b308979b80ff6586c755a2e72fb988819ae4b50fb021ab0d1f27b0c6899d2bc1 | Triage

Submit
Reports

Overview

overview

9

Static

static

3

pcoptimizer.exe

windows11-21h2-x64

Sharing

General

Target

pcoptimizer.exe
Size

212KB
Sample

240701-cvfnxatblh
MD5

eeaef69144b4ff2e3fb398bb0c880dbe
SHA1

69c4958b752e615f829cb50846a651b996ec9b9d
SHA256

b308979b80ff6586c755a2e72fb988819ae4b50fb021ab0d1f27b0c6899d2bc1
SHA512

5a5ec302a4f379244e757967c759a988844e35be2edfe19c705641ca3bbaa48d1b948c58046d51fe95a927cbc89539bef583549807bd04a6a4381ebf3d1fb0f9
SSDEEP

6144:at5hBPi0BW69hd1MMdxPe9N9uA069TBZlU25hFDaXb0:atzww69T7q25zDP

Score

9^/10

bootkit defense_evasion discovery evasion exploit persistence ransomware

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

pcoptimizer.exe

Resource

win11-20240508-en

bootkit defense_evasion discovery evasion exploit persistence ransomware

windows11-21h2-x64

13 signatures

150 seconds

Malware Config

Targets

- Target
  
  pcoptimizer.exe
- Size
  
  212KB
- MD5
  
  eeaef69144b4ff2e3fb398bb0c880dbe
- SHA1
  
  69c4958b752e615f829cb50846a651b996ec9b9d
- SHA256
  
  b308979b80ff6586c755a2e72fb988819ae4b50fb021ab0d1f27b0c6899d2bc1
- SHA512
  
  5a5ec302a4f379244e757967c759a988844e35be2edfe19c705641ca3bbaa48d1b948c58046d51fe95a927cbc89539bef583549807bd04a6a4381ebf3d1fb0f9
- SSDEEP
  
  6144:at5hBPi0BW69hd1MMdxPe9N9uA069TBZlU25hFDaXb0:atzww69T7q25zDP
Score

9^/10

bootkit defense_evasion discovery evasion exploit persistence ransomware
- Modifies boot configuration data using bcdedit
  ransomware evasion
- Possible privilege escalation attempt
  exploit
- Sets file to hidden
  Modifies file attributes to stop it showing in Explorer etc.
  evasion
- Executes dropped EXE
- Modifies file permissions
  discovery
- File and Directory Permissions Modification: Windows File and Directory Permissions Modification
  defense_evasion
- Writes to the Master Boot Record (MBR)
  Bootkits write to the MBR to gain persistence at a level below the operating system.
  bootkit persistence
- Drops file in System32 directory
behavioral1

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Pre-OS Boot

Bootkit

Privilege Escalation

Defense Evasion

Hide Artifacts

Hidden Files and Directories

File and Directory Permissions Modification

Windows File and Directory Permissions Modification

Pre-OS Boot

Bootkit

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Inhibit System Recovery

Resource Development

Reconnaissance

Tasks

static1

behavioral1

bootkitdefense_evasiondiscoveryevasionexploitpersistenceransomware

© 2018-2024

Terms | Privacy