Overview
overview
7Static
static
71792EL4.4?...or.exe
windows7-x64
71792EL4.4?...or.exe
windows10-2004-x64
71792EL4.4?...ne.dll
windows7-x64
71792EL4.4?...ne.dll
windows10-2004-x64
71792EL4.4?...ce.dll
windows7-x64
71792EL4.4?...ce.dll
windows10-2004-x64
71792EL4.4?/Update.exe
windows7-x64
11792EL4.4?/Update.exe
windows10-2004-x64
11792EL4.4?/sign.dll
windows7-x64
11792EL4.4?/sign.dll
windows10-2004-x64
11792EL4.4?...pi.dll
windows7-x64
31792EL4.4?...pi.dll
windows10-2004-x64
3Analysis
-
max time kernel
149s -
max time network
151s -
platform
windows10-2004_x64 -
resource
win10v2004-20240508-en -
resource tags
arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system -
submitted
01-07-2024 04:35
Behavioral task
behavioral1
Sample
1792EL4.4?/ElementsEditor.exe
Resource
win7-20240508-en
Behavioral task
behavioral2
Sample
1792EL4.4?/ElementsEditor.exe
Resource
win10v2004-20240611-en
Behavioral task
behavioral3
Sample
1792EL4.4?/ElementsEngine.dll
Resource
win7-20240508-en
Behavioral task
behavioral4
Sample
1792EL4.4?/ElementsEngine.dll
Resource
win10v2004-20240508-en
Behavioral task
behavioral5
Sample
1792EL4.4?/ElementsInterface.dll
Resource
win7-20231129-en
Behavioral task
behavioral6
Sample
1792EL4.4?/ElementsInterface.dll
Resource
win10v2004-20240508-en
Behavioral task
behavioral7
Sample
1792EL4.4?/Update.exe
Resource
win7-20240611-en
Behavioral task
behavioral8
Sample
1792EL4.4?/Update.exe
Resource
win10v2004-20240226-en
Behavioral task
behavioral9
Sample
1792EL4.4?/sign.dll
Resource
win7-20240611-en
Behavioral task
behavioral10
Sample
1792EL4.4?/sign.dll
Resource
win10v2004-20240611-en
Behavioral task
behavioral11
Sample
1792EL4.4?/zlibwapi.dll
Resource
win7-20240611-en
Behavioral task
behavioral12
Sample
1792EL4.4?/zlibwapi.dll
Resource
win10v2004-20240508-en
General
-
Target
1792EL4.4?/ElementsInterface.dll
-
Size
111KB
-
MD5
cd73e6753549f333f966fad7042d041b
-
SHA1
a3fd44f435816d1c1b0d9dfe5070db7d528b2c2f
-
SHA256
a33f0ee4eb05724f792dc9693aa6e10fe760982f72620a6936a9c7e27fa888d2
-
SHA512
241552aab1c693bf9f1d733cead652cb5a785fbd5c8de459600c964fbfc6fc907f2f78bd5e6c66540fe58d13d7dabe6f8808680b1c2d6479b6812ea8ddd6fc8d
-
SSDEEP
1536:RcNuPF53k4pYR3GrRShh8G8nwv0Jz+qMU4JMKmyjLvGNr63OFfDZ1a9LhyVzKPAt:IOYG0fcoEBMvGNrwOpF1YuzKnzuJ
Malware Config
Signatures
-
Processes:
resource yara_rule behavioral6/memory/1768-0-0x0000000074350000-0x0000000074909000-memory.dmp vmprotect behavioral6/memory/1768-1-0x0000000074350000-0x0000000074909000-memory.dmp vmprotect -
Writes to the Master Boot Record (MBR) 1 TTPs 1 IoCs
Bootkits write to the MBR to gain persistence at a level below the operating system.
Processes:
rundll32.exedescription ioc process File opened for modification \??\PhysicalDrive0 rundll32.exe -
Suspicious use of WriteProcessMemory 3 IoCs
Processes:
rundll32.exedescription pid process target process PID 1044 wrote to memory of 1768 1044 rundll32.exe rundll32.exe PID 1044 wrote to memory of 1768 1044 rundll32.exe rundll32.exe PID 1044 wrote to memory of 1768 1044 rundll32.exe rundll32.exe
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\1792EL4.4_\ElementsInterface.dll,#11⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\1792EL4.4_\ElementsInterface.dll,#12⤵
- Writes to the Master Boot Record (MBR)