Overview

overview

8

Static

static

1

KMS_VL_ALL_AIO.cmd

windows7-x64

8

KMS_VL_ALL_AIO.cmd

windows10-2004-x64

8

Resubmissions

25/07/2024, 13:21

240725-ql2fxatemf 8

25/07/2024, 13:17

240725-qjq76azhrl 8

Sharing

Copy URL
Twitter E-mail

General

  • Target

    KMS_VL_ALL_AIO.cmd

  • Size

    305KB

  • Sample

    240725-qjq76azhrl

  • MD5

    33f59b72aaa2d7257384f15e5fd9a536

  • SHA1

    f2b980813fc36e39bfa45e14bf87ec18368a3cf4

  • SHA256

    9a1ceb9bf93c1a7c920105b55755ea8d773f24989a0a0179d5d9f5a891e9d37a

  • SHA512

    f71e0a7da3f4d4d41519be05eb5e3aaa18e6502087c2f30351c7498a297493945a4d63010912edc6ba62f3a0a211419b62cce1a2e51a9e3628f34392d6a630fc

  • SSDEEP

    6144:YTJ9JzFmdIc8dGT6SLCc6Ekr6gIeQ6TsHjcqBD+N8H5:yJ9JzoIcfN6EkrzISTsHAqN26

Score
8/10
defense_evasionexecutionpersistence

Malware Config

Targets

    • Target

      KMS_VL_ALL_AIO.cmd

    • Size

      305KB

    • MD5

      33f59b72aaa2d7257384f15e5fd9a536

    • SHA1

      f2b980813fc36e39bfa45e14bf87ec18368a3cf4

    • SHA256

      9a1ceb9bf93c1a7c920105b55755ea8d773f24989a0a0179d5d9f5a891e9d37a

    • SHA512

      f71e0a7da3f4d4d41519be05eb5e3aaa18e6502087c2f30351c7498a297493945a4d63010912edc6ba62f3a0a211419b62cce1a2e51a9e3628f34392d6a630fc

    • SSDEEP

      6144:YTJ9JzFmdIc8dGT6SLCc6Ekr6gIeQ6TsHjcqBD+N8H5:yJ9JzoIcfN6EkrzISTsHAqN26

    Score
    8/10
    defense_evasionexecutionpersistence

    • Event Triggered Execution: Image File Execution Options Injection

      persistence

    • Loads dropped DLL

    • Command and Scripting Interpreter: PowerShell

      Using powershell.exe command.

      execution

    • Indicator Removal: Clear Persistence

      remove IFEO.

      defense_evasion

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks