Overview

overview

7

Static

static

3

e0b38587e4...da.exe

windows7-x64

7

e0b38587e4...da.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    121s
  • max time network
    122s
  • platform
    windows7_x64
  • resource
    win7-20231129-en
  • resource tags

    arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
  • submitted
    29-06-2024 20:29

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    e0b38587e45a8d04166f79693099ef8b33efc7c8f047e10f56973eeb463a5ada.exe

  • Size

    14.2MB

  • MD5

    d3f21493a226b5dc449384e9511b6473

  • SHA1

    97f2576a57677f3215cbe1df629c6054cda573d5

  • SHA256

    e0b38587e45a8d04166f79693099ef8b33efc7c8f047e10f56973eeb463a5ada

  • SHA512

    5fd31d00b8dfa3191f9720ab35e3ba325e5db1ad9202788dd3562005f08cfc46d5b6c796ed0dcf83dc1f570bc393c4996b0a1aa26ddfb3d75532e21b7de98fc5

  • SSDEEP

    393216:pgKtpMJNz9p20jv1PBMudOmRNYl7EUus9:poDwM9Piud5jYlX

Score
7/10
bootkitpersistence

Malware Config

Signatures

  • Loads dropped DLL 2 IoCs
  • Writes to the Master Boot Record (MBR) 1 TTPs 1 IoCs

    Bootkits write to the MBR to gain persistence at a level below the operating system.

    bootkitpersistence
  • Program crash 1 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\e0b38587e45a8d04166f79693099ef8b33efc7c8f047e10f56973eeb463a5ada.exe
    "C:\Users\Admin\AppData\Local\Temp\e0b38587e45a8d04166f79693099ef8b33efc7c8f047e10f56973eeb463a5ada.exe"
    1⤵
    • Loads dropped DLL
    • Writes to the Master Boot Record (MBR)
    • Suspicious use of WriteProcessMemory
    PID:1716
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 1716 -s 768
      2⤵
      • Program crash
      PID:2608

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • \Users\Admin\AppData\Local\Temp\netul.dll
    Filesize

    1.9MB

    MD5

    47f5fe83659f9ea0c7b204a3e76f78b1

    SHA1

    cc1e2e5e7601473e69a28f4ab4a7ed29a07dbada

    SHA256

    e834072d776786c0a9336225b18a1b4da91f3fd056277af61ba97a203c8bbb5a

    SHA512

    18c50b839b40b5706da9b0b948ea7ea85718cd38cd463d44750fa608ac14a1b45eb498c5d73460f4b67c9d9677fc3227be0ca48024aaf2b76dcebd09900e5e64

    Download Submit

  • \Users\Admin\AppData\Local\Temp\{27AEC9A2-9C42-4806-AE38-F68753DB18F4}.tmp\7z.dll
    Filesize

    1.1MB

    MD5

    e88522eb3a28fde2182a67e9e03566c9

    SHA1

    dfce7b03a4dda7f655b813884e8be685e428887a

    SHA256

    1d0784c649107d74957fd11274dde22fefc8235869f8365fb1b39e46b96eca3c

    SHA512

    477d90a3194f7d41e5eb988e72eb8ffd8c0198f3d5e2fa4eb77a683dfb3846c5c8d4129df53bab5e2c277217b2e9f98366ccccdc46d674fb52c5a998d697e7c5

    Download Submit

  • memory/1716-19-0x00000000021E0000-0x00000000021E1000-memory.dmp

    Filesize

    4KB

    Download