Overview

overview

10

Static

static

3

Bolt-Check....5.zip

windows10-2004-x64

1

Bolt-Checker.exe

windows10-2004-x64

10

config\config.yml

windows10-2004-x64

3

drivefsext.exe

windows10-2004-x64

3

lib.exe

windows10-2004-x64

7

boltchecker.pyc

windows10-2004-x64

3

libexec.exe

windows10-2004-x64

3

skins_database.txt

windows10-2004-x64

1

version.txt

windows10-2004-x64

1

Analysis

  • max time kernel
    457s
  • max time network
    440s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20250129-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20250129-enlocale:en-usos:windows10-2004-x64system
  • submitted
    31-01-2025 18:12

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    boltchecker.pyc

  • Size

    240KB

  • MD5

    af467bcd220b1857397beef6ae9e3e50

  • SHA1

    ebf00134845891f30269ffefc6e0a6bd7a440025

  • SHA256

    22c0658ad48ddedff6f0a242585a8f504430e97c4bf3ffc6306c402f99ed1c5c

  • SHA512

    ee193313864341f7ea5b7067fb1934a16c9c34797658886ac66892be267626a6e10c5a1ddee4595b6850b3a45ef01ecb155df54dcf560804a681b72e6f004a5e

  • SSDEEP

    3072:Fv7zPnzHahF4cpSlTLbd/10w0QeXBBC0LhUWaqDIV:Fv7DMVucxQeXBBC0LhUWaqDk

Score
3/10

Malware Config

Signatures

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies registry class 2 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs

Processes

  • C:\Windows\system32\cmd.exe
    cmd /c C:\Users\Admin\AppData\Local\Temp\boltchecker.pyc
    1⤵
    • Modifies registry class
    PID:3564
  • C:\Windows\system32\OpenWith.exe
    C:\Windows\system32\OpenWith.exe -Embedding
    1⤵
    • Modifies registry class
    • Suspicious use of SetWindowsHookEx
    PID:4328

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads