85c26e3f2b78fb7d4ddfba93247f5ad3543e16182380953bda0f44ed2ddec858 | Triage

Submit
Reports

Overview

overview

Static

static

1

Oneclick-V6.1.bat

windows10-1703-x64

Sharing

General

Target

Oneclick-V6.1.bat
Size

192KB
Sample

240525-kedhlsbh37
MD5

6f3a6efba11c88a4055c583a5b11a3f8
SHA1

baefa7ba870bd2fecf98f03e3755aa947d4d9bb4
SHA256

85c26e3f2b78fb7d4ddfba93247f5ad3543e16182380953bda0f44ed2ddec858
SHA512

d832e8cb82170061cd1ce8b7e55640917d6a28a4c07e20432107c80df4dbac4848cb691fdeafa215e3877b326f49ba42c8d5deba38de34a515419fb00bde4ee7
SSDEEP

1536:pSPKdigMQgPTjIV4BwnywV9UKc+iVX4z6YtW0BZJDk4Jt9:lNPmWXJt9

Score

10^/10

discovery evasion execution exploit persistence ransomware trojan

Static task

static1

Behavioral task

behavioral1

Sample

Oneclick-V6.1.bat

Resource

win10-20240404-en

discovery evasion execution exploit persistence ransomware trojan

windows10-1703-x64

34 signatures

150 seconds

Malware Config

Targets

- Target
  
  Oneclick-V6.1.bat
- Size
  
  192KB
- MD5
  
  6f3a6efba11c88a4055c583a5b11a3f8
- SHA1
  
  baefa7ba870bd2fecf98f03e3755aa947d4d9bb4
- SHA256
  
  85c26e3f2b78fb7d4ddfba93247f5ad3543e16182380953bda0f44ed2ddec858
- SHA512
  
  d832e8cb82170061cd1ce8b7e55640917d6a28a4c07e20432107c80df4dbac4848cb691fdeafa215e3877b326f49ba42c8d5deba38de34a515419fb00bde4ee7
- SSDEEP
  
  1536:pSPKdigMQgPTjIV4BwnywV9UKc+iVX4z6YtW0BZJDk4Jt9:lNPmWXJt9
Score

10^/10

discovery evasion execution exploit persistence ransomware trojan
- Disables service(s)
  evasion execution
- Modifies security service
  evasion
- Modifies visibility of file extensions in Explorer
  evasion
- UAC bypass
  evasion trojan
- Modifies boot configuration data using bcdedit
  ransomware evasion
- Modifies Installed Components in the registry
  persistence
- Possible privilege escalation attempt
  exploit
- Stops running service(s)
  evasion execution
- Modifies file permissions
  discovery
- Registers COM server for autorun
  persistence
- Adds Run key to start application
  persistence
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
- Drops file in System32 directory
behavioral1

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

System Services

Service Execution

Command and Scripting Interpreter

PowerShell

Persistence

Create or Modify System Process

Windows Service

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Create or Modify System Process

Windows Service

Abuse Elevation Control Mechanism

Bypass User Account Control

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Hide Artifacts

Hidden Files and Directories

Abuse Elevation Control Mechanism

Bypass User Account Control

Impair Defenses

Disable or Modify Tools

File and Directory Permissions Modification

Credential Access

Discovery

Query Registry

Peripheral Device Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Service Stop

Inhibit System Recovery

Resource Development

Reconnaissance

Tasks

static1

behavioral1

discoveryevasionexecutionexploitpersistenceransomwaretrojan

© 2018-2024

Terms | Privacy