Overview

overview

8

Static

static

1

testing.bat

windows10-2004-x64

8

Sharing

Copy URL Twitter E-mail

General

  • Target

    testing.bat

  • Size

    3KB

  • Sample

    230918-m639fsgh2s

  • MD5

    a9f96e16dc451668176f0cc42724e9b6

  • SHA1

    f673d5a5958a1d1782b59267e44cc1dc0d20dc25

  • SHA256

    9b553a67d24aa7e368e1b6d88be547db3078f9f876281f55eaf63b7383bd30ad

  • SHA512

    356704be8527e2043f0d5b04d4345908b8f2d64f1553e8c6655c474036100aedf8f6ddb23cc47e24060913922d5a0780fe2b6c9fc26dc845381e033ccf7f8090

Score
8/10
evasionpersistenceransomware

Malware Config

Targets

    • Target

      testing.bat

    • Size

      3KB

    • MD5

      a9f96e16dc451668176f0cc42724e9b6

    • SHA1

      f673d5a5958a1d1782b59267e44cc1dc0d20dc25

    • SHA256

      9b553a67d24aa7e368e1b6d88be547db3078f9f876281f55eaf63b7383bd30ad

    • SHA512

      356704be8527e2043f0d5b04d4345908b8f2d64f1553e8c6655c474036100aedf8f6ddb23cc47e24060913922d5a0780fe2b6c9fc26dc845381e033ccf7f8090

    Score
    8/10
    evasionpersistenceransomware

    • Blocklisted process makes network request

    • Disables Task Manager via registry modification

      evasion

    • Downloads MZ/PE file

    • Executes dropped EXE

    • Adds Run key to start application

      persistence

    • Drops file in System32 directory

    • Sets desktop wallpaper using registry

      ransomware
    behavioral1

MITRE ATT&CK Enterprise v15

Tasks