General
-
Target
z3NOVOPEDIDODECOMPRA.exe
-
Size
3.3MB
-
Sample
240716-nkz6cashme
-
MD5
7287e41cfb376388b55cee149649dc13
-
SHA1
aa0adb1fbb53c641b496576510325cb472b7a1b8
-
SHA256
b77792487c03ffa2343cc4406834d7b3246608635d70b9bbcb43bfd6d48abb3e
-
SHA512
c571791c162ceeb62538216bcf1de7275e0d1c0fffe3bd325305937779e242fa00cb88d950b81d1a040143521955eae1095ab211690947ec07e909266bce485c
-
SSDEEP
12288:9c9QpR49c/s5W3BlGIv83x8Er1+1/zGGtqN0tEVprKZCM/xNIc11qbb:a6VseFk3xZrI6tNfT2ZCM/xNIcCbb
Malware Config
Targets
-
-
Target
z3NOVOPEDIDODECOMPRA.exe
-
Size
3.3MB
-
MD5
7287e41cfb376388b55cee149649dc13
-
SHA1
aa0adb1fbb53c641b496576510325cb472b7a1b8
-
SHA256
b77792487c03ffa2343cc4406834d7b3246608635d70b9bbcb43bfd6d48abb3e
-
SHA512
c571791c162ceeb62538216bcf1de7275e0d1c0fffe3bd325305937779e242fa00cb88d950b81d1a040143521955eae1095ab211690947ec07e909266bce485c
-
SSDEEP
12288:9c9QpR49c/s5W3BlGIv83x8Er1+1/zGGtqN0tEVprKZCM/xNIc11qbb:a6VseFk3xZrI6tNfT2ZCM/xNIcCbb
Score10/10-
UAC bypass
-
Windows security bypass
-
Adds policy Run key to start application
-
Command and Scripting Interpreter: PowerShell
Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Windows security modification
-
Adds Run key to start application
-
Checks whether UAC is enabled
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Enterprise v15
Privilege Escalation
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Boot or Logon Autostart Execution
2Registry Run Keys / Startup Folder
2