Overview

overview

8

Static

static

newelevate.bat

windows7-x64

1

newelevate.bat

windows10-2004-x64

8

Sharing

Copy URL
Twitter E-mail

General

  • Target

    newelevate.bat

  • Size

    38KB

  • Sample

    220926-n6weaaafh4

  • MD5

    33df5813085692419f1848383801caf8

  • SHA1

    e2a4362a1c509cc16ce1fbe1d81c1974d30cfb64

  • SHA256

    c6e2ef8f419325a84a8687373b8d227a7da149c83e9fad205a3c3e6ac4ea307d

  • SHA512

    9ab4351488417b7d3f13cdb238d9a56327b8bbd1312c3cbf5ed9f4e3f33970109d11fa0cb24666ddbf27a6d8dcce3649e313114204d86388511ec9dffac4ae5c

  • SSDEEP

    768:YP6wbP6w4P6whP6wAP6wgP6wS7AP6wHyP6wIP6wKP6wrP6wmP6wd:7

Score
8/10
persistencepyinstaller

Malware Config

Targets

    • Target

      newelevate.bat

    • Size

      38KB

    • MD5

      33df5813085692419f1848383801caf8

    • SHA1

      e2a4362a1c509cc16ce1fbe1d81c1974d30cfb64

    • SHA256

      c6e2ef8f419325a84a8687373b8d227a7da149c83e9fad205a3c3e6ac4ea307d

    • SHA512

      9ab4351488417b7d3f13cdb238d9a56327b8bbd1312c3cbf5ed9f4e3f33970109d11fa0cb24666ddbf27a6d8dcce3649e313114204d86388511ec9dffac4ae5c

    • SSDEEP

      768:YP6wbP6w4P6whP6wAP6wgP6wS7AP6wHyP6wIP6wKP6wrP6wmP6wd:7

    Score
    8/10
    persistencepyinstaller

    • Blocklisted process makes network request

    • Downloads MZ/PE file

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

      persistence
    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

1
T1060

Privilege Escalation

Defense Evasion

Modify Registry

2
T1112

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks