Overview

overview

10

Static

static

1

penis.bat

windows10-2004-x64

10

penis.bat

windows11-21h2-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    penis.bat

  • Size

    211B

  • Sample

    240829-weg2kstcnd

  • MD5

    2c7b4b9e981962a2865f0b402fcbf099

  • SHA1

    2836b4f798cdc6a4919cd8f915bda2d71f8423e9

  • SHA256

    87093db0124c0b77b6c8c538684a2471266297abef18ec612c2bd5dd2a4edbda

  • SHA512

    7356ecdc1b667bbfe8637d05d116e3c9a41648aa53527a84f1e4db455ea8a79774bc3c3232cfbf095fff6b00d90cfd8aab6f23d0f00543d0aca9938ea77316cb

Score
10/10
executionpersistenceprivilege_escalation

Malware Config

Targets

    • Target

      penis.bat

    • Size

      211B

    • MD5

      2c7b4b9e981962a2865f0b402fcbf099

    • SHA1

      2836b4f798cdc6a4919cd8f915bda2d71f8423e9

    • SHA256

      87093db0124c0b77b6c8c538684a2471266297abef18ec612c2bd5dd2a4edbda

    • SHA512

      7356ecdc1b667bbfe8637d05d116e3c9a41648aa53527a84f1e4db455ea8a79774bc3c3232cfbf095fff6b00d90cfd8aab6f23d0f00543d0aca9938ea77316cb

    Score
    10/10
    executionpersistenceprivilege_escalation

    • Modifies WinLogon for persistence

      persistence

    • Blocklisted process makes network request

    • Downloads MZ/PE file

    • Event Triggered Execution: AppInit DLLs

      Adversaries may establish persistence and/or elevate privileges by executing malicious content triggered by AppInit DLLs loaded into processes.

      persistenceprivilege_escalation

    • Executes dropped EXE

    • Loads dropped DLL

    • Command and Scripting Interpreter: PowerShell

      Using powershell.exe command.

      execution
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks