General

  • Target

    kacperuxz7373_opti_pack.rar

  • Size

    2.0MB

  • Sample

    240222-lkbfwafg86

  • MD5

    4748e1406863125cf8bafd54612f5051

  • SHA1

    b93ac30996f6bf83c8f2ecbad1ef468a920485fa

  • SHA256

    56b445c890323ee627b79ae87201ce1b49bc044626b4e6775a9f6a6ce1607bad

  • SHA512

    e78fad0bf7e8b811e8f138334970d34cfca198e369498699471c9068108bffde047a313721227878f766601895942ef567d5c5695cdcdb1d4b54faf9c139efb9

  • SSDEEP

    49152:goxukgZFBTsy6m70bxL3sJLlRV7K83RWJe4:rxKzgm7Gx3sJLrV7KwMH

Malware Config

Targets

    • Target

      kacperuxz#7373 opti pack/FiveM.exe

    • Size

      5.0MB

    • MD5

      d1bd6492da0586bd4af8b08bde263db2

    • SHA1

      4f314e4c2c336a08d4c9a5eb59399f411b0c6d26

    • SHA256

      4612075ef8906f61761f04f41fa3f2a3c0fc92c67339572f399a3a15ac1d600f

    • SHA512

      dc2c97b888c7513372d65eb9baa5f5e8ea4cf8330ec8ea546dafb7769ce372d932078f701573d78e7509c3e12de54877d8ce37d98444faed7e23f5a8c0e43285

    • SSDEEP

      49152:BOjPWx2ntp34WU90BXKnnRBoUlHtpMu9hrLqJ/lrpBFaU80jq43gvW5VF8Ydo/qq:srhPmHtM106ugu/YdnDCNQitSEGAVub

    Score
    6/10
    • Drops desktop.ini file(s)

    • Target

      kacperuxz#7373 opti pack/optymalizacja windows by kacperuxz#7373/3. Windows Debloat/2. Windows Debloat/1. Uruchom/block-telemetry.ps1

    • Size

      8KB

    • MD5

      f5d7bff130264cc2adf16cb9c4da094c

    • SHA1

      1efc2e96e15629f6be1bf1b16a9547b6facd5984

    • SHA256

      3bb5edb9d78c078beb3bbb4595b25ab31d7429d2a1fc3a326e4dad46766d6646

    • SHA512

      a1626b248eccea1240323c95f75fe5de04a7ad8a29332961a7665e5982a6c9f57ad880a5e56ea12bf45a9e5b7a0170ce8279f576e13148021dfbd69c6dfff339

    • SSDEEP

      96:uQVJ738aZ0n4cg/hdAwMtQgrBrTHakx0x2+V76O4BIvXXKCB8lZZFMntqvBqLmmF:us8Vn4cehexLYQcyaNICiD71iyBHEf

    Score
    8/10
    • Drops file in Drivers directory

    • Target

      kacperuxz#7373 opti pack/optymalizacja windows by kacperuxz#7373/3. Windows Debloat/2. Windows Debloat/1. Uruchom/disable-services.ps1

    • Size

      1KB

    • MD5

      acca107c6d0ef0b0bfd31aca5927390d

    • SHA1

      f71d27546e925fa0ee736b9806b82b3c0d83fd13

    • SHA256

      b8bd3cb0707b254046435e3351ae9331b6a3b28de1e90ce14a9dd1a3d57b8bdf

    • SHA512

      5b9c0469babe3ff011a30b3d64035c1e0329e2dbcd8f320ab367df0666948f21a29938da35f6c2f9297967742c60c06a673d43d96188fa6dc37ee98bc3ff5979

    Score
    1/10
    • Target

      kacperuxz#7373 opti pack/optymalizacja windows by kacperuxz#7373/3. Windows Debloat/2. Windows Debloat/1. Uruchom/disable-windows-defender.ps1

    • Size

      2KB

    • MD5

      b745b1a0b4b70e44fac3b25abdb3f63e

    • SHA1

      ce16a432c63df3be945af976b43a06d5454c3f12

    • SHA256

      27365de295c362797d14cc90311549f5d67f8a76dc981e374648ac51752017b0

    • SHA512

      19454c7dfdf1c2fd8aa8a7d1fec9f35e26288e6e36f90d78b4a94759db4fb56f64bc91cc63f1e696bd3c6eb949ffc2733410143184896b46af37da7b7fdbf933

    Score
    10/10
    • Target

      kacperuxz#7373 opti pack/optymalizacja windows by kacperuxz#7373/3. Windows Debloat/2. Windows Debloat/1. Uruchom/experimental_unfuckery.ps1

    • Size

      1KB

    • MD5

      f7d2cfa20e6f94bde9140ac74783a00a

    • SHA1

      95470cec1299f3409c328c4f3e0e2ade681131a3

    • SHA256

      deec5afd8d537d8744fe8c0c919e53aa32bcf2ba28e60cba03fad2b83a60c506

    • SHA512

      df0946065b9a21270ee3bff911fe5e0727fd11116c55936f8ccd5bf68d34f9db05c96ff8ca9190b5f67add42f9584c97bb904231ba66427f188bcc426b8f4024

    Score
    7/10
    • Executes dropped EXE

    • Loads dropped DLL

    • Target

      kacperuxz#7373 opti pack/optymalizacja windows by kacperuxz#7373/3. Windows Debloat/2. Windows Debloat/1. Uruchom/fix-privacy-settings.ps1

    • Size

      7KB

    • MD5

      837f426d2c69aa46f1f5e5781676a382

    • SHA1

      4b95b9033f5d42050b6033a1bb72869258b4410e

    • SHA256

      a8e2f1195867da78f0e99d3faf067e773c297ef8e3053344cdf4fcce8b8ca202

    • SHA512

      ba760579096849b230cfef799034d965795febc1ccb6ed6c972c10e230b64e06c328ce0b2e7bae2c1b7449782b606a0124778bd66772b403ee4cfb4b6e5c0bb1

    • SSDEEP

      96:2CrITjTn/7T8dPaFkUuiU0wN3yibEUyibyXYXTJe7TrzMZm0MZm44MZm2MZm95oE:2CcjT3qhbEWbiAYAlJGoqn/inkJAh2

    Score
    1/10
    • Target

      kacperuxz#7373 opti pack/optymalizacja windows by kacperuxz#7373/3. Windows Debloat/2. Windows Debloat/1. Uruchom/optimize-user-interface.ps1

    • Size

      7KB

    • MD5

      287234fd02bb87f81bb8125164cec4c9

    • SHA1

      4b01cf7151f372dc36b3c0ebf0b2556bebef9e17

    • SHA256

      f1e31fed70ab2e1104d3f96dd5932dea8f8f380333287b5a6e71bca2654520bc

    • SHA512

      eb947fe2ee871f0525f276a7f050e7ca6fd49135bc24d7a9ee02f94ddb8e96aa5c1fc80039db9e39982af71c9ac04ec936f337718ab46a214cc5f36c86bbf8cf

    • SSDEEP

      192:xgDCcRewpotyPVPVmH7L//IDcRFBR59S/m+qpVqtl1A:xgDC0edVR5

    Score
    10/10
    • Modifies visibility of file extensions in Explorer

    • Target

      kacperuxz#7373 opti pack/optymalizacja windows by kacperuxz#7373/3. Windows Debloat/2. Windows Debloat/1. Uruchom/optimize-windows-update.ps1

    • Size

      1KB

    • MD5

      a43be4706b81313de8611a71ae7d21d4

    • SHA1

      ceb3abd9ec4e7291d9f1918b5e67735caf1c8089

    • SHA256

      9c0471f84ca06dcd0b0822e56626f6e8bcf9b0452cc462482e9b39d30bfa873e

    • SHA512

      c0b6382d56f67abd1964679f50fb91a3a05b8145fad6055c4ce09493bffc0e3b8ea9ae839e7b8c2f8cc40ded6c609dadc3e09788dcfadcfdd19fe0bd3f515a36

    Score
    8/10
    • Possible privilege escalation attempt

    • Modifies file permissions

    • Target

      kacperuxz#7373 opti pack/optymalizacja windows by kacperuxz#7373/3. Windows Debloat/2. Windows Debloat/1. Uruchom/remove-default-apps.ps1

    • Size

      5KB

    • MD5

      1df11e24ccd57037e31c192f3d743092

    • SHA1

      cb6bdceeee0ae75f707daefb6c3545b8e4197706

    • SHA256

      7aa196984b016d2122142bbe18341ee23c94b758ce78f32d1765011ae24517fd

    • SHA512

      f5fb2dc62573e771a178c7509fd456c442f8242458031c6e92f63035be1a968f99ef49624565ceedee36ec4da5d61dbac8f376839c53b0bc960b1582238fce5e

    • SSDEEP

      96:lNrUcT0hNuMIRNabGvB5M25g5F5At5kboNOW6TKQy33JF+4nJvpNLHsVmUO5SYet:lN4M0VYnWUzQ7mgh4migU2

    Score
    7/10
    • Executes dropped EXE

    • Loads dropped DLL

    • Target

      kacperuxz#7373 opti pack/optymalizacja windows by kacperuxz#7373/3. Windows Debloat/2. Windows Debloat/1. Uruchom/remove-onedrive.ps1

    • Size

      2KB

    • MD5

      89bb971558db2dea9987d1fa5f5c398e

    • SHA1

      1ceed67a3f777f755d942cc71e81140a9c6db7e9

    • SHA256

      861391286bc21b91fe404a6d5ed3cb36838daa37d99879d38c97e2c4d7c4b9b8

    • SHA512

      2d6010560dc339a569ed2f6832253d464418aef039acd9ec08b9c955da45043821c69643bc403b2201c0c049ef4379c719afa7f807f81a91070570f72026bd41

    Score
    8/10
    • Modifies Installed Components in the registry

    • Modifies system executable filetype association

    • Registers COM server for autorun

    • Drops desktop.ini file(s)

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Target

      kacperuxz#7373 opti pack/optymalizacja windows by kacperuxz#7373/3. Windows Debloat/2. Windows Debloat/2. Uruchom/boot-advanced-startup.bat

    • Size

      35B

    • MD5

      14b4e3937bbb6560bf853ff651684b67

    • SHA1

      916231f6c56a7265eabe84d9e7f527f4f564038f

    • SHA256

      a6db677174d9a427e5582db26ec71be1372b3467faca91ff2e082f48ece0db30

    • SHA512

      2a51497266d281d5f4b1a9c0fda50a65d83a69856bf5237ee703b63d06ec01ae842fd57d6349ddc62c729956798f84c1dddb8243522ffdf608c5ee57e8b6dacd

    Score
    1/10
    • Target

      kacperuxz#7373 opti pack/optymalizacja windows by kacperuxz#7373/3. Windows Debloat/2. Windows Debloat/2. Uruchom/disable-ShellExperienceHost.bat

    • Size

      306B

    • MD5

      00fe7a3d5531b3d0ae3df2a027d129c8

    • SHA1

      4cee5b442bbb330f8de04d91940982a55a308b56

    • SHA256

      d2997eabf5f11407c5c2312a1e7c2a4d785a9ad0db9a84cedd3fd78864f008df

    • SHA512

      036d4881631803f03fb7ac78a8c5f6c0f2701dee6399bea1264dc2805f8b08fce67190c25861434e5dcfb5ca83edbdd5d5d9073f6f252ba2b8e97046221eba63

    Score
    1/10
    • Target

      kacperuxz#7373 opti pack/optymalizacja windows by kacperuxz#7373/3. Windows Debloat/2. Windows Debloat/2. Uruchom/disable-memory-compression.ps1

    • Size

      273B

    • MD5

      a1d28d2607d52a2efe0e8089602e03fb

    • SHA1

      40c319de8ea0fa1e8a938056ce130147fff28042

    • SHA256

      e6195eb532cc9b0fa458228d6c62b727f31a80426d90c8a98c06c3bbabadff75

    • SHA512

      5a234a5cd65e8c8f6b482923a15b91fde3bb455ca262e9be9dec12b957219871446a28636e6cbf1ed304fc5a87d001439360977987243f2cbcae8aaec2fffa62

    Score
    1/10
    • Target

      kacperuxz#7373 opti pack/optymalizacja windows by kacperuxz#7373/3. Windows Debloat/2. Windows Debloat/2. Uruchom/disable-prefetch-prelaunch.ps1

    • Size

      352B

    • MD5

      db1f295f9138d6c86b9eba05e1a0dab7

    • SHA1

      278a3dcc712bba6cbbc07f3cd8c49fd87ee6a779

    • SHA256

      750499c4e7ef6eb69e1f6472d74dda0e63dea64cb707d1888ecf3c550950ade7

    • SHA512

      1e5c94d865040b115b0f16a1e129144935bb4fee614f8923145f238eff86a48a2210be66d8b97db36714b3057ea222bff3d2cce6137f8958b6bfcabe4728a79e

    Score
    1/10
    • Target

      kacperuxz#7373 opti pack/optymalizacja windows by kacperuxz#7373/3. Windows Debloat/2. Windows Debloat/2. Uruchom/disable-scheduled-tasks.ps1

    • Size

      8KB

    • MD5

      acdc5903d0e20c4e60e77a9c5c8da13a

    • SHA1

      017e620fedb42d4edfdc20f7288348a67b1becf7

    • SHA256

      596de0bf90b9107738707e92136d7264321f0a6a106575ea2a249fcfcd35c82b

    • SHA512

      978ca4913f4cbe54b96412bef54b053be7e185e712e6c7f634f054366de8f377010ecc729f276c3ad03c98701ada8873025b212f5dac5cd97d0e797b5bf747ee

    • SSDEEP

      96:DFcgOIdEzoPj1IvvIwKcysSzqIdrIJtI+MW0YfSI1IV6T68+YWTxKcQ6rKYXuF8i:9UKc/k+ORGJIsIj4QnZzzECdq

    Score
    1/10
    • Target

      kacperuxz#7373 opti pack/optymalizacja windows by kacperuxz#7373/3. Windows Debloat/2. Windows Debloat/2. Uruchom/disable-searchUI.bat

    • Size

      164B

    • MD5

      edae8e646bd2ec03817bf7293e1cacdf

    • SHA1

      8b75254e295b054401b16d097a32d4e8759a0498

    • SHA256

      673542ef9c8a18f63af3ca41024bc7fba7a163f4b88b7ec4f7d1969dc2be3753

    • SHA512

      d0cfe2ea439f73d25312b8e3292e89378bbc8321cc09a94a7a427d20f339685fd13a45ad17b4605e72fbd6b69ef8ed15cc85cd888621c95e2b90946b9319b271

    Score
    1/10

MITRE ATT&CK Enterprise v15

Tasks

static1

Score
3/10

behavioral1

Score
1/10

behavioral2

Score
6/10

behavioral3

Score
8/10

behavioral4

Score
8/10

behavioral5

Score
1/10

behavioral6

Score
1/10

behavioral7

evasion
Score
10/10

behavioral8

Score
1/10

behavioral9

Score
4/10

behavioral10

Score
7/10

behavioral11

Score
1/10

behavioral12

Score
1/10

behavioral13

evasion
Score
10/10

behavioral14

evasion
Score
10/10

behavioral15

discoveryexploit
Score
8/10

behavioral16

discoveryexploit
Score
8/10

behavioral17

Score
1/10

behavioral18

Score
7/10

behavioral19

persistence
Score
8/10

behavioral20

persistence
Score
8/10

behavioral21

Score
1/10

behavioral22

Score
1/10

behavioral23

Score
1/10

behavioral24

Score
1/10

behavioral25

Score
1/10

behavioral26

Score
1/10

behavioral27

Score
1/10

behavioral28

Score
1/10

behavioral29

Score
1/10

behavioral30

Score
1/10

behavioral31

Score
1/10

behavioral32

Score
1/10