9b7222bb21f452ddcb74beab90b78e805578d65c4e43758853f833ac1edb5ce1 | Triage

Submit
Reports

Overview

overview

8

Static

static

1

sample.html

windows11-21h2-x64

8

Resubmissions

01-07-2024 06:05

240701-gs7rts1ekm 8

01-07-2024 06:02

240701-grl4qsxgnh 1

01-07-2024 05:57

240701-gny9ws1dnk 7

01-07-2024 05:47

240701-ghchyaxfmb 8

01-07-2024 05:44

240701-gfekhs1cmr 1

01-07-2024 05:39

240701-gcjp3axepc 6

Sharing

General

Target

sample
Size

494KB
Sample

240701-gs7rts1ekm
MD5

90570683931d5f8a2ad2eac54d7ec9b4
SHA1

2e04b4ffa1ffafac3b5424bf6c59d0eefee13858
SHA256

9b7222bb21f452ddcb74beab90b78e805578d65c4e43758853f833ac1edb5ce1
SHA512

08cb12405bee74256212037938c3a367add8d6067c326fc154d2b6d9128254f817fff9e61672d67d4d6f4f37b78df6209b94f71c69f53abbf9db59bf0e36ec2c
SSDEEP

6144:lZHU5+U52U5ZU58U5ZU5BU59U5qU58U5Rb2:l5UAUsUbUGU3UnU3UIUCU3b2

Score

8^/10

bootkit discovery evasion exploit persistence upx

Static task

static1

Behavioral task

behavioral1

Sample

sample.html

Resource

win11-20240611-en

bootkit discovery evasion exploit persistence upx

windows11-21h2-x64

24 signatures

1800 seconds

Malware Config

Targets

- Target
  
  sample
- Size
  
  494KB
- MD5
  
  90570683931d5f8a2ad2eac54d7ec9b4
- SHA1
  
  2e04b4ffa1ffafac3b5424bf6c59d0eefee13858
- SHA256
  
  9b7222bb21f452ddcb74beab90b78e805578d65c4e43758853f833ac1edb5ce1
- SHA512
  
  08cb12405bee74256212037938c3a367add8d6067c326fc154d2b6d9128254f817fff9e61672d67d4d6f4f37b78df6209b94f71c69f53abbf9db59bf0e36ec2c
- SSDEEP
  
  6144:lZHU5+U52U5ZU58U5ZU5BU59U5qU58U5Rb2:l5UAUsUbUGU3UnU3UIUCU3b2
Score

8^/10

bootkit discovery evasion exploit persistence upx
- Disables Task Manager via registry modification
  evasion
- Downloads MZ/PE file
- Possible privilege escalation attempt
  exploit
- Executes dropped EXE
- Modifies file permissions
  discovery
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Legitimate hosting services abused for malware hosting/C2
- Modifies boot configuration data using bcdedit
- Writes to the Master Boot Record (MBR)
  Bootkits write to the MBR to gain persistence at a level below the operating system.
  bootkit persistence
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Pre-OS Boot

Bootkit

Privilege Escalation

Defense Evasion

File and Directory Permissions Modification

Modify Registry

Pre-OS Boot

Bootkit

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1

bootkitdiscoveryevasionexploitpersistenceupx

© 2018-2024

Terms | Privacy