Overview

overview

8

Static

static

1

removeedge.bat

windows10-2004-x64

8

Sharing

Copy URL
Twitter E-mail

General

  • Target

    removeedge.bat

  • Size

    2KB

  • Sample

    240414-mrtrgaah9s

  • MD5

    5f51dfbc9b44b2d5f0d55699686a891b

  • SHA1

    acfd75219ff08f9e96c45d2022ae4d9a59e89d77

  • SHA256

    a910f47d7c5ce1f4dc1b09dbb3bcdd878d97acc2f3755e25ffa6ae64cc8771d7

  • SHA512

    1b2d1f7879b02c1aa23795f9bbee1b2b60f3730e016ada76c39d3d5df6423d584040bf8adb408928a4e801ceb540dbc6e308d6e0f50e69e829eed45dec44d557

Score
8/10
discoveryexploitpersistence

Malware Config

Targets

    • Target

      removeedge.bat

    • Size

      2KB

    • MD5

      5f51dfbc9b44b2d5f0d55699686a891b

    • SHA1

      acfd75219ff08f9e96c45d2022ae4d9a59e89d77

    • SHA256

      a910f47d7c5ce1f4dc1b09dbb3bcdd878d97acc2f3755e25ffa6ae64cc8771d7

    • SHA512

      1b2d1f7879b02c1aa23795f9bbee1b2b60f3730e016ada76c39d3d5df6423d584040bf8adb408928a4e801ceb540dbc6e308d6e0f50e69e829eed45dec44d557

    Score
    8/10
    discoveryexploitpersistence

    • Modifies Installed Components in the registry

      persistence

    • Possible privilege escalation attempt

      exploit

    • Modifies file permissions

      discovery
    behavioral1

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

1
T1547

Registry Run Keys / Startup Folder

1
T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

1
T1547

Registry Run Keys / Startup Folder

1
T1547.001

Defense Evasion

Modify Registry

1
T1112

File and Directory Permissions Modification

1
T1222

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks