57b889c7a6f4a4b223084dc489ebc75c292ed03693a22b926cc9569255308236

Analysis

max time kernel
148s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20240704-en
resource tags

arch:x64arch:x86image:win10v2004-20240704-enlocale:en-usos:windows10-2004-x64system
submitted
12/07/2024, 00:01

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

57b889c7a6f4a4b223084dc489ebc75c292ed03693a22b926cc9569255308236.exe
Size

495KB
MD5

63e317ec0ca3ce51106b6d3aa3bda34d
SHA1

f9b4e0c32c0ec86fa1ba61d97974d96c40c83c8f
SHA256

57b889c7a6f4a4b223084dc489ebc75c292ed03693a22b926cc9569255308236
SHA512

7d67c90c5c9b528324d76b8239c795b1a88ef8249620e3826a3a9a981f0b5c613e47f5b86f0753d0d27dd0f9c4df0d782539696f103c89d165097ef91aa53b74
SSDEEP

12288:uwBk6JImAGbjvIGCkiqvx9OHrdwiCsB1HHOHNNfi:5k6zAGXvAkvvxgxwi3B1Hu/6

Score

6^/10

bootkit persistence

Malware Config

Signatures

Writes to the Master Boot Record (MBR) 1 TTPs 1 IoCs

Bootkits write to the MBR to gain persistence at a level below the operating system.

bootkit persistence

Bootkit

T1542.003

description	ioc	Process
File opened for modification	\??\PHYSICALDRIVE0	57b889c7a6f4a4b223084dc489ebc75c292ed03693a22b926cc9569255308236.exe

C:\Users\Admin\AppData\Local\Temp\57b889c7a6f4a4b223084dc489ebc75c292ed03693a22b926cc9569255308236.exe
"C:\Users\Admin\AppData\Local\Temp\57b889c7a6f4a4b223084dc489ebc75c292ed03693a22b926cc9569255308236.exe"
1⤵
- Writes to the Master Boot Record (MBR)
PID:3344

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Pre-OS Boot

T1542

Bootkit

T1542.003

Privilege Escalation

Defense Evasion

Pre-OS Boot

T1542

Bootkit

T1542.003

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

memory/3344-1-0x0000000000700000-0x0000000000800000-memory.dmp

Filesize
1024KB

Download
memory/3344-2-0x0000000000670000-0x00000000006DB000-memory.dmp

Filesize
428KB

Download
memory/3344-3-0x0000000000400000-0x000000000046F000-memory.dmp

Filesize
444KB

Download
memory/3344-4-0x0000000000400000-0x000000000050C000-memory.dmp

Filesize
1.0MB

Download
memory/3344-5-0x0000000000400000-0x000000000050C000-memory.dmp

Filesize
1.0MB

Download
memory/3344-6-0x0000000000700000-0x0000000000800000-memory.dmp

Filesize
1024KB

Download
memory/3344-8-0x0000000000670000-0x00000000006DB000-memory.dmp

Filesize
428KB

Download
memory/3344-9-0x0000000000400000-0x000000000046F000-memory.dmp

Filesize
444KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads