Overview

overview

10

Static

static

1

runasadmin.bat

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    runasadmin.bat

  • Size

    1KB

  • Sample

    240522-wamq9sag3x

  • MD5

    8c6d25434d4d9d6c230a727a90b3e111

  • SHA1

    bb21e80767f6c2f6fcc382eeb0c67afc7294dae9

  • SHA256

    61d3ded7796d8e1e237a9d5b29dfa3c85bd8a7b0851158683b7182c8693efc5f

  • SHA512

    a9f81718046624aaf8c391e390dba81250f6c346e9aec4e929ca6a60eaecac5928ec961df91b2c520fa99b50481b8310192d8576cf1e20cb0d4129b8aadc194c

Score
10/10
discoveryevasionexecutionexploit

Malware Config

Targets

    • Target

      runasadmin.bat

    • Size

      1KB

    • MD5

      8c6d25434d4d9d6c230a727a90b3e111

    • SHA1

      bb21e80767f6c2f6fcc382eeb0c67afc7294dae9

    • SHA256

      61d3ded7796d8e1e237a9d5b29dfa3c85bd8a7b0851158683b7182c8693efc5f

    • SHA512

      a9f81718046624aaf8c391e390dba81250f6c346e9aec4e929ca6a60eaecac5928ec961df91b2c520fa99b50481b8310192d8576cf1e20cb0d4129b8aadc194c

    Score
    10/10
    discoveryevasionexecutionexploit
    behavioral1

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

System Services

1
T1569

Service Execution

1
T1569.002

Command and Scripting Interpreter

1
T1059

PowerShell

1
T1059.001

Persistence

Create or Modify System Process

2
T1543

Windows Service

2
T1543.003

Privilege Escalation

Create or Modify System Process

2
T1543

Windows Service

2
T1543.003

Defense Evasion

Impair Defenses

1
T1562

Disable or Modify System Firewall

1
T1562.004

File and Directory Permissions Modification

1
T1222

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Service Stop

1
T1489

Resource Development

Reconnaissance

Tasks