82346af1d5ad5c260c4e46f9fac4e3f01430c30b5b454c0b840e80590569ae99 | Triage

Sharing

General

Target

updatewin1.zip
Size

144KB
Sample

210405-8s6lsp6qcx
MD5

46c141f9dc926a7e7bef1e09169fcfd6
SHA1

56907da0f4a860e3e31b894f45df2b70a6645576
SHA256

82346af1d5ad5c260c4e46f9fac4e3f01430c30b5b454c0b840e80590569ae99
SHA512

6bc6e79d6f77bf463dde0443533c0a8f927360afaa329e5a01af61a54bcaefbb0394433a828cb3fa8a879c3a50b70c25ca28e4d04297a7a9fb0802a3f07100f7

Score

10^/10

evasion

Malware Config

Targets

- Target
  
  updatewin1.exe
- Size
  
  272KB
- MD5
  
  5b4bd24d6240f467bfbc74803c9f15b0
- SHA1
  
  c17f98c182d299845c54069872e8137645768a1a
- SHA256
  
  14c7bec7369d4175c6d92554b033862b3847ff98a04dfebdf9f5bb30180ed13e
- SHA512
  
  a896acc38a6ff9641b0803f0598369c0d4fa8e38da28c1653c57948fe5e3274880d1b2e7959cd1b1da43375a1318b3ba72e13240bf40b27c852ee72bbb16cadc
Score

10^/10

evasion
- Deletes Windows Defender Definitions
  Uses mpcmdrun utility to delete all AV definitions.
  evasion
- Disables Task Manager via registry modification
  evasion
- Deletes itself
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Command-Line Interface

Persistence

Privilege Escalation

Defense Evasion

Impair Defenses

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2