f7d324eec5fc6cec83bdafd21c65e6909d847c7ea40091b87243bfd5c2c0f549 | Triage

Sharing

General

Target

runasadmin.bat
Size

1KB
Sample

240522-wntfzabc59
MD5

27385fc8820b394db863c320f3bb48f2
SHA1

5c231e5d149ff97d8d435ef9442a41a94eecf716
SHA256

f7d324eec5fc6cec83bdafd21c65e6909d847c7ea40091b87243bfd5c2c0f549
SHA512

66133441896602787b60e604962f181f06171d101765da80813a952636f245ace68d51971709f783749ee4f41ef9860912de82f5d87485c278635f6f82a802c0

Score

10^/10

discovery evasion execution exploit

Malware Config

Targets

- Target
  
  runasadmin.bat
- Size
  
  1KB
- MD5
  
  27385fc8820b394db863c320f3bb48f2
- SHA1
  
  5c231e5d149ff97d8d435ef9442a41a94eecf716
- SHA256
  
  f7d324eec5fc6cec83bdafd21c65e6909d847c7ea40091b87243bfd5c2c0f549
- SHA512
  
  66133441896602787b60e604962f181f06171d101765da80813a952636f245ace68d51971709f783749ee4f41ef9860912de82f5d87485c278635f6f82a802c0
Score

10^/10

discovery evasion execution exploit
- Disables service(s)
  evasion execution
- Command and Scripting Interpreter: PowerShell
  Powershell Invoke Web Request.
  execution
- Modifies Windows Firewall
  evasion
- Possible privilege escalation attempt
  exploit
- Modifies file permissions
  discovery
behavioral1

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

System Services

Service Execution

Command and Scripting Interpreter

PowerShell

Persistence

Create or Modify System Process

Windows Service

Privilege Escalation

Create or Modify System Process

Windows Service

Defense Evasion

Impair Defenses

Disable or Modify System Firewall

File and Directory Permissions Modification

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Service Stop

Resource Development

Reconnaissance

Tasks

static1

behavioral1

discoveryevasionexecutionexploit