6c5d35897b2b9ededd483332961d22dd30da89d988ff734078e16e581b2aa650

Analysis

max time kernel
147s
max time network
153s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
29-06-2024 20:26

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

6c5d35897b2b9ededd483332961d22dd30da89d988ff734078e16e581b2aa650.exe
Size

1021KB
MD5

24838071fa3082dcc1f9379e6bf8cb78
SHA1

d30a859c10b7c6a7809d87396e594ea359f8d806
SHA256

6c5d35897b2b9ededd483332961d22dd30da89d988ff734078e16e581b2aa650
SHA512

1e28f96e2c516a1055bfd6663242571f6c3ed818b48b042aa44ffba5da36c1cfe9aeb350d4886b1e39c39860ba9dff1facaaf6e2233e2bb41569a05a88498c9d
SSDEEP

24576:eJ8/AZcOW8aPtZRVlZ2pnkuoYKqsjut+CybU8w+9w/V1cggnqd9:eJcOvMtZ3uOHYKXu50w+9knQnqd9

Score

6^/10

bootkit discovery persistence

Malware Config

Signatures

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012
Writes to the Master Boot Record (MBR) 1 TTPs 1 IoCs
Bootkits write to the MBR to gain persistence at a level below the operating system.
bootkit persistence

Bootkit
T1542.003

Processes:

6c5d35897b2b9ededd483332961d22dd30da89d988ff734078e16e581b2aa650.exe

description ioc process

File opened for modification \??\PhysicalDrive0 6c5d35897b2b9ededd483332961d22dd30da89d988ff734078e16e581b2aa650.exe
Suspicious behavior: EnumeratesProcesses 2 IoCs

Processes:

6c5d35897b2b9ededd483332961d22dd30da89d988ff734078e16e581b2aa650.exe

pid process

3756 6c5d35897b2b9ededd483332961d22dd30da89d988ff734078e16e581b2aa650.exe
3756 6c5d35897b2b9ededd483332961d22dd30da89d988ff734078e16e581b2aa650.exe

description	ioc	process
File opened for modification	\??\PhysicalDrive0	6c5d35897b2b9ededd483332961d22dd30da89d988ff734078e16e581b2aa650.exe

pid	process
3756	6c5d35897b2b9ededd483332961d22dd30da89d988ff734078e16e581b2aa650.exe
3756	6c5d35897b2b9ededd483332961d22dd30da89d988ff734078e16e581b2aa650.exe

C:\Users\Admin\AppData\Local\Temp\6c5d35897b2b9ededd483332961d22dd30da89d988ff734078e16e581b2aa650.exe
"C:\Users\Admin\AppData\Local\Temp\6c5d35897b2b9ededd483332961d22dd30da89d988ff734078e16e581b2aa650.exe"
1⤵
- Writes to the Master Boot Record (MBR)
- Suspicious behavior: EnumeratesProcesses
PID:3756

Network

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Pre-OS Boot

T1542

Bootkit

T1542.003

Privilege Escalation

Defense Evasion

Pre-OS Boot

T1542

Bootkit

T1542.003

Credential Access

Discovery

Query Registry

T1012

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Replay Monitor

Loading Replay Monitor...

Downloads

memory/3756-0-0x0000000000400000-0x00000000006A4000-memory.dmp

Filesize
2.6MB

Download
memory/3756-2-0x0000000000400000-0x00000000006A4000-memory.dmp

Filesize
2.6MB

Download
memory/3756-3-0x0000000000400000-0x00000000006A4000-memory.dmp

Filesize
2.6MB

Download
memory/3756-5-0x0000000000400000-0x00000000006A4000-memory.dmp

Filesize
2.6MB

Download