7a2f65c3f55a372f9fbe083a66864af3623b00fd7b547599de91f0be2b92f324

Analysis

max time kernel
140s
max time network
148s
platform
windows10-2004_x64
resource
win10v2004-20250314-en
resource tags

arch:x64arch:x86image:win10v2004-20250314-enlocale:en-usos:windows10-2004-x64system
submitted
28/03/2025, 08:26

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

7a2f65c3f55a372f9fbe083a66864af3623b00fd7b547599de91f0be2b92f324.exe
Size

1.9MB
MD5

c8c87be018e10fba9fa037dbae0eab52
SHA1

5d41fdb86c62cec1c6c0b02a9f5cebaacc3d256c
SHA256

7a2f65c3f55a372f9fbe083a66864af3623b00fd7b547599de91f0be2b92f324
SHA512

09967891e46dc805b0df91449bbcf0a033d6bd44be6fc0833b28ddd335b0e2e1f9d6a87e91814282173c5d14fb745ef1f0940e182072ca5666bee6f309614c1f
SSDEEP

49152:Kkx2YQBy/eMrcYtfv9ceW+FuJ3iWjHrh4FkC3NBTtsl/IG:zcBP8cY7cacJ35jHrh4T3NBqt

Score

7^/10

bootkit discovery persistence upx

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
4592	Bugreport-786526.dll

Loads dropped DLL 1 IoCs

pid	Process
4796	7a2f65c3f55a372f9fbe083a66864af3623b00fd7b547599de91f0be2b92f324.exe

Writes to the Master Boot Record (MBR) 1 TTPs 1 IoCs

Bootkits write to the MBR to gain persistence at a level below the operating system.

bootkit persistence

Bootkit

T1542.003

description	ioc	Process
File opened for modification	\??\PhysicalDrive0	7a2f65c3f55a372f9fbe083a66864af3623b00fd7b547599de91f0be2b92f324.exe

UPX packed file 39 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/4796-0-0x0000000000400000-0x00000000008F8200-memory.dmp	upx
behavioral2/memory/4796-37-0x0000000010000000-0x000000001003F000-memory.dmp	upx
behavioral2/memory/4796-47-0x0000000010000000-0x000000001003F000-memory.dmp	upx
behavioral2/memory/4796-56-0x0000000002CE0000-0x0000000002D52000-memory.dmp	upx
behavioral2/memory/4796-55-0x0000000002CE0000-0x0000000002D52000-memory.dmp	upx
behavioral2/memory/4796-54-0x0000000010000000-0x000000001003F000-memory.dmp	upx
behavioral2/memory/4796-53-0x0000000010000000-0x000000001003F000-memory.dmp	upx
behavioral2/memory/4796-52-0x0000000010000000-0x000000001003F000-memory.dmp	upx
behavioral2/memory/4796-49-0x0000000010000000-0x000000001003F000-memory.dmp	upx
behavioral2/memory/4796-45-0x0000000010000000-0x000000001003F000-memory.dmp	upx
behavioral2/memory/4796-43-0x0000000010000000-0x000000001003F000-memory.dmp	upx
behavioral2/memory/4796-42-0x0000000010000000-0x000000001003F000-memory.dmp	upx
behavioral2/memory/4796-39-0x0000000010000000-0x000000001003F000-memory.dmp	upx
behavioral2/memory/4796-33-0x0000000010000000-0x000000001003F000-memory.dmp	upx
behavioral2/memory/4796-32-0x0000000010000000-0x000000001003F000-memory.dmp	upx
behavioral2/memory/4796-31-0x0000000010000000-0x000000001003F000-memory.dmp	upx
behavioral2/memory/4796-28-0x0000000010000000-0x000000001003F000-memory.dmp	upx
behavioral2/memory/4796-26-0x0000000010000000-0x000000001003F000-memory.dmp	upx
behavioral2/memory/4796-24-0x0000000010000000-0x000000001003F000-memory.dmp	upx
behavioral2/memory/4796-22-0x0000000010000000-0x000000001003F000-memory.dmp	upx
behavioral2/memory/4796-20-0x0000000010000000-0x000000001003F000-memory.dmp	upx
behavioral2/memory/4796-18-0x0000000010000000-0x000000001003F000-memory.dmp	upx
behavioral2/memory/4796-16-0x0000000010000000-0x000000001003F000-memory.dmp	upx
behavioral2/memory/4796-12-0x0000000010000000-0x000000001003F000-memory.dmp	upx
behavioral2/memory/4796-10-0x0000000010000000-0x000000001003F000-memory.dmp	upx
behavioral2/memory/4796-8-0x0000000010000000-0x000000001003F000-memory.dmp	upx
behavioral2/memory/4796-7-0x0000000010000000-0x000000001003F000-memory.dmp	upx
behavioral2/memory/4796-6-0x0000000010000000-0x000000001003F000-memory.dmp	upx
behavioral2/memory/4796-14-0x0000000010000000-0x000000001003F000-memory.dmp	upx
behavioral2/memory/4796-59-0x0000000000400000-0x00000000008F8200-memory.dmp	upx
behavioral2/memory/4796-61-0x0000000002CE0000-0x0000000002D52000-memory.dmp	upx
behavioral2/memory/4796-62-0x0000000000400000-0x00000000008F8200-memory.dmp	upx
behavioral2/memory/4796-63-0x0000000000400000-0x00000000008F8200-memory.dmp	upx
behavioral2/files/0x0007000000024157-70.dat	upx
behavioral2/memory/4592-71-0x0000000000400000-0x0000000000442200-memory.dmp	upx
behavioral2/memory/4592-90-0x0000000000400000-0x0000000000442200-memory.dmp	upx
behavioral2/memory/4796-417-0x0000000000400000-0x00000000008F8200-memory.dmp	upx
behavioral2/memory/4796-981-0x0000000000400000-0x00000000008F8200-memory.dmp	upx
behavioral2/memory/4796-1020-0x0000000000400000-0x00000000008F8200-memory.dmp	upx

System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Bugreport-786526.dll
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	7a2f65c3f55a372f9fbe083a66864af3623b00fd7b547599de91f0be2b92f324.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
4796	7a2f65c3f55a372f9fbe083a66864af3623b00fd7b547599de91f0be2b92f324.exe
4796	7a2f65c3f55a372f9fbe083a66864af3623b00fd7b547599de91f0be2b92f324.exe
4796	7a2f65c3f55a372f9fbe083a66864af3623b00fd7b547599de91f0be2b92f324.exe
4796	7a2f65c3f55a372f9fbe083a66864af3623b00fd7b547599de91f0be2b92f324.exe

Suspicious use of SetWindowsHookEx 7 IoCs

pid	Process
4796	7a2f65c3f55a372f9fbe083a66864af3623b00fd7b547599de91f0be2b92f324.exe
4796	7a2f65c3f55a372f9fbe083a66864af3623b00fd7b547599de91f0be2b92f324.exe
4796	7a2f65c3f55a372f9fbe083a66864af3623b00fd7b547599de91f0be2b92f324.exe
4796	7a2f65c3f55a372f9fbe083a66864af3623b00fd7b547599de91f0be2b92f324.exe
4796	7a2f65c3f55a372f9fbe083a66864af3623b00fd7b547599de91f0be2b92f324.exe
4796	7a2f65c3f55a372f9fbe083a66864af3623b00fd7b547599de91f0be2b92f324.exe
4592	Bugreport-786526.dll

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4796 wrote to memory of 4592	4796	7a2f65c3f55a372f9fbe083a66864af3623b00fd7b547599de91f0be2b92f324.exe	100
PID 4796 wrote to memory of 4592	4796	7a2f65c3f55a372f9fbe083a66864af3623b00fd7b547599de91f0be2b92f324.exe	100
PID 4796 wrote to memory of 4592	4796	7a2f65c3f55a372f9fbe083a66864af3623b00fd7b547599de91f0be2b92f324.exe	100

C:\Users\Admin\AppData\Local\Temp\7a2f65c3f55a372f9fbe083a66864af3623b00fd7b547599de91f0be2b92f324.exe
"C:\Users\Admin\AppData\Local\Temp\7a2f65c3f55a372f9fbe083a66864af3623b00fd7b547599de91f0be2b92f324.exe"
1⤵
- Loads dropped DLL
- Writes to the Master Boot Record (MBR)
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:4796
- C:\Users\Admin\AppData\Local\Temp\data\Bugreport-786526.dll
  C:\Users\Admin\AppData\Local\Temp\data\Bugreport-786526.dll Bugreport %E9%AA%A8%E5%A4%B4QQ%E9%99%8C%E7%94%9F%E7%A9%BA%E9%97%B4%E7%95%99%E7%97%95%E8%B5%9E%20
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  - Suspicious use of SetWindowsHookEx
  PID:4592

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Pre-OS Boot

T1542

Bootkit

T1542.003

Privilege Escalation

Defense Evasion

Pre-OS Boot

T1542

Bootkit

T1542.003

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\data\Bugreport-786526.dll

Filesize
82KB

MD5
521da7e0c0efb467eed9d99ea499310d

SHA1
b2e3901df82918045d0640a7962e151235a4b442

SHA256
2a8649e8bbf92d680ad51937f0347b7d7ff26a4664562f85a838532c68617b6d

SHA512
2f037744c3e0a78012914cad36eb5a8804e076cfd9fb686993a69280d6a3b18a88afac0d137ac225e5883b187d99abc89cfb7a0fbf8cba20b18911f6ede0a1c9

Download Submit
C:\Users\Admin\AppData\Local\Temp\data\Bugreport.ini

Filesize
113B

MD5
9ea078f7e35192a3bde51ac8014b12a9

SHA1
ad318eb9aa11978c5fa13867b2712267784fcc78

SHA256
c8bc28f025a53f3c842f81bab860e0a3e2d34f52e040d1a5fde6212d8b5b9e89

SHA512
08bde458a8653d0bed728800b7184f5cc0142ea9d59c800268be77806b2a76799fba25949d8a56b2efeac34c28292d4cd99f540b66af2d07be6cde749154c343

Download Submit
C:\Users\Admin\AppData\Local\Temp\data\Bugreport_error.ini

Filesize
89B

MD5
20a9525d71c12c9deae2eced6f98ca37

SHA1
1636e65d7a1bc280e1ed3018a4136bd232d1a5de

SHA256
a01fe9c9b390f611de518c8b69cb0f4f9be8d84d94fc22bd5d5a92a3106ac2f7

SHA512
09bc8f7efc2633a9df811a7408ad7cdef0f3af528f7559905f7d96573a96036b9f1d96ffa8e3a7401bcdad88eb6122d6e146dd1b915f050d49c7b8ee595dde34

Download Submit
C:\Users\Admin\AppData\Local\Temp\data\ÕËºÅÁÐ±í.PLFX

Filesize
548B

MD5
a062fd1b1e8c56f495ccc592c98638f9

SHA1
7a56c4ac63049c499b4db97e6ff60a7bd5004b26

SHA256
e007fb28bff708efe31a7157dd79d0a12b01778df5c39774a0432d54569d1a60

SHA512
7f16f5aae67cbb37e51641729d1b73b8e42482d4962303b735dfe8a47b79d32c8ed262373fc4a7af9be78010fd72c50601f7e6186cfa018230b7832c96a79343

Download Submit
C:\Users\Admin\AppData\Local\Temp\iext1.fnr.bbs.125.la

Filesize
724KB

MD5
a96fbd5e66b31f3d816ad80f623e9bd9

SHA1
4eda42260bd3eb930cd4eafd7d15c6af367bcf18

SHA256
2e67ba278646fde95bb614dcbcc7da1c6bf7976c918b2c6ad3d78640000326f3

SHA512
43921107313775ea14b1bd33cf758c13798f4fa1c1074771c1c96b1b43b98f3416d249ed8ab3171383772d0054829c3754a91b5e94135f1df6d67a76f599c80e

Download Submit
memory/4592-90-0x0000000000400000-0x0000000000442200-memory.dmp

Filesize
264KB

Download
memory/4592-71-0x0000000000400000-0x0000000000442200-memory.dmp

Filesize
264KB

Download
memory/4796-18-0x0000000010000000-0x000000001003F000-memory.dmp

Filesize
252KB

Download
memory/4796-8-0x0000000010000000-0x000000001003F000-memory.dmp

Filesize
252KB

Download
memory/4796-49-0x0000000010000000-0x000000001003F000-memory.dmp

Filesize
252KB

Download
memory/4796-45-0x0000000010000000-0x000000001003F000-memory.dmp

Filesize
252KB

Download
memory/4796-43-0x0000000010000000-0x000000001003F000-memory.dmp

Filesize
252KB

Download
memory/4796-42-0x0000000010000000-0x000000001003F000-memory.dmp

Filesize
252KB

Download
memory/4796-39-0x0000000010000000-0x000000001003F000-memory.dmp

Filesize
252KB

Download
memory/4796-33-0x0000000010000000-0x000000001003F000-memory.dmp

Filesize
252KB

Download
memory/4796-32-0x0000000010000000-0x000000001003F000-memory.dmp

Filesize
252KB

Download
memory/4796-31-0x0000000010000000-0x000000001003F000-memory.dmp

Filesize
252KB

Download
memory/4796-28-0x0000000010000000-0x000000001003F000-memory.dmp

Filesize
252KB

Download
memory/4796-26-0x0000000010000000-0x000000001003F000-memory.dmp

Filesize
252KB

Download
memory/4796-24-0x0000000010000000-0x000000001003F000-memory.dmp

Filesize
252KB

Download
memory/4796-22-0x0000000010000000-0x000000001003F000-memory.dmp

Filesize
252KB

Download
memory/4796-20-0x0000000010000000-0x000000001003F000-memory.dmp

Filesize
252KB

Download
memory/4796-0-0x0000000000400000-0x00000000008F8200-memory.dmp

Filesize
5.0MB

Download
memory/4796-16-0x0000000010000000-0x000000001003F000-memory.dmp

Filesize
252KB

Download
memory/4796-12-0x0000000010000000-0x000000001003F000-memory.dmp

Filesize
252KB

Download
memory/4796-10-0x0000000010000000-0x000000001003F000-memory.dmp

Filesize
252KB

Download
memory/4796-52-0x0000000010000000-0x000000001003F000-memory.dmp

Filesize
252KB

Download
memory/4796-7-0x0000000010000000-0x000000001003F000-memory.dmp

Filesize
252KB

Download
memory/4796-6-0x0000000010000000-0x000000001003F000-memory.dmp

Filesize
252KB

Download
memory/4796-14-0x0000000010000000-0x000000001003F000-memory.dmp

Filesize
252KB

Download
memory/4796-59-0x0000000000400000-0x00000000008F8200-memory.dmp

Filesize
5.0MB

Download
memory/4796-61-0x0000000002CE0000-0x0000000002D52000-memory.dmp

Filesize
456KB

Download
memory/4796-62-0x0000000000400000-0x00000000008F8200-memory.dmp

Filesize
5.0MB

Download
memory/4796-63-0x0000000000400000-0x00000000008F8200-memory.dmp

Filesize
5.0MB

Download
memory/4796-53-0x0000000010000000-0x000000001003F000-memory.dmp

Filesize
252KB

Download
memory/4796-54-0x0000000010000000-0x000000001003F000-memory.dmp

Filesize
252KB

Download
memory/4796-55-0x0000000002CE0000-0x0000000002D52000-memory.dmp

Filesize
456KB

Download
memory/4796-56-0x0000000002CE0000-0x0000000002D52000-memory.dmp

Filesize
456KB

Download
memory/4796-47-0x0000000010000000-0x000000001003F000-memory.dmp

Filesize
252KB

Download
memory/4796-91-0x0000000002A20000-0x0000000002A21000-memory.dmp

Filesize
4KB

Download
memory/4796-37-0x0000000010000000-0x000000001003F000-memory.dmp

Filesize
252KB

Download
memory/4796-417-0x0000000000400000-0x00000000008F8200-memory.dmp

Filesize
5.0MB

Download
memory/4796-981-0x0000000000400000-0x00000000008F8200-memory.dmp

Filesize
5.0MB

Download
memory/4796-1020-0x0000000000400000-0x00000000008F8200-memory.dmp

Filesize
5.0MB

Download