3c157c5b7547905869057bbf7fc5ff054e879dfbd147b6a9d82382180100f74c

Sharing

Copy URL

Twitter E-mail

General

Target

Windows10Debloater-master.zip
Size

43KB
Sample

220924-y1zjvsbhe2
MD5

4d53bc43c2281f519dc84364fc02d962
SHA1

8f0cf61d9f9acd1e55d89e50228977d811d3e165
SHA256

3c157c5b7547905869057bbf7fc5ff054e879dfbd147b6a9d82382180100f74c
SHA512

efb3bd8e36e1af4eb22e55be4d88e8b23559211fa78dfe9ce5c38134f8e5e6f4040d9ee83de43a77a071bf52c465e58cdf6d15ea2a80f4979eb0affdf73795f9
SSDEEP

768:OZOVVcmdH4hoEdpjf7MPR7YtPi1IhCGhvyWg3A/pXJshU4e9YGbMO4uai3k48IyS:OZObc6H4mEdpjf74RWPi1gHhvfg3A/pJ

Score

10^/10

persistence

Malware Config

Targets

- Target
  
  Windows10Debloater-master.zip
- Size
  
  43KB
- MD5
  
  4d53bc43c2281f519dc84364fc02d962
- SHA1
  
  8f0cf61d9f9acd1e55d89e50228977d811d3e165
- SHA256
  
  3c157c5b7547905869057bbf7fc5ff054e879dfbd147b6a9d82382180100f74c
- SHA512
  
  efb3bd8e36e1af4eb22e55be4d88e8b23559211fa78dfe9ce5c38134f8e5e6f4040d9ee83de43a77a071bf52c465e58cdf6d15ea2a80f4979eb0affdf73795f9
- SSDEEP
  
  768:OZOVVcmdH4hoEdpjf7MPR7YtPi1IhCGhvyWg3A/pXJshU4e9YGbMO4uai3k48IyS:OZObc6H4mEdpjf74RWPi1gHhvfg3A/pJ
Score

1^/10
behavioral1 behavioral2
- Target
  
  Windows10Debloater-master/Individual Scripts/Clear Last Used Files and Folders.ps1
- Size
  
  180B
- MD5
  
  5dbcb1c9b5458046db9899e080a0957c
- SHA1
  
  bf211f4d34254e05c0cb0349ad4ef45f27028359
- SHA256
  
  9d148276e7bbedfd397315815f48425d01280f13db5f3c17ca0b1c0f90d12f79
- SHA512
  
  f75f12c46b49b68e5f0b9f31d719d29d09966f50f44a98f27c1263914590ea6af2b0f749da52107f10aacbc4c478e2c6ffbfa51887649bb035bb5797821e3429
Score

1^/10
behavioral3 behavioral4
- Target
  
  Windows10Debloater-master/Individual Scripts/Debloat Windows
- Size
  
  3KB
- MD5
  
  fe027363edd3aa71c6a4ae0ecb7ceaae
- SHA1
  
  2061b9af054ca1f1903797b270439db656d54dff
- SHA256
  
  2152bdd73176e7152a02b79170fe193e0f036b91373f8781937df67247561de0
- SHA512
  
  180d0305529edfbe8b18f1627ba3a1212605c703cdd574dfb7dde020209a0fd049effa873aaa9912526501a66ae2fee5d5c9e47aee624b3962d21e6582f105af
Score

8^/10
- Executes dropped EXE
- Loads dropped DLL
behavioral5 behavioral6
- Target
  
  Windows10Debloater-master/Individual Scripts/Disable Cortana
- Size
  
  659B
- MD5
  
  6323e777a8add8e0c94bf73b29c7e493
- SHA1
  
  0a19c7a21c7f66ab97c3582fbf54c8627b9c5c19
- SHA256
  
  5f094ae62d81cd7b7a049d3193802ccf58cbdc738df285c95ff5cbb73b4876d7
- SHA512
  
  67a6c08278a06c2c2dcc24f2a2d2dae82372f9c369a82892fb2cb6f88fe4ef48a12006d530b199748fd7ad81b2aabafd59db7cabc8f0c9b18be967f78a1655f5
Score

1^/10
behavioral7 behavioral8
- Target
  
  Windows10Debloater-master/Individual Scripts/Disable Last Used Files and Folders View.ps1
- Size
  
  637B
- MD5
  
  a89cd270851a8b1ef9d645a018b1b8f7
- SHA1
  
  0e8ef7d5edba0a8ad2acca033d4a1f2199075f7f
- SHA256
  
  63a2fa69b2ad719f963ea52e573e9777eb66552ea4a618416f19745a234d13b5
- SHA512
  
  b8537608716c3b7c48820ce1456818557b032b6b5e7e421ab538131d4b8639bcdb9e796ad48f203a2b9824a803236f3b15152eeacad5e93d2feda651805817c7
Score

1^/10
behavioral9 behavioral10
- Target
  
  Windows10Debloater-master/Individual Scripts/Enable Cortana
- Size
  
  662B
- MD5
  
  9c87d755ea8c3d89c465044a67c1d3f5
- SHA1
  
  6f6e2ce809065e33a64978dca110e14b1f6aa0cf
- SHA256
  
  3a936c1812c16b8843b55a8e48458261438da509738362827be33b9fdb44a9e3
- SHA512
  
  355ad2b64758daa22ee85f16bebac87021353d3c946d366c8a6c87d9fc87cccbfc4471053864d75795eaa80b6f3271d1a4c2988a18e565ee91ddba072b229058
Score

1^/10
behavioral11 behavioral12
- Target
  
  Windows10Debloater-master/Individual Scripts/Enable Edge PDF
- Size
  
  1KB
- MD5
  
  a0dd2989216296ab355273ed0ccff2cd
- SHA1
  
  91b10bb2a6c91bd1a39d6f0b2900d64a2c4af97b
- SHA256
  
  c7f7911e4d75fbb0579c219313f5852764e055fe0f0e7ae4577a717ea6f7886e
- SHA512
  
  d74d89e622696eb095c96f3af1f6a9540dace27a51248bd828d49775750619e246d32d35f7d0b328da1cc1808a8c8aaf83daa7ef5e3f12bcd1c79d75eebbd59b
Score

1^/10
behavioral13 behavioral14
- Target
  
  Windows10Debloater-master/Individual Scripts/Fix Whitelisted Apps
- Size
  
  851B
- MD5
  
  beb720e264a818ec1c8523b6de24d705
- SHA1
  
  6b4059c08b4289dc1bec0922505c72543bceb806
- SHA256
  
  f9998bfb7dc3fde2df313e7e37d22cbea956cfdd4938bc06d27752974e9c67b8
- SHA512
  
  1c60d1a007cc53478833a7525164fbe3fe70fa6b0455654ee20beda334e79c55883408bdc2b7b7aca8d6125d3b0b85ad3f4d55f66296ebb09bc526bebb095f9f
Score

1^/10
behavioral15 behavioral16
- Target
  
  Windows10Debloater-master/Individual Scripts/Protect Privacy
- Size
  
  6KB
- MD5
  
  0204760e129c125d3b6432e3c55bfbcc
- SHA1
  
  ad7b33518d69488709d3b7718d829976b5b47564
- SHA256
  
  3c1e5367ac277eeedddfc67b0c350900f6e60251779bb8d4f5c262c4019ec42f
- SHA512
  
  0a243955f9a68c93880a084d7a8883f9885c38d85423746e4d1e06e0b4a27f8224754be790471c1018a25eaf7ecbdc896b67b6a79bbb4a675bc8f28b12f7ff6d
- SSDEEP
  
  96:Ee88hTQ0SoR91GP81eWM9nYijpC+81wIrFIR/cwqChVdP/cJz+adWDwJi75R7Bes:xzTl9dlijpoA0wqChvP/ladWDz7JeFPG
Score

1^/10
behavioral17 behavioral18
- Target
  
  Windows10Debloater-master/Individual Scripts/Remove Bloatware RegKeys
- Size
  
  2KB
- MD5
  
  dba98a6eeda78832880bce9452fb2524
- SHA1
  
  cc56bab9082fc80abaf108385712736e1ea50ea3
- SHA256
  
  6f04f74e2f2aae8d8ae8413b514a719b9b8a68d7a1580b93d717a477f539c1d5
- SHA512
  
  e6b28f033bd5c00482ff11d8d5d8367b46d64b9975cda448e15f5b295e220c8ca329a7e9ffba1221132b1bade655bc34edee356115949ae5d8aa090118d3f7c8
Score

1^/10
behavioral19 behavioral20
- Target
  
  Windows10Debloater-master/Individual Scripts/Revert Changes
- Size
  
  5KB
- MD5
  
  5c45c8bfe0a137468c9933131f22ed6e
- SHA1
  
  ee241539e37679654b3e1a2ae867cd42eee4e134
- SHA256
  
  b346d069ce67865979dd979952e2ed148716807015038634247b810c927191dc
- SHA512
  
  d03de33688f75464d82231c7fda10e168ea9e1f0c55b9b1cc22b878d68836557d82e293cad062c334cdde889f0e933242e2ee1227b95cfbd1d5bc52c243e679b
- SSDEEP
  
  96:i3L4sp6ijs6n8r81eGFM+d8l2si7lKXF9R5Chrr8YuhpjKA2nv4JU+ZK+KBt8R5:qLP6usYJJPG2salEFJChuhpjKNvtIK1w
Score

1^/10
behavioral21 behavioral22
- Target
  
  Windows10Debloater-master/Individual Scripts/Set Explorers LaunchTo Computer.ps1
- Size
  
  372B
- MD5
  
  3919c1c974d775c4765127f2fdecfeb6
- SHA1
  
  26354b7626f90271f123a5d1ac211a926c791239
- SHA256
  
  f1028c19c2a5cbf132048a3306277434e965c5fadc8046eefe7c9f423debecf9
- SHA512
  
  a10d6b14a5932dfc6b9c4f1d94d18e8bd6cb1e255071cd0c091dd7a2d288c69dc4964025a248527ce31aed02c68c8b4fee40d1f995c2ad7d0cf3438cc5304b15
Score

1^/10
behavioral23 behavioral24
- Target
  
  Windows10Debloater-master/Individual Scripts/Stop Edge PDF
- Size
  
  1KB
- MD5
  
  09f3f884027577977c62455b0846322d
- SHA1
  
  d4fb17261030b7d75fd51ccd2922724b988be8b5
- SHA256
  
  02a5b62d5d10a47cd9f5fbcf703ac518b205aa29714ca5b970627829f6519d28
- SHA512
  
  0ae55b8cc1e8da0c6eaff2d59ac90ecdec3164e1b129c9f36bca7d5cc5841e3cd58881216d4c9aff1ab161944aa0281ddd471115dcc54b571b6f703eba08d00c
Score

1^/10
behavioral25 behavioral26
- Target
  
  Windows10Debloater-master/Individual Scripts/Uninstall OneDrive
- Size
  
  1KB
- MD5
  
  46e679e781dee63a08d02fe10d4873e2
- SHA1
  
  f4c305bd4b0b3eff86033c796d2e0f00894a9b32
- SHA256
  
  b953da06b98d28e173d4c948a8b0efcc47c709df86204b1f897b86257dc97960
- SHA512
  
  a48a8b7f2db4f42461582a577a296ea08d604f01c76ea65cf220b1c7a676f449070e71da0eb353a0d99e435219e6fb1b06b0e6e252de3ec81854f2a160a1c0f6
Score

10^/10

persistence
- Modifies system executable filetype association
  persistence
- Suspicious use of NtCreateUserProcessOtherParentProcess
- Registers COM server for autorun
  persistence
- Drops desktop.ini file(s)
behavioral27 behavioral28
- Target
  
  Windows10Debloater-master/Individual Scripts/Unpin Start
- Size
  
  2KB
- MD5
  
  504e226ab05186cfdb1c29fc6d0d0114
- SHA1
  
  4389b0d6c6ce0d6acd91a6261bd8d358fd90f8e6
- SHA256
  
  186823f7d920b3e88e2a056ad3cd2fd0181e814cd7e6c1aa09a8d8699fedd96d
- SHA512
  
  5fd702a0459783c453d0beef86696c477894091c698e53b0c812c29e580cf354a5878408aeaa1438d34038fd7e5d83dd43034b2951f79a5699440065603b4514
Score

8^/10

persistence
- Modifies Installed Components in the registry
  persistence
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
behavioral29 behavioral30
- Target
  
  Windows10Debloater-master/LICENSE
- Size
  
  1KB
- MD5
  
  cf304f6797b76bfa034add3daa2f6505
- SHA1
  
  65460b267fedc3d9988eb519e385f17c25f8e335
- SHA256
  
  17d563b2932c28c1ec5ff45c1f6e648ffb688fe6b8d59aa292ba5608e6ed9f15
- SHA512
  
  6900ebda0a50da8ca692d61f0af6455e140ec934216ba618d9d8c0e7e3106d498e10f7be3674b6a016f385a27e669b22a98d29e2d8aef8257f0f1bb4907948ef
Score

1^/10
behavioral31 behavioral32

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Change Default File Association

T1042

Registry Run Keys / Startup Folder

T1060

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Peripheral Device Discovery

T1120

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

Sharing

General

Malware Config

Targets

Executes dropped EXE

Loads dropped DLL

Modifies system executable filetype association

Suspicious use of NtCreateUserProcessOtherParentProcess

Registers COM server for autorun

Drops desktop.ini file(s)

Modifies Installed Components in the registry

Enumerates connected drives

MITRE ATT&CK Matrix ATT&CK v6

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15

behavioral16

behavioral17

behavioral18

behavioral19

behavioral20

behavioral21

behavioral22

behavioral23

behavioral24

behavioral25

behavioral26

behavioral27

behavioral28

behavioral29

behavioral30

behavioral31

behavioral32