3222fcdb60ac187e0f302064e159211e6ed17d8b98d8a9afd2dccd59e6fc6864 | Triage

Sharing

General

Target

updatewin1.zip
Size

144KB
Sample

210613-tt89pkdjws
MD5

b47f3d6283db7d7cbc136044109af89e
SHA1

6c3d8a07bd14b6bb9415cd3d967456afbd592284
SHA256

3222fcdb60ac187e0f302064e159211e6ed17d8b98d8a9afd2dccd59e6fc6864
SHA512

0fff10616eab0891b3418583f17ba8a2d03823cdbea61f2d20f181c8d8974580ca160bacf9c0ed297bcd2bc8eeed7f55b80b77cdfe46a5e7c1af13a1a93f0f22

Score

10^/10

evasion

Malware Config

Targets

- Target
  
  updatewin1.exe
- Size
  
  272KB
- MD5
  
  5b4bd24d6240f467bfbc74803c9f15b0
- SHA1
  
  c17f98c182d299845c54069872e8137645768a1a
- SHA256
  
  14c7bec7369d4175c6d92554b033862b3847ff98a04dfebdf9f5bb30180ed13e
- SHA512
  
  a896acc38a6ff9641b0803f0598369c0d4fa8e38da28c1653c57948fe5e3274880d1b2e7959cd1b1da43375a1318b3ba72e13240bf40b27c852ee72bbb16cadc
Score

10^/10

evasion
- Deletes Windows Defender Definitions
  Uses mpcmdrun utility to delete all AV definitions.
  evasion
- Disables Task Manager via registry modification
  evasion
- Deletes itself
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Command-Line Interface

Persistence

Privilege Escalation

Defense Evasion

Impair Defenses

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2