dd3edd0a584fff1f7eadd86f868eeda95f05138caf70c5ba8d807af2f8390887

Tags

Signatures

• Grants admin privileges

  Description

  Uses net.exe to modify the user's privileges.

  TTPs

  Account Manipulation

• Modifies RDP port number used by Windows

  TTPs

  Remote Desktop Protocol

• Possible privilege escalation attempt

  Tags

  exploit

• Sets DLL path for service in the registry

  Tags

  persistence

  TTPs

  Registry Run Keys / Startup FolderModify Registry

• UPX packed file

  Description

  Detects executables packed with UPX/modified UPX open source packer.

  Tags

  upx

• Checks computer location settings

  Description

  Looks up country code configured in the registry, likely geofence.

  TTPs

  Query RegistrySystem Information Discovery

• Deletes itself

• Loads dropped DLL

• Modifies file permissions

  Tags

  discovery

  TTPs

  File Permissions Modification

• Drops file in System32 directory

Related Tasks