Overview
overview
7Static
static
71792EL4.4?...or.exe
windows7-x64
71792EL4.4?...or.exe
windows10-2004-x64
71792EL4.4?...ne.dll
windows7-x64
71792EL4.4?...ne.dll
windows10-2004-x64
71792EL4.4?...ce.dll
windows7-x64
71792EL4.4?...ce.dll
windows10-2004-x64
71792EL4.4?/Update.exe
windows7-x64
11792EL4.4?/Update.exe
windows10-2004-x64
11792EL4.4?/sign.dll
windows7-x64
11792EL4.4?/sign.dll
windows10-2004-x64
11792EL4.4?...pi.dll
windows7-x64
31792EL4.4?...pi.dll
windows10-2004-x64
3Analysis
-
max time kernel
41s -
max time network
53s -
platform
windows10-2004_x64 -
resource
win10v2004-20240508-en -
resource tags
arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system -
submitted
01-07-2024 04:35
Behavioral task
behavioral1
Sample
1792EL4.4?/ElementsEditor.exe
Resource
win7-20240508-en
Behavioral task
behavioral2
Sample
1792EL4.4?/ElementsEditor.exe
Resource
win10v2004-20240611-en
Behavioral task
behavioral3
Sample
1792EL4.4?/ElementsEngine.dll
Resource
win7-20240508-en
Behavioral task
behavioral4
Sample
1792EL4.4?/ElementsEngine.dll
Resource
win10v2004-20240508-en
Behavioral task
behavioral5
Sample
1792EL4.4?/ElementsInterface.dll
Resource
win7-20231129-en
Behavioral task
behavioral6
Sample
1792EL4.4?/ElementsInterface.dll
Resource
win10v2004-20240508-en
Behavioral task
behavioral7
Sample
1792EL4.4?/Update.exe
Resource
win7-20240611-en
Behavioral task
behavioral8
Sample
1792EL4.4?/Update.exe
Resource
win10v2004-20240226-en
Behavioral task
behavioral9
Sample
1792EL4.4?/sign.dll
Resource
win7-20240611-en
Behavioral task
behavioral10
Sample
1792EL4.4?/sign.dll
Resource
win10v2004-20240611-en
Behavioral task
behavioral11
Sample
1792EL4.4?/zlibwapi.dll
Resource
win7-20240611-en
Behavioral task
behavioral12
Sample
1792EL4.4?/zlibwapi.dll
Resource
win10v2004-20240508-en
General
-
Target
1792EL4.4?/ElementsEngine.dll
-
Size
3.0MB
-
MD5
9983eef61740b311b2383b869a308b09
-
SHA1
bfe16190c6bbffcd7f154b0fc34878b3c3282654
-
SHA256
2916246e84289df1dc43d9b38a06bc6bb3e16ff6043ab79fa6b152ff979e503a
-
SHA512
4dd586edce7c47a52be5779132c3afe56d637a5e07c9f8c3cbf2ff41c770129a334d9cd58a06d5a82d6a7bee3118d13aa60c36d8101b3221f6eec38aeb47f18c
-
SSDEEP
49152:4yetB97Xw8Fq/taUpZ338lmtSr+cKwjNdtJNVe7Y1g:8M8FmxZSAGbTV
Malware Config
Signatures
-
Processes:
resource yara_rule behavioral4/memory/4612-0-0x0000000074FD0000-0x0000000075589000-memory.dmp vmprotect behavioral4/memory/4612-1-0x0000000074FD0000-0x0000000075589000-memory.dmp vmprotect -
Writes to the Master Boot Record (MBR) 1 TTPs 1 IoCs
Bootkits write to the MBR to gain persistence at a level below the operating system.
Processes:
rundll32.exedescription ioc process File opened for modification \??\PhysicalDrive0 rundll32.exe -
Suspicious use of WriteProcessMemory 3 IoCs
Processes:
rundll32.exedescription pid process target process PID 1704 wrote to memory of 4612 1704 rundll32.exe rundll32.exe PID 1704 wrote to memory of 4612 1704 rundll32.exe rundll32.exe PID 1704 wrote to memory of 4612 1704 rundll32.exe rundll32.exe
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\1792EL4.4_\ElementsEngine.dll,#11⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\1792EL4.4_\ElementsEngine.dll,#12⤵
- Writes to the Master Boot Record (MBR)