Overview

overview

7

Static

static

1

Boostrapper.exe

windows7-x64

7

Boostrapper.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    136s
  • max time network
    127s
  • platform
    windows7_x64
  • resource
    win7-20240705-en
  • resource tags

    arch:x64arch:x86image:win7-20240705-enlocale:en-usos:windows7-x64system
  • submitted
    07-08-2024 20:52

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Boostrapper.exe

  • Size

    64.8MB

  • MD5

    6bb0b9f52f27d6e39b1b368524000d85

  • SHA1

    5e3e92404a44d3a23b32f90d6e81f230bbec0777

  • SHA256

    5d23cfb3eeeec5e4013daa89a442c1bbe13e772d1b38c676370d298d9657c1f7

  • SHA512

    51d816b4c8f09039654ef80199efdc07a9d716293edfa80befea2fc3455ae958fd6e46b22fd9860367b5f66253c447735ccc6eebf95c3be3ae1ddd5a8c690a4b

  • SSDEEP

    1572864:ARAOQ27vFQqMrlpA+Ql4UJ7vIxlqrSaxnB:sAOvJykl51vAL

Score
7/10
upx

Malware Config

Signatures

  • Loads dropped DLL 1 IoCs
  • UPX packed file 1 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Suspicious use of AdjustPrivilegeToken 4 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\Boostrapper.exe
    "C:\Users\Admin\AppData\Local\Temp\Boostrapper.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1948
    • C:\Users\Admin\AppData\Local\Temp\Boostrapper.exe
      "C:\Users\Admin\AppData\Local\Temp\Boostrapper.exe"
      2⤵
      • Loads dropped DLL
      PID:1176
  • C:\Windows\explorer.exe
    "C:\Windows\explorer.exe"
    1⤵
      PID:1728
    • C:\Windows\system32\AUDIODG.EXE
      C:\Windows\system32\AUDIODG.EXE 0x4e4
      1⤵
      • Suspicious use of AdjustPrivilegeToken
      PID:1972
    • C:\Windows\explorer.exe
      "C:\Windows\explorer.exe"
      1⤵
        PID:2828

      Network

      MITRE ATT&CK Matrix

      Replay Monitor

      Loading Replay Monitor...

      Downloads

      • C:\Users\Admin\AppData\Local\Temp\_MEI19482\python311.dll
        Filesize

        1.6MB

        MD5

        4fcf14c7837f8b127156b8a558db0bb2

        SHA1

        8de2711d00bef7b5f2dcf8a2c6871fa1db67cf1f

        SHA256

        a67df621a383f4ce5a408e0debe3ebc49ffc766d6a1d6d9a7942120b8ec054dc

        SHA512

        7a6195495b48f66c35b273a2c9d7ff59e96a4180ea8503f31c8b131167c6cdddd8d6fe77388a34096964a73c85eab504281a14ae3d05350cfee5c51d2491cec8

        Download Submit

      • memory/1176-737-0x000007FEF5CF0000-0x000007FEF62D8000-memory.dmp

        Filesize

        5.9MB

        Download