Overview

overview

8

Static

static

3

trichlorom...ty.exe

windows7-x64

1

trichlorom...ty.exe

windows10-2004-x64

1

trichlorom...ty.exe

windows7-x64

1

trichlorom...ty.exe

windows10-2004-x64

1

trichlorom...ne.exe

windows7-x64

8

trichlorom...ne.exe

windows10-2004-x64

8

trichlorom...ty.exe

windows7-x64

1

trichlorom...ty.exe

windows10-2004-x64

1

trichloromethane.exe

windows7-x64

8

trichloromethane.exe

windows10-2004-x64

8

trichlorom...te.bat

windows7-x64

1

trichlorom...te.bat

windows10-2004-x64

1

trichlorom...DL.dll

windows7-x64

1

trichlorom...DL.dll

windows10-2004-x64

1

trichlorom...-4.dll

windows7-x64

3

trichlorom...-4.dll

windows10-2004-x64

3

trichlorom...mu.exe

windows7-x64

1

trichlorom...mu.exe

windows10-2004-x64

1

trichlorom...ss.exe

windows7-x64

1

trichlorom...ss.exe

windows10-2004-x64

1

trichlorom...sm.exe

windows7-x64

1

trichlorom...sm.exe

windows10-2004-x64

1

trichlorom...in.exe

windows7-x64

7

trichlorom...in.exe

windows10-2004-x64

7

trichlorom...bin.py

windows7-x64

3

trichlorom...bin.py

windows10-2004-x64

3

trichlorom...ne.exe

windows7-x64

8

trichlorom...ne.exe

windows10-2004-x64

8

trichlorom...ty.exe

windows7-x64

1

trichlorom...ty.exe

windows10-2004-x64

1

trichloromethane.exe

windows7-x64

8

trichloromethane.exe

windows10-2004-x64

8

Analysis

  • max time kernel
    16s
  • max time network
    56s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240508-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
  • submitted
    19/06/2024, 16:40 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    trichloromethane.exe

  • Size

    120KB

  • MD5

    5e8ce90547acca8bd050fccb885558a2

  • SHA1

    a65ca5ddbcabeca7a5b9a243131bf8ce6798e15a

  • SHA256

    2829a026d0c7f6ca2fcba66eeef48606c3307312898fefef8af269dcb2158155

  • SHA512

    ac4aace898b8fa9037590edcce478c649aed9daf4d7fc2285f045aecf0f86d25a69903b1458b96964f6f7e9d4fb8f79ce923896b5ff84008f9f32bf86ff11d8f

  • SSDEEP

    3072:87Vs+B4vSgLkgjIldksHYfYjbyKK03T9zqKyM:24vSuKXHtl

Score
8/10
bootkitevasionpersistence

Malware Config

Signatures

  • Disables Task Manager via registry modification
    evasion
  • Writes to the Master Boot Record (MBR) 1 TTPs 1 IoCs

    Bootkits write to the MBR to gain persistence at a level below the operating system.

    bootkitpersistence
  • Modifies registry key 1 TTPs 1 IoCs
  • Suspicious use of WriteProcessMemory 6 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\trichloromethane.exe
    "C:\Users\Admin\AppData\Local\Temp\trichloromethane.exe"
    1⤵
    • Writes to the Master Boot Record (MBR)
    • Suspicious use of WriteProcessMemory
    PID:2520
    • C:\Windows\SysWOW64\cmd.exe
      C:\Windows\system32\cmd.exe /c REG ADD hkcu\Software\Microsoft\Windows\CurrentVersion\policies\system /v DisableTaskMgr /t reg_dword /d 1 /f
      2⤵
      • Suspicious use of WriteProcessMemory
      PID:2828
      • C:\Windows\SysWOW64\reg.exe
        REG ADD hkcu\Software\Microsoft\Windows\CurrentVersion\policies\system /v DisableTaskMgr /t reg_dword /d 1 /f
        3⤵
        • Modifies registry key
        PID:1700
  • C:\Windows\system32\AUDIODG.EXE
    C:\Windows\system32\AUDIODG.EXE 0x50c 0x304
    1⤵
      PID:4572

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    We care about your privacy.

    This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.