Overview

overview

8

Static

static

3

trichlorom...ty.exe

windows7-x64

1

trichlorom...ty.exe

windows10-2004-x64

1

trichlorom...ty.exe

windows7-x64

1

trichlorom...ty.exe

windows10-2004-x64

1

trichlorom...ne.exe

windows7-x64

8

trichlorom...ne.exe

windows10-2004-x64

8

trichlorom...ty.exe

windows7-x64

1

trichlorom...ty.exe

windows10-2004-x64

1

trichloromethane.exe

windows7-x64

8

trichloromethane.exe

windows10-2004-x64

8

trichlorom...te.bat

windows7-x64

1

trichlorom...te.bat

windows10-2004-x64

1

trichlorom...DL.dll

windows7-x64

1

trichlorom...DL.dll

windows10-2004-x64

1

trichlorom...-4.dll

windows7-x64

3

trichlorom...-4.dll

windows10-2004-x64

3

trichlorom...mu.exe

windows7-x64

1

trichlorom...mu.exe

windows10-2004-x64

1

trichlorom...ss.exe

windows7-x64

1

trichlorom...ss.exe

windows10-2004-x64

1

trichlorom...sm.exe

windows7-x64

1

trichlorom...sm.exe

windows10-2004-x64

1

trichlorom...in.exe

windows7-x64

7

trichlorom...in.exe

windows10-2004-x64

7

trichlorom...bin.py

windows7-x64

3

trichlorom...bin.py

windows10-2004-x64

3

trichlorom...ne.exe

windows7-x64

8

trichlorom...ne.exe

windows10-2004-x64

8

trichlorom...ty.exe

windows7-x64

1

trichlorom...ty.exe

windows10-2004-x64

1

trichloromethane.exe

windows7-x64

8

trichloromethane.exe

windows10-2004-x64

8

Analysis

  • max time kernel
    16s
  • max time network
    56s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240508-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
  • submitted
    19/06/2024, 16:40

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    trichloromethane.exe

  • Size

    120KB

  • MD5

    5e8ce90547acca8bd050fccb885558a2

  • SHA1

    a65ca5ddbcabeca7a5b9a243131bf8ce6798e15a

  • SHA256

    2829a026d0c7f6ca2fcba66eeef48606c3307312898fefef8af269dcb2158155

  • SHA512

    ac4aace898b8fa9037590edcce478c649aed9daf4d7fc2285f045aecf0f86d25a69903b1458b96964f6f7e9d4fb8f79ce923896b5ff84008f9f32bf86ff11d8f

  • SSDEEP

    3072:87Vs+B4vSgLkgjIldksHYfYjbyKK03T9zqKyM:24vSuKXHtl

Score
8/10
bootkitevasionpersistence

Malware Config

Signatures

  • Disables Task Manager via registry modification
    evasion
  • Writes to the Master Boot Record (MBR) 1 TTPs 1 IoCs

    Bootkits write to the MBR to gain persistence at a level below the operating system.

    bootkitpersistence
  • Modifies registry key 1 TTPs 1 IoCs
  • Suspicious use of WriteProcessMemory 6 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\trichloromethane.exe
    "C:\Users\Admin\AppData\Local\Temp\trichloromethane.exe"
    1⤵
    • Writes to the Master Boot Record (MBR)
    • Suspicious use of WriteProcessMemory
    PID:2520
    • C:\Windows\SysWOW64\cmd.exe
      C:\Windows\system32\cmd.exe /c REG ADD hkcu\Software\Microsoft\Windows\CurrentVersion\policies\system /v DisableTaskMgr /t reg_dword /d 1 /f
      2⤵
      • Suspicious use of WriteProcessMemory
      PID:2828
      • C:\Windows\SysWOW64\reg.exe
        REG ADD hkcu\Software\Microsoft\Windows\CurrentVersion\policies\system /v DisableTaskMgr /t reg_dword /d 1 /f
        3⤵
        • Modifies registry key
        PID:1700
  • C:\Windows\system32\AUDIODG.EXE
    C:\Windows\system32\AUDIODG.EXE 0x50c 0x304
    1⤵
      PID:4572

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads