Overview

overview

7

Static

static

3

b8dfe3edda...bb.exe

windows7-x64

7

b8dfe3edda...bb.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    119s
  • max time network
    120s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    27-09-2024 09:47

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    b8dfe3eddacbc421ac90fddfb5322e9ae2c5df5d1a567fc5308a22e67c429dbb.exe

  • Size

    4.8MB

  • MD5

    8fb6b9b5a72576a6e85ae16adada1916

  • SHA1

    a4f20676a0a9e2d2dd5426149d2be999a24de3cb

  • SHA256

    b8dfe3eddacbc421ac90fddfb5322e9ae2c5df5d1a567fc5308a22e67c429dbb

  • SHA512

    8feec54f8e0e774177a628436a44bc541a1f9dc8c2495de8f6c82191c9aa7747b5493ecc737f53a405ecc5e0984167d14f978465cfe0888b7063f3582d6d915b

  • SSDEEP

    49152:AjLG+gXmn2DBn7Nk9RpKeVED4/vvqEDrz9HjR5Zs3GkRVb2cWf8ugIgBXYuTgJnG:XFS9RptXjXs3G8WH/g5tTgJRH46Vc4i

Score
7/10
bootkitdiscoverypersistence

Malware Config

Signatures

  • Loads dropped DLL 2 IoCs
  • Writes to the Master Boot Record (MBR) 1 TTPs 1 IoCs

    Bootkits write to the MBR to gain persistence at a level below the operating system.

    bootkitpersistence
  • Drops file in Windows directory 1 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery

Processes

  • C:\Users\Admin\AppData\Local\Temp\b8dfe3eddacbc421ac90fddfb5322e9ae2c5df5d1a567fc5308a22e67c429dbb.exe
    "C:\Users\Admin\AppData\Local\Temp\b8dfe3eddacbc421ac90fddfb5322e9ae2c5df5d1a567fc5308a22e67c429dbb.exe"
    1⤵
    • Loads dropped DLL
    • Writes to the Master Boot Record (MBR)
    • Drops file in Windows directory
    • System Location Discovery: System Language Discovery
    PID:2852

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\{3A88006B-9B50-4586-AEE2-F3D88EF5419D}.tmp\netwarp.dll
    Filesize

    1.9MB

    MD5

    f955d154ca1abb7d5631dc7cc93849b9

    SHA1

    55edadf8ae4d0c3fbc2ff0e717cf2d75f6a88a7f

    SHA256

    b913056cdcdecba033ef90cd925a4ed16c476615ea0f6e04e1b9efe13289a578

    SHA512

    206f806872c9aa1fe8722a5bf1f25cd34985488dbf657b05f8fbacfecad60d01d31cb906e08c71fa364dc3ca88e3946d67a3df4c2fd16cb0f1e582ff7414f3f8

    Download Submit

  • \Users\Admin\AppData\Local\Temp\{81F9AD43-DEA3-4ae3-8242-9B06E2370BCA}.tmp\7z.dll
    Filesize

    1.1MB

    MD5

    573e527af8df8af2d29346ae36bacf85

    SHA1

    f8ec2c80e147df50a78024fb27e4436e88cb63c3

    SHA256

    b046bcac3dd735cdc13d66205329a5d47c70dc33a8e98e49b3f66235226fce96

    SHA512

    2178e118f513e29ef848901da2410f71f162dffe1e7555a2d3891d6b2900a129ad60d1480266704fcf6d2b36ccc3f77c88918f55847b121c314a9ac843f66353

    Download Submit

  • memory/2852-20-0x0000000000350000-0x0000000000351000-memory.dmp

    Filesize

    4KB

    Download