Analysis
-
max time kernel
141s -
max time network
119s -
platform
windows7_x64 -
resource
win7-20240508-en -
resource tags
arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system -
submitted
25-06-2024 09:34
Static task
static1
Behavioral task
behavioral1
Sample
Keygen.exe
Resource
win7-20240508-en
Behavioral task
behavioral2
Sample
Keygen.exe
Resource
win10v2004-20240508-en
General
-
Target
Keygen.exe
-
Size
260KB
-
MD5
a458bf86efbfbcd42a3db21de04f45af
-
SHA1
733c7a397c6f967efa458756720eb0996fe2b495
-
SHA256
e5a1609536db48a27c5645d956cadab4b4b1ad4e6511ea20d8a4710a18833e8a
-
SHA512
e96710c99e3e200991e102c04d4ab0713c62ec91171e2cb7d2abee943445878af0d468970654b4cb7f49a10848ee2e920372b065931baab81d1b20859b7c7a23
-
SSDEEP
6144:uXmwxUoKBpNpxu8F9BBFBXzxgugwvP6bQ7yMP+DE8276Ek:CCoeFTR56uJ6b7MP+Dd2GX
Malware Config
Signatures
-
Loads dropped DLL 1 IoCs
pid Process 2368 Keygen.exe -
Writes to the Master Boot Record (MBR) 1 TTPs 1 IoCs
Bootkits write to the MBR to gain persistence at a level below the operating system.
description ioc Process File opened for modification \??\PhysicalDrive0 Keygen.exe -
Modifies registry class 3 IoCs
description ioc Process Key created \REGISTRY\MACHINE\SOFTWARE\Classes\.key Keygen.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\.key\ Keygen.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\.key\ = "regfile" Keygen.exe -
Suspicious use of AdjustPrivilegeToken 2 IoCs
description pid Process Token: 33 2368 Keygen.exe Token: SeIncBasePriorityPrivilege 2368 Keygen.exe
Processes
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
175KB
MD56723a7547713740bc9a277846735a462
SHA17e39045ef57cfe76a5608fa8602da7172a385990
SHA256324549abe99a010c64879dc5c73800f502ad3eeea13447d97183abbf89eb5afe
SHA5127fd04d80e05e3ece49dfaf27b1a82c6f899b6c2c8108c2432af1d9bc66fa28f99e4a36912e39a19e713d07536c2403918fbca3c0bca58908fad576f7a88e0c50