Overview

overview

7

Static

static

3

3e2e1e6bce...18.exe

windows7-x64

7

3e2e1e6bce...18.exe

windows10-2004-x64

7

$PLUGINSDI...LL.dll

windows7-x64

3

$PLUGINSDI...LL.dll

windows10-2004-x64

3

$PLUGINSDI...ns.dll

windows7-x64

3

$PLUGINSDI...ns.dll

windows10-2004-x64

3

$PLUGINSDI...em.dll

windows7-x64

3

$PLUGINSDI...em.dll

windows10-2004-x64

3

$PLUGINSDI...gs.dll

windows7-x64

3

$PLUGINSDI...gs.dll

windows10-2004-x64

3

$R0.exe

windows7-x64

6

$R0.exe

windows10-2004-x64

6

StartPage/$R0.html

windows7-x64

1

StartPage/$R0.html

windows10-2004-x64

1

StartPage/Local/ie.js

windows7-x64

3

StartPage/Local/ie.js

windows10-2004-x64

3

StartPage/...e.html

windows7-x64

1

StartPage/...e.html

windows10-2004-x64

1

StartPage/...k.html

windows7-x64

1

StartPage/...k.html

windows10-2004-x64

1

StartPage/...x.html

windows7-x64

1

StartPage/...x.html

windows10-2004-x64

1

StartPage/Local/wk.js

windows7-x64

3

StartPage/Local/wk.js

windows10-2004-x64

3

StartPage/...x.html

windows7-x64

1

StartPage/...x.html

windows10-2004-x64

1

Analysis

  • max time kernel
    91s
  • max time network
    104s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240709-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
  • submitted
    12-07-2024 17:09

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    $R0.exe

  • Size

    3.0MB

  • MD5

    202f948151cd7738196cabfac6866829

  • SHA1

    d330ab04076fc628d74919da02a21040df8a9683

  • SHA256

    07558bed88e2a291c6b2dfad6e538a114b344b95bdba46d21a96c3eb79f8b2c9

  • SHA512

    698d1c561e56b0102bc4538ae69d47de636348ec3cab90f6572a309b9b12199927cc595b38a5db3101e1024fe594a7ba805b50327c46281a28cd02824055f09c

  • SSDEEP

    49152:Spul+gUMSUQGNkyzKiIImN8uh8A/nRJHV2AAPUo4M:r67GNkyzKp8uh8gn/1qP9z

Score
6/10
bootkitpersistence

Malware Config

Signatures

  • Writes to the Master Boot Record (MBR) 1 TTPs 1 IoCs

    Bootkits write to the MBR to gain persistence at a level below the operating system.

    bootkitpersistence
  • Program crash 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 4 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\$R0.exe
    "C:\Users\Admin\AppData\Local\Temp\$R0.exe"
    1⤵
    • Writes to the Master Boot Record (MBR)
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of FindShellTrayWindow
    PID:3616
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 3616 -s 1908
      2⤵
      • Program crash
      PID:2512
  • C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -pss -s 432 -p 3616 -ip 3616
    1⤵
      PID:3012

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • memory/3616-0-0x000000006FFF0000-0x0000000070000000-memory.dmp

      Filesize

      64KB

      Download

    • memory/3616-1-0x00000000766FF000-0x0000000076700000-memory.dmp

      Filesize

      4KB

      Download

    • memory/3616-5-0x00000000766E0000-0x00000000767D0000-memory.dmp

      Filesize

      960KB

      Download

    • memory/3616-8-0x000000006FFF0000-0x0000000070000000-memory.dmp

      Filesize

      64KB

      Download

    • memory/3616-9-0x000000006FFF0000-0x0000000070000000-memory.dmp

      Filesize

      64KB

      Download

    • memory/3616-39-0x0000000075D50000-0x0000000075D68000-memory.dmp

      Filesize

      96KB

      Download

    • memory/3616-40-0x00000000766E0000-0x00000000767D0000-memory.dmp

      Filesize

      960KB

      Download