Extracted

• • Target

    PO - CE AUSTRALIA PTY LTD.ppam

  • Size

    10KB

  • MD5

    7c629522213c57c3b3d66ee8e6c13fed

  • SHA1

    352b55636c67a5cd27a998888df0a137ef5433d8

  • SHA256

    a2e98dd3fa146e70b06e95d0cbbf9a831a04e94572a229e6d554372cb6943c04

  • SHA512

    385fbe8c518741e20daf5a62ac6e772d9d7b813e53e2a02b75f32287711c5ca316e162d24b04f48c1a90d799314f330fdc564a3494a27fa3811c1eb87571563b

  Score

  10^/10

  evasionpersistencetrojan

  • Contains code to disable Windows Defender

    A .NET executable tasked with disabling Windows Defender capabilities such as realtime monitoring, blocking at first seen, etc.

  • Modifies Windows Defender Real-time Protection settings

    evasiontrojan

  • Process spawned unexpected child process

    This typically indicates the parent process was compromised via an exploit or macro.

  • UAC bypass

    evasiontrojan

  • Blocklisted process makes network request

  • Adds Run key to start application

    persistence

  • Checks whether UAC is enabled

    evasiontrojan
  behavioral1