Analysis

  • max time kernel
    140s
  • max time network
    119s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    17/10/2024, 02:06

General

  • Target

    Ad Muncher/AdMunch.exe

  • Size

    429KB

  • MD5

    2703937e1666d1e244709899b31ccbfd

  • SHA1

    ced69bf3355d6d71011668271947ad05ac9c4eed

  • SHA256

    7b46463a72d606fc53c4307527434bbc11e7261f51ef92d88469dc02d7f0254c

  • SHA512

    ed6d554afa026f29beb123416e8da7d8c90f589d6f6c8635e09e68e6014cc1f87ca8a6a56dc5d78e79abd06dc8302191380804f41535adf9e563778a02e167f3

  • SSDEEP

    12288:u5c8pof9ZVV5E2XdUQoiIeRXAuHmSFmaBQYHw:G+PVhdo4Rx1QOw

Malware Config

Signatures

  • Writes to the Master Boot Record (MBR) 1 TTPs 1 IoCs

    Bootkits write to the MBR to gain persistence at a level below the operating system.

  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

Processes

  • C:\Users\Admin\AppData\Local\Temp\Ad Muncher\AdMunch.exe
    "C:\Users\Admin\AppData\Local\Temp\Ad Muncher\AdMunch.exe"
    1⤵
    • Writes to the Master Boot Record (MBR)
    • System Location Discovery: System Language Discovery
    PID:2052

Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • memory/2052-5-0x0000000000890000-0x00000000008D1000-memory.dmp

          Filesize

          260KB

        • memory/2052-3-0x0000000000400000-0x00000000008015C0-memory.dmp

          Filesize

          4.0MB

        • memory/2052-6-0x0000000002060000-0x00000000020A3000-memory.dmp

          Filesize

          268KB

        • memory/2052-1-0x0000000000400000-0x00000000008015C0-memory.dmp

          Filesize

          4.0MB

        • memory/2052-8-0x00000000001C0000-0x00000000001C1000-memory.dmp

          Filesize

          4KB

        • memory/2052-11-0x0000000002480000-0x0000000002481000-memory.dmp

          Filesize

          4KB

        • memory/2052-13-0x0000000000250000-0x0000000000251000-memory.dmp

          Filesize

          4KB

        • memory/2052-12-0x00000000003D0000-0x00000000003D1000-memory.dmp

          Filesize

          4KB

        • memory/2052-10-0x0000000002490000-0x0000000002491000-memory.dmp

          Filesize

          4KB

        • memory/2052-9-0x00000000024A0000-0x00000000024A1000-memory.dmp

          Filesize

          4KB

        • memory/2052-7-0x00000000024D0000-0x00000000024D1000-memory.dmp

          Filesize

          4KB

        • memory/2052-14-0x00000000024B0000-0x00000000024B1000-memory.dmp

          Filesize

          4KB

        • memory/2052-16-0x0000000002530000-0x0000000002532000-memory.dmp

          Filesize

          8KB

        • memory/2052-17-0x00000000024F0000-0x00000000024F1000-memory.dmp

          Filesize

          4KB

        • memory/2052-15-0x0000000002050000-0x0000000002051000-memory.dmp

          Filesize

          4KB

        • memory/2052-18-0x0000000000400000-0x00000000008015C0-memory.dmp

          Filesize

          4.0MB

        • memory/2052-27-0x00000000024E0000-0x00000000024E1000-memory.dmp

          Filesize

          4KB

        • memory/2052-19-0x0000000000400000-0x00000000008015C0-memory.dmp

          Filesize

          4.0MB

        • memory/2052-28-0x0000000000890000-0x00000000008D1000-memory.dmp

          Filesize

          260KB

        • memory/2052-26-0x0000000002570000-0x0000000002571000-memory.dmp

          Filesize

          4KB

        • memory/2052-25-0x0000000002510000-0x0000000002511000-memory.dmp

          Filesize

          4KB

        • memory/2052-24-0x0000000002500000-0x0000000002501000-memory.dmp

          Filesize

          4KB

        • memory/2052-23-0x0000000002550000-0x0000000002551000-memory.dmp

          Filesize

          4KB

        • memory/2052-22-0x0000000002560000-0x0000000002561000-memory.dmp

          Filesize

          4KB

        • memory/2052-21-0x0000000002540000-0x0000000002541000-memory.dmp

          Filesize

          4KB

        • memory/2052-20-0x0000000000400000-0x00000000008015C0-memory.dmp

          Filesize

          4.0MB

        • memory/2052-29-0x0000000002060000-0x00000000020A3000-memory.dmp

          Filesize

          268KB

        • memory/2052-30-0x0000000002540000-0x0000000002541000-memory.dmp

          Filesize

          4KB

        • memory/2052-32-0x0000000002550000-0x0000000002551000-memory.dmp

          Filesize

          4KB

        • memory/2052-31-0x0000000002560000-0x0000000002561000-memory.dmp

          Filesize

          4KB

        • memory/2052-37-0x00000000024E0000-0x00000000024E1000-memory.dmp

          Filesize

          4KB

        • memory/2052-36-0x0000000002570000-0x0000000002571000-memory.dmp

          Filesize

          4KB

        • memory/2052-35-0x0000000002510000-0x0000000002511000-memory.dmp

          Filesize

          4KB

        • memory/2052-34-0x0000000002500000-0x0000000002501000-memory.dmp

          Filesize

          4KB

        • memory/2052-33-0x0000000000400000-0x00000000008015C0-memory.dmp

          Filesize

          4.0MB