General
-
Target
https://cdn.discordapp.com/attachments/1231953046066434059/1286827863730950155/PC_ZONE_FREE_UTILITY_V1.rar?ex=66ef5356&is=66ee01d6&hm=c72d04dfe9d39cc42f8a70421f0acb4cc9d255d4e03b94f134c0a34ca6e13c1f&
-
Sample
240920-28bpjsterp
Malware Config
Targets
-
-
Target
https://cdn.discordapp.com/attachments/1231953046066434059/1286827863730950155/PC_ZONE_FREE_UTILITY_V1.rar?ex=66ef5356&is=66ee01d6&hm=c72d04dfe9d39cc42f8a70421f0acb4cc9d255d4e03b94f134c0a34ca6e13c1f&
Score10/10-
Disables service(s)
-
Modifies boot configuration data using bcdedit
-
Event Triggered Execution: Image File Execution Options Injection
-
Stops running service(s)
-
Executes dropped EXE
-
Indicator Removal: Clear Persistence
remove IFEO.
-
Indicator Removal: File Deletion
Adversaries may delete files left behind by the actions of their intrusion activity.
-
Power Settings
powercfg controls all configurable power system settings on a Windows system and can be abused to prevent an infected host from locking or shutting down.
-
MITRE ATT&CK Enterprise v15
Execution
Command and Scripting Interpreter
1PowerShell
1System Services
2Service Execution
2Persistence
Create or Modify System Process
2Windows Service
2Event Triggered Execution
1Image File Execution Options Injection
1Power Settings
1Privilege Escalation
Create or Modify System Process
2Windows Service
2Event Triggered Execution
1Image File Execution Options Injection
1Defense Evasion
Hide Artifacts
1Ignore Process Interrupts
1Impair Defenses
2Disable or Modify Tools
1Indicator Removal
2Clear Persistence
1File Deletion
1Modify Registry
2