General
-
Target
doc10.bat
-
Size
3KB
-
Sample
240105-nrkz1aafek
-
MD5
bce4b47c8d771946d4faddd3d10167d1
-
SHA1
963d52a9ec660867cb151b748865ee80da7d643f
-
SHA256
7526adc594e5f4917db534adb9da4f81eb36920d7d4deb9be3de17f4cd1d46d0
-
SHA512
3aa4c09263abc2ca7a50ec77b09b6a87661599e076c147dc5578aa6c0709263d5db5cee2b64edb82e8fb33f57307bdaebba536d60ebf33c02c43aced5dc82d24
Malware Config
Targets
-
-
Target
doc10.bat
-
Size
3KB
-
MD5
bce4b47c8d771946d4faddd3d10167d1
-
SHA1
963d52a9ec660867cb151b748865ee80da7d643f
-
SHA256
7526adc594e5f4917db534adb9da4f81eb36920d7d4deb9be3de17f4cd1d46d0
-
SHA512
3aa4c09263abc2ca7a50ec77b09b6a87661599e076c147dc5578aa6c0709263d5db5cee2b64edb82e8fb33f57307bdaebba536d60ebf33c02c43aced5dc82d24
Score10/10-
Modifies firewall policy service
-
UAC bypass
-
Modifies boot configuration data using bcdedit
-
Disables Task Manager via registry modification
-
Modifies Windows Firewall
-
Possible privilege escalation attempt
-
Drops startup file
-
Modifies file permissions
-
Drops desktop.ini file(s)
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Drops autorun.inf file
Malware can abuse Windows Autorun to spread further via attached volumes.
-
Drops file in System32 directory
-
MITRE ATT&CK Enterprise v15
Privilege Escalation
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Create or Modify System Process
2Windows Service
2Defense Evasion
Abuse Elevation Control Mechanism
1Bypass User Account Control
1File and Directory Permissions Modification
1Hide Artifacts
1Hidden Files and Directories
1Impair Defenses
2Disable or Modify Tools
2Modify Registry
4