TEMP[.]bat | Triage

Sharing

Copy URL Twitter E-mail

General

Target

TEMP.bat
Size

5KB
MD5

dee763bb1b5aeb097297a3740028fe40
SHA1

92208a47dc0f0691528415e7bb816b5e1da2ed65
SHA256

91700c2e9e1ea5fdf9571deec624d14bf7922cf906c04a0a757e246af8ead497
SHA512

1249f9f22b850af12e9f879085b065dadbe251dcc60bf5ee02ad2c347f4420a147a659689034b48a0a8fdf4b28ff6647cc2845bde36ea6a148d5ee138a74d21d
SSDEEP

96:GnspmPEJKss4QxPfDxr0NikJ7i6BXf99+cCE7NowBd/4wNIFoiIFozI1mU1t:zp4EJvs4QxfDWIkJeE19+cCE7CwB5sFO

Score

10^/10

Malware Config

Signatures

Contains code to disable Windows Defender 1 IoCs

A .NET executable tasked with disabling Windows Defender capabilities such as realtime monitoring, blocking at first seen, etc.

resource	yara_rule
sample	disable_win_def

Files

TEMP.bat
.bat .ps1