Analysis
-
max time kernel
25s -
max time network
16s -
platform
windows7_x64 -
resource
win7-20240704-en -
resource tags
arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system -
submitted
02-08-2024 04:33
Static task
static1
Behavioral task
behavioral1
Sample
155绿色软件站.url
Resource
win7-20240729-en
Behavioral task
behavioral2
Sample
155绿色软件站.url
Resource
win10v2004-20240730-en
Behavioral task
behavioral3
Sample
RaidRecovery.exe
Resource
win7-20240704-en
Behavioral task
behavioral4
Sample
RaidRecovery.exe
Resource
win10v2004-20240730-en
General
-
Target
RaidRecovery.exe
-
Size
837KB
-
MD5
55acc08a6abfbe32ae8599498ac5db3a
-
SHA1
0e87ea18b88c06fa79bddb164678274c50833da3
-
SHA256
0c375ff2fcfc9fb2a1bcd5344bbe55a4feee7f4f3e739d3075056bc2d58761ea
-
SHA512
0116e290ee68138d52a383aec6e395c36ea266a480dbbf4b54b6df8912dd598d4d57b208996410a2753247272d3813b3e198621bff7d0e550e21bd2bbd2fbc1f
-
SSDEEP
12288:AyTmV+FPzSDH4Ni1vzY+ej8U8ti83HOE:1XlWDHLYT8UM
Malware Config
Signatures
-
Writes to the Master Boot Record (MBR) 1 TTPs 1 IoCs
Bootkits write to the MBR to gain persistence at a level below the operating system.
description ioc Process File opened for modification \??\PhysicalDrive0 RaidRecovery.exe -
Suspicious behavior: GetForegroundWindowSpam 1 IoCs
pid Process 2544 RaidRecovery.exe