General
-
Target
s32del.bat
-
Size
606B
-
Sample
240818-yzxzmsvfml
-
MD5
ccd3db2fa5f6a049694180b25412cb45
-
SHA1
80b77841add6f515db012c9b88259e7e6fe6e3f6
-
SHA256
e8558fe2ccae8aea962d0bbbdc26289b27b4b5899e93dc4b01347d9f206eb5d8
-
SHA512
eb5f0f28e3641ddc784c85a6e8d978efa89693513473d4c6b6f2366a266f2fb5ef750efdb698c44b744c6b99cbc59af0c98957dbcf94b56b6f02dc62ec4545de
Static task
static1
Behavioral task
behavioral1
Sample
s32del.bat
Resource
win10-20240404-en
Malware Config
Targets
-
-
Target
s32del.bat
-
Size
606B
-
MD5
ccd3db2fa5f6a049694180b25412cb45
-
SHA1
80b77841add6f515db012c9b88259e7e6fe6e3f6
-
SHA256
e8558fe2ccae8aea962d0bbbdc26289b27b4b5899e93dc4b01347d9f206eb5d8
-
SHA512
eb5f0f28e3641ddc784c85a6e8d978efa89693513473d4c6b6f2366a266f2fb5ef750efdb698c44b744c6b99cbc59af0c98957dbcf94b56b6f02dc62ec4545de
Score8/10-
Drops file in Drivers directory
-
Manipulates Digital Signatures
Attackers can apply techniques such as modifying certain DLL exports to make their binary seem valid.
-
Possible privilege escalation attempt
-
Boot or Logon Autostart Execution: Print Processors
Adversaries may abuse print processors to run malicious DLLs during system boot for persistence and/or privilege escalation.
-
Modifies file permissions
-
Drops file in System32 directory
-
Modifies termsrv.dll
Commonly used to allow simultaneous RDP sessions.
-