ed9d9ca4e442cb52d81a61dbc3d9d613785b929a6536623fa5c0666edbf22f55 | Triage

Submit
Reports

Overview

overview

Static

static

disable_defender.bat

windows10-1703-x64

disable_defender.bat

windows10-2004-x64

Sharing

General

Target

disable_defender.bat
Size

134KB
Sample

221104-yllpfsaeb2
MD5

e430435cb58bf4b32f6c34662bf2399c
SHA1

68ef170abe380c4a9827abeaf37e3d9e8392b23b
SHA256

ed9d9ca4e442cb52d81a61dbc3d9d613785b929a6536623fa5c0666edbf22f55
SHA512

6819be2bac9e1701c62b0409328998db2ab828540334c7567d467879bc2907bb37a3ff8bea115b7d4fca8b1eaed1e63a4d9ab607af3edcb726b5412dbbd80d03
SSDEEP

1536:N9qlzR+K/otrK/o5gINROhPCWi/uQ5t6s0Q9x32cqmWr8igtUdwy6HT3OcK/o3+e:N9qlc91N277c66t

Score

10^/10

discovery evasion exploit trojan

Static task

static1

Behavioral task

behavioral1

Sample

disable_defender.bat

Resource

win10-20220812-en

discovery evasion exploit trojan

windows10-1703-x64

8 signatures

150 seconds

Behavioral task

behavioral2

Sample

disable_defender.bat

Resource

win10v2004-20220812-en

discovery evasion exploit trojan

windows10-2004-x64

14 signatures

150 seconds

Malware Config

Targets

- Target
  
  disable_defender.bat
- Size
  
  134KB
- MD5
  
  e430435cb58bf4b32f6c34662bf2399c
- SHA1
  
  68ef170abe380c4a9827abeaf37e3d9e8392b23b
- SHA256
  
  ed9d9ca4e442cb52d81a61dbc3d9d613785b929a6536623fa5c0666edbf22f55
- SHA512
  
  6819be2bac9e1701c62b0409328998db2ab828540334c7567d467879bc2907bb37a3ff8bea115b7d4fca8b1eaed1e63a4d9ab607af3edcb726b5412dbbd80d03
- SSDEEP
  
  1536:N9qlzR+K/otrK/o5gINROhPCWi/uQ5t6s0Q9x32cqmWr8igtUdwy6HT3OcK/o3+e:N9qlc91N277c66t
Score

10^/10

discovery evasion exploit trojan
- Modifies Windows Defender Real-time Protection settings
  evasion trojan
- Modifies Windows Defender notification settings
  evasion trojan
- Modifies firewall policy service
  evasion
- Modifies security service
  evasion
- Modifies Windows Firewall
  evasion
- Possible privilege escalation attempt
  exploit
- Stops running service(s)
  evasion
- Modifies file permissions
  discovery
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Modify Existing Service

Privilege Escalation

Defense Evasion

Disabling Security Tools

File and Directory Permissions Modification

Impair Defenses

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Service Stop

Tasks

static1

behavioral1

discoveryevasionexploittrojan

behavioral2

discoveryevasionexploittrojan

© 2018-2024

Terms | Privacy