344b8fc925c61815d29482634b93c70aac5082c8cc9e66763bf5d8bfed3e6e52

Analysis

max time kernel
140s
max time network
51s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
20-06-2024 03:42

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

344b8fc925c61815d29482634b93c70aac5082c8cc9e66763bf5d8bfed3e6e52.exe
Size

589KB
MD5

46c7580a317a65bc9c281069c83a9787
SHA1

9b59bac283a1cccaa339161b5edaa0a3c2ecd8cb
SHA256

344b8fc925c61815d29482634b93c70aac5082c8cc9e66763bf5d8bfed3e6e52
SHA512

a854ceede2eb3694aa9fd474609540cb789077945f06686ba80ba90132dc7d7162e881a8d7d9ae62529128eed7be715d0bb81b52d5ca5c83f44f46a8e119f55a
SSDEEP

12288:bOoJ7rainDTqz96Pj49MvFUWVNE2o95KpVMW:vJXHDTq0b9yWXE3KUW

Score

6^/10

bootkit persistence

Malware Config

Signatures

Writes to the Master Boot Record (MBR) 1 TTPs 1 IoCs

Bootkits write to the MBR to gain persistence at a level below the operating system.

bootkit persistence

Bootkit

T1542.003

description	ioc	Process
File opened for modification	\??\PhysicalDrive0	344b8fc925c61815d29482634b93c70aac5082c8cc9e66763bf5d8bfed3e6e52.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious use of SetWindowsHookEx 4 IoCs

pid	Process
1760	344b8fc925c61815d29482634b93c70aac5082c8cc9e66763bf5d8bfed3e6e52.exe
1760	344b8fc925c61815d29482634b93c70aac5082c8cc9e66763bf5d8bfed3e6e52.exe
1760	344b8fc925c61815d29482634b93c70aac5082c8cc9e66763bf5d8bfed3e6e52.exe
1760	344b8fc925c61815d29482634b93c70aac5082c8cc9e66763bf5d8bfed3e6e52.exe

C:\Users\Admin\AppData\Local\Temp\344b8fc925c61815d29482634b93c70aac5082c8cc9e66763bf5d8bfed3e6e52.exe
"C:\Users\Admin\AppData\Local\Temp\344b8fc925c61815d29482634b93c70aac5082c8cc9e66763bf5d8bfed3e6e52.exe"
1⤵
- Writes to the Master Boot Record (MBR)
- Suspicious use of SetWindowsHookEx
PID:1760

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Pre-OS Boot

T1542

Bootkit

T1542.003

Privilege Escalation

Defense Evasion

Pre-OS Boot

T1542

Bootkit

T1542.003

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Temphtml01.htm

Filesize
2KB

MD5
113fe21cc747f084833554bf97e88dbb

SHA1
093c6ec9e122c00fe7c4ab849f8364ae886141cc

SHA256
59118296d73e54cd330bb928c4c4e73cd3e574f6113c53b47c660069fc3e8f43

SHA512
e887de9802e55a89c65dde6504e560ace892c1a579d0287f431bc379becff326b9e6c40d5f8276f943fb3617cb4afd3467e9a969453607849434fd20f0b439b1

Download Submit
memory/1760-0-0x0000000000400000-0x00000000005D5000-memory.dmp

Filesize
1.8MB

Download
memory/1760-7-0x0000000000400000-0x00000000005D5000-memory.dmp

Filesize
1.8MB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads