Overview

overview

8

Static

static

1

ADZP 20 Complex.cmd

windows11-21h2-x64

8

Sharing

Copy URL
Twitter E-mail

General

  • Target

    ADZP 20 Complex.cmd

  • Size

    10KB

  • Sample

    240706-3cel1axanm

  • MD5

    17be1f1ea6fcfffcf7f20b7d714eeedf

  • SHA1

    c123a18e0f0cef6f74bf1847bd04350a2e5d1682

  • SHA256

    b685019dd9e6f3b57eaae044000fd711ea86581c9576160bb190571496b5862a

  • SHA512

    c657a0cfc561e4360a065077eb372db3000ceea1848af2d4c8fe73270f8673710f532a19ed7d2bddd54d9ef0efdd925afda49c12c883e5ccc8b8e3b469708308

  • SSDEEP

    192:88fvn9rD7rYVTiuIxhoAtpYAjDj8+3Y8dFLwJWap3ahzKc7jF4kuWSZBxAp:B9TEJWo3yzK6

Score
8/10
defense_evasiondiscoveryevasionexecutionexploitpersistenceprivilege_escalation

Malware Config

Targets

    • Target

      ADZP 20 Complex.cmd

    • Size

      10KB

    • MD5

      17be1f1ea6fcfffcf7f20b7d714eeedf

    • SHA1

      c123a18e0f0cef6f74bf1847bd04350a2e5d1682

    • SHA256

      b685019dd9e6f3b57eaae044000fd711ea86581c9576160bb190571496b5862a

    • SHA512

      c657a0cfc561e4360a065077eb372db3000ceea1848af2d4c8fe73270f8673710f532a19ed7d2bddd54d9ef0efdd925afda49c12c883e5ccc8b8e3b469708308

    • SSDEEP

      192:88fvn9rD7rYVTiuIxhoAtpYAjDj8+3Y8dFLwJWap3ahzKc7jF4kuWSZBxAp:B9TEJWo3yzK6

    Score
    8/10
    defense_evasiondiscoveryevasionexecutionexploitpersistenceprivilege_escalation

    • Command and Scripting Interpreter: PowerShell

      Run Powershell and hide display window.

      execution

    • Disables Task Manager via registry modification

      evasion

    • Modifies Windows Firewall

      evasion

    • Possible privilege escalation attempt

      exploit

    • Modifies file permissions

      discovery

    • File and Directory Permissions Modification: Windows File and Directory Permissions Modification

      defense_evasion

    • Modifies boot configuration data using bcdedit

    • Drops autorun.inf file

      Malware can abuse Windows Autorun to spread further via attached volumes.

    behavioral1

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Replication Through Removable Media

1
T1091

Execution

Command and Scripting Interpreter

2
T1059

PowerShell

1
T1059.001

Persistence

Create or Modify System Process

1
T1543

Windows Service

1
T1543.003

Event Triggered Execution

1
T1546

Netsh Helper DLL

1
T1546.007

Privilege Escalation

Create or Modify System Process

1
T1543

Windows Service

1
T1543.003

Event Triggered Execution

1
T1546

Netsh Helper DLL

1
T1546.007

Defense Evasion

Impair Defenses

1
T1562

Disable or Modify System Firewall

1
T1562.004

File and Directory Permissions Modification

2
T1222

Windows File and Directory Permissions Modification

1
T1222.001

Modify Registry

1
T1112

Hide Artifacts

1
T1564

Hidden Files and Directories

1
T1564.001

Credential Access

Discovery

System Information Discovery

1
T1082

Lateral Movement

Replication Through Removable Media

1
T1091

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks