a level below the operating system.
Processes:
668a2469327102cece9ca2e8ed40df1ee260d90e760a5fbb0804137c6ed45d97.exedescription ioc process File opened for modification \??\PhysicalDrive0 668a2469327102cece9ca2e8ed40df1ee260d90e760a5fbb0804137c6ed45d97.exe -
Modifies registry class 4 IoCs
Processes:
668a2469327102cece9ca2e8ed40df1ee260d90e760a5fbb0804137c6ed45d97.exedescription ioc process Key created \REGISTRY\MACHINE\SOFTWARE\Classes\C06AEB9D-8774-46E7-8160-8321BCD14D9F 668a2469327102cece9ca2e8ed40df1ee260d90e760a5fbb0804137c6ed45d97.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\C06AEB9D-8774-46E7-8160-8321BCD14D9F\7CCD586D-2ABC-42FF-A23B-3731F4F183D9 = "4DEC930631D6A523D3820D3CE1249367" 668a2469327102cece9ca2e8ed40df1ee260d90e760a5fbb0804137c6ed45d97.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\C06AEB9D-8774-46E7-8160-8321BCD14D9F\5E1D6A55-0134-486E-A166-38C2E4919BB1 = "AQAAANCMnd8BFdERjHoAwE/Cl+sBAAAAqaRQvLm0CkK0UztgWYfvlwQAAAACAAAAAAAQZgAAAAEAACAAAABHkrgyLbgzKx85RZzl5Clr7XwuRMKM/XgqlipQ0SZdOgAAAAAOgAAAAAIAACAAAADXyMfIcqef+F9oWyUEpK3dHVppq8f7gzgsfps6JJy3RDAAAAAtb+JK9K2neH/N2N0ns0dzmKaZc76oZfiTgjVe7d+QFjMMfaNBizYaHE2c0/U4b0pAAAAAr+FvDqqe028BMhC8BUXCy68YRWAFIPmaCYG2D5WtFCuNdg/nDZDxDCSOCbKiH0tF8JcOEatMEe9FZOHcqkHmPg==" 668a2469327102cece9ca2e8ed40df1ee260d90e760a5fbb0804137c6ed45d97.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\C06AEB9D-8774-46E7-8160-8321BCD14D9F\56C7A9DA-4B11-406A-8B1A-EFF157C294D6 = "1ead7f1d-a3f7-4e8f-9582-ab4ae491097c" 668a2469327102cece9ca2e8ed40df1ee260d90e760a5fbb0804137c6ed45d97.exe -
Suspicious use of FindShellTrayWindow 1 IoCs
Processes:
668a2469327102cece9ca2e8ed40df1ee260d90e760a5fbb0804137c6ed45d97.exepid process 1084 668a2469327102cece9ca2e8ed40df1ee260d90e760a5fbb0804137c6ed45d97.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\668a2469327102cece9ca2e8ed40df1ee260d90e760a5fbb0804137c6ed45d97.exe"C:\Users\Admin\AppData\Local\Temp\668a2469327102cece9ca2e8ed40df1ee260d90e760a5fbb0804137c6ed45d97.exe"1⤵
- Writes to the Master Boot Record (MBR)
- Modifies registry class
- Suspicious use of FindShellTrayWindow
PID:1084
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --field-trial-handle=4072,i,14486271492189381216,15799931579469722648,262144 --variations-seed-version --mojo-platform-channel-handle=4552 /prefetch:81⤵PID:3520