Analysis

  • max time kernel
    148s
  • max time network
    151s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240802-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
  • submitted
    19-09-2024 07:52

General

  • Target

    BDDownloadExe.exe

  • Size

    367KB

  • MD5

    b5e16bd1f7edaa0d56c9e2ce65f35516

  • SHA1

    ca4b7fc4c77680b8ce4b1bdbb2b231beb06c98e2

  • SHA256

    91702ae34d17e643983accc23f937c0956d5d5e07b26871e025de4a6da85b696

  • SHA512

    ec0fdc8d2a8b1f93a2282c0af139dddc637533758e65d6e2b052a8e20c8a031d3d4133e04c1c082981035a35afa552b219ac0503f43181c4d399f95581e91b29

  • SSDEEP

    6144:HJwx+zTO02TvEUSzi1G6/InjNx9LtEmCR1/gxKrpU1QUTivq:HJwx+zTBtzi18xzBEmCRixBivq

Malware Config

Signatures

  • Writes to the Master Boot Record (MBR) 1 TTPs 1 IoCs

    Bootkits write to the MBR to gain persistence at a level below the operating system.

  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

  • Suspicious behavior: EnumeratesProcesses 28 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\BDDownloadExe.exe
    "C:\Users\Admin\AppData\Local\Temp\BDDownloadExe.exe"
    1⤵
    • Writes to the Master Boot Record (MBR)
    • System Location Discovery: System Language Discovery
    • Suspicious behavior: EnumeratesProcesses
    PID:4056

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads