Analysis
-
max time kernel
0s -
max time network
1s -
platform
windows7_x64 -
resource
win7-20240903-en -
resource tags
arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system -
submitted
16/10/2024, 01:51
Static task
static1
Behavioral task
behavioral1
Sample
Office.Professional.2010.keygen.by.F4CG.exe
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
Office.Professional.2010.keygen.by.F4CG.exe
Resource
win10v2004-20241007-en
General
-
Target
Office.Professional.2010.keygen.by.F4CG.exe
-
Size
145KB
-
MD5
bce1059e5e2e3527a20c3dff6ddea438
-
SHA1
8a3ba45bd5f05525b10d548595940996d630d749
-
SHA256
270f1519ff07016c9c9901c2bdc76795865ba7b7c1965643f782a9a9bd0bcbe8
-
SHA512
b067bd3b932a440252f33c0bff82cb9ca671012ffd9c2423b5e685be25c177bd7152b0b7e7f3d0164f51a6cfacdabc0cfc4b24c6d47cb57fa75ade37c81bad41
-
SSDEEP
3072:XVJVOmvyCoMhdFI7PYnPq4DZkqiL4lIa77m1JCML7Gs:l7vvy67FIMP5D+El7gVKs
Malware Config
Signatures
-
Writes to the Master Boot Record (MBR) 1 TTPs 1 IoCs
Bootkits write to the MBR to gain persistence at a level below the operating system.
description ioc Process File opened for modification \??\physicaldrive0 Office.Professional.2010.keygen.by.F4CG.exe -
Suspicious behavior: RenamesItself 1 IoCs
pid Process 2376 Office.Professional.2010.keygen.by.F4CG.exe -
Suspicious use of AdjustPrivilegeToken 1 IoCs
description pid Process Token: SeShutdownPrivilege 2376 Office.Professional.2010.keygen.by.F4CG.exe