Overview

overview

7

Static

static

3

f188556db7...87.exe

windows7-x64

7

f188556db7...87.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    148s
  • max time network
    153s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240802-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
  • submitted
    02-08-2024 23:51

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    f188556db75e2fc535533494e783e73f2641efc87649fb57fd5fe3cdbbd6b987.exe

  • Size

    6.4MB

  • MD5

    3bb1c4f2834b417263219c9fb1d2cf33

  • SHA1

    036c97647f8157c5ac4c42c2c87c5b67f6e9c325

  • SHA256

    f188556db75e2fc535533494e783e73f2641efc87649fb57fd5fe3cdbbd6b987

  • SHA512

    22068b6bd7096b1f08d99e4cc1b407f912a359f97af8ecd556a37cb64665db6f3f8c8e11b21a151a8fa27a86879f758f35c10017b2c933e0ede47b138c0f8ad8

  • SSDEEP

    98304:nuIvRWGNq9I13NpDBRYhdLyFfqZ8d/E71XZ8gVZHWMZjwnNKsedAnC:uIvRxN02NlLYrLAhEYWHWKjgMbdd

Score
7/10
bootkitdiscoverypersistence

Malware Config

Signatures

  • Loads dropped DLL 2 IoCs
  • Writes to the Master Boot Record (MBR) 1 TTPs 1 IoCs

    Bootkits write to the MBR to gain persistence at a level below the operating system.

    bootkitpersistence
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Checks processor information in registry 2 TTPs 2 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Suspicious behavior: EnumeratesProcesses 14 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\f188556db75e2fc535533494e783e73f2641efc87649fb57fd5fe3cdbbd6b987.exe
    "C:\Users\Admin\AppData\Local\Temp\f188556db75e2fc535533494e783e73f2641efc87649fb57fd5fe3cdbbd6b987.exe"
    1⤵
    • Loads dropped DLL
    • Writes to the Master Boot Record (MBR)
    • System Location Discovery: System Language Discovery
    • Checks processor information in registry
    • Suspicious behavior: EnumeratesProcesses
    PID:964

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\360base.dll
    Filesize

    902KB

    MD5

    2f9fe542b5f9812d1d4dc56736bf903b

    SHA1

    ed4325f1192f7a8f2d65b8f62d31915169475b36

    SHA256

    99d2200a96aefa7c46a13e4a3f529ebe58a2cdc2d5ba4609ea449654d77c3c92

    SHA512

    6d20817c233f7183744e1f97b7fa11a1ad84b5655412d47216e58e78372a34300b22dbfe72af2db5df273dd9f05a9a33ed688d09951a07d7ec37c41af7da32ff

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\_run_240645812.ini
    Filesize

    592B

    MD5

    1d706b2b130476167244bba663b976e7

    SHA1

    41c49d5fc851e05e7a81799bbb91583340db9b5e

    SHA256

    affb4c88d881b852555e436d000aefb527de465e1303d01df879d25e0bf361ab

    SHA512

    f81d500fa7ebd4a88385d6291036797004c6211c20cb640c6c6c7276b53663090e6262ab1f34a927299afb27a20cd99a19be54939adb7240504f1df25af1e34c

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\_run_240645812.ini
    Filesize

    586B

    MD5

    7109f81a06f662982f9aa6610c505433

    SHA1

    13fa121ddf1c767edf501b1c96c5983d427b2666

    SHA256

    8a9b9f19aaa7f63b4a511fca9975dd9ce249b19eee16bdf8770719a84b894de3

    SHA512

    9237a038d2b75f5917c97060afcafd43d5f5fb06454efc0ad6fb0a11ace65b8b537162df483f21b1dfff5e152165daec5c6ebda5907d840c74b80e43389b7b43

    Download Submit

  • C:\Users\Admin\AppData\Roaming\360Game5\temp\7z.dll
    Filesize

    983KB

    MD5

    04ab3475be3f266e34498dd43a14c557

    SHA1

    7a21ef8edab8924dfc630b015aec220f6bc19987

    SHA256

    a13b597091ae410677b29dc92e31966bae85c1097cec2c4728214e512c318f96

    SHA512

    b72b3721d1518476be4e39df8742e6a21985f07dc10f7b9563d406118896a5ff34ffe1560a01c5d58aefdf86659f652ccf3eb8f32bcc912b363e6445b984ba2e

    Download Submit

  • memory/964-0-0x0000000003440000-0x0000000003441000-memory.dmp

    Filesize

    4KB

    Download

  • memory/964-61-0x0000000003440000-0x0000000003441000-memory.dmp

    Filesize

    4KB

    Download