Overview

overview

10

Static

static

1

text.bat

windows7-x64

10

text.bat

windows10-2004-x64

Sharing

Copy URL
Twitter E-mail

General

  • Target

    text.bat

  • Size

    4KB

  • Sample

    240819-zknm4aygjl

  • MD5

    f9dd0405a05bf4a0168efc36dac9590c

  • SHA1

    a45d7de98c991833e636ebb9f91cb0993c4ceb19

  • SHA256

    e17b2cb2d9f860b52062b70cb26279b25a66a16d54613479137092e6b0b7106b

  • SHA512

    0509f1bba839b96e88225eac41a15294cd2127bb6624ca93e966b903765d05574772adbed2fcf9efb94b9934d041c0bccad07f41ed848a0ade87b790b421806f

  • SSDEEP

    96:1E0EKXa0Xnq72gvXkkHPUYuvwQIVu6SAIXtiuBdwYAvhsQ1HMgNWLs0I26q:p767Hf1fSN0MdwYAZsSnasx2H

Score
10/10
discoveryevasionexecutionransomware

Malware Config

Targets

    • Target

      text.bat

    • Size

      4KB

    • MD5

      f9dd0405a05bf4a0168efc36dac9590c

    • SHA1

      a45d7de98c991833e636ebb9f91cb0993c4ceb19

    • SHA256

      e17b2cb2d9f860b52062b70cb26279b25a66a16d54613479137092e6b0b7106b

    • SHA512

      0509f1bba839b96e88225eac41a15294cd2127bb6624ca93e966b903765d05574772adbed2fcf9efb94b9934d041c0bccad07f41ed848a0ade87b790b421806f

    • SSDEEP

      96:1E0EKXa0Xnq72gvXkkHPUYuvwQIVu6SAIXtiuBdwYAvhsQ1HMgNWLs0I26q:p767Hf1fSN0MdwYAZsSnasx2H

    Score
    10/10
    discoveryevasionexecutionransomware

    • Disables service(s)

      evasionexecution

    • Modifies boot configuration data using bcdedit

      ransomwareevasion

    • Blocklisted process makes network request

    • Command and Scripting Interpreter: PowerShell

      Using powershell.exe command.

      execution

    • Command and Scripting Interpreter: PowerShell

      Powershell Invoke Web Request.

      execution

    • Stops running service(s)

      evasionexecution

    • Drops desktop.ini file(s)

    • Drops file in System32 directory

    • Enumerates processes with tasklist

      discovery

    • Sets desktop wallpaper using registry

      ransomware
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks