a32ac8894917da3ea40a4b544b7d0e67b0aaec406589ad0060bfacfbb8099b63 | Triage

Sharing

General

Target

priv pallet lock.bat
Size

5KB
Sample

240727-hbhl2ssbqk
MD5

28aa4fdc961537cbe5f1049512b2f5e2
SHA1

e14dafcfa5eeee6809df73d92c376da9f16c0464
SHA256

a32ac8894917da3ea40a4b544b7d0e67b0aaec406589ad0060bfacfbb8099b63
SHA512

70bfced1aa6327cbd90214ad0d40870b4870f45db1a0dee4a30ffdddd48448477432f9733bca9eae5536b3ba551e2f82bc9b99d60dae526776633684debb4270
SSDEEP

96:BhHJjdoSELCunlubho+A+FQTYtfbs5xeq3:BhHNunlubho+A+FQTM4xeq3

Score

7^/10

defense_evasion discovery execution persistence privilege_escalation

Malware Config

Targets

- Target
  
  priv pallet lock.bat
- Size
  
  5KB
- MD5
  
  28aa4fdc961537cbe5f1049512b2f5e2
- SHA1
  
  e14dafcfa5eeee6809df73d92c376da9f16c0464
- SHA256
  
  a32ac8894917da3ea40a4b544b7d0e67b0aaec406589ad0060bfacfbb8099b63
- SHA512
  
  70bfced1aa6327cbd90214ad0d40870b4870f45db1a0dee4a30ffdddd48448477432f9733bca9eae5536b3ba551e2f82bc9b99d60dae526776633684debb4270
- SSDEEP
  
  96:BhHJjdoSELCunlubho+A+FQTYtfbs5xeq3:BhHNunlubho+A+FQTM4xeq3
Score

7^/10

defense_evasion discovery execution persistence privilege_escalation
- Indirect Command Execution
  Adversaries may abuse utilities that allow for command execution to bypass security restrictions that limit the use of command-line interpreters.
  defense_evasion
- Command and Scripting Interpreter: PowerShell
  Using powershell.exe command.
  execution
- Indicator Removal: File Deletion
  Adversaries may delete files left behind by the actions of their intrusion activity.
  defense_evasion
- Power Settings
  powercfg controls all configurable power system settings on a Windows system and can be abused to prevent an infected host from locking or shutting down.
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

PowerShell

Persistence

Event Triggered Execution

Netsh Helper DLL

Power Settings

Privilege Escalation

Event Triggered Execution

Netsh Helper DLL

Defense Evasion

Hide Artifacts

Ignore Process Interrupts

Indicator Removal

File Deletion

Indirect Command Execution

Credential Access

Discovery

System Time Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

defense_evasiondiscoveryexecutionpersistenceprivilege_escalation