hxxps://ufile[.]io/mhnszhl8 | Triage

Resubmissions

01-09-2024 19:54

240901-ymwaaazfjm 8

01-09-2024 19:51

240901-ykybvs1bma 5

Sharing

General

Target

https://ufile.io/mhnszhl8
Sample

240901-ymwaaazfjm

Score

8^/10

defense_evasion discovery evasion execution persistence

Malware Config

Targets

- Target
  
  https://ufile.io/mhnszhl8
Score

8^/10

defense_evasion discovery evasion execution persistence
- Command and Scripting Interpreter: PowerShell
  Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
  execution
- Stops running service(s)
  evasion execution
- Executes dropped EXE
- Obfuscated Files or Information: Command Obfuscation
  Adversaries may obfuscate content during command execution to impede detection.
  defense_evasion
- Power Settings
  powercfg controls all configurable power system settings on a Windows system and can be abused to prevent an infected host from locking or shutting down.
  persistence
- Drops file in System32 directory
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

PowerShell

System Services

Service Execution

Persistence

Create or Modify System Process

Windows Service

Power Settings

Privilege Escalation

Create or Modify System Process

Windows Service

Defense Evasion

Impair Defenses

Obfuscated Files or Information

Command Obfuscation

Credential Access

Discovery

Browser Information Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Service Stop

Tasks

static1

urlscan1

behavioral1

defense_evasiondiscoveryevasionexecutionpersistence