Overview

overview

10

Static

static

10

menace_tool.exe

windows10-1703-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    menace_tool.exe

  • Size

    25.0MB

  • Sample

    240930-d62wyswdjp

  • MD5

    bc5612052b3f70790e09230ea7a02b74

  • SHA1

    2960ad9c964e9d2042229461c5e24719dc48e90e

  • SHA256

    bc7a70838b0d07d8eb533a523d40803eedc754538385c91a37aee0e20d1d3601

  • SHA512

    a0a08e5ff44a61bc4871e54361041cd693db43dcb779d21b73f79f0a43b7b2708388b4bb6388969d6ff854ce181987c7dfa253e7ef4b638f63bd6c6a49367a9a

  • SSDEEP

    196608:FGFcCaeN/FJMIDJf/gsAGKVrl1RmvXoY5:fe/Fqyf/gsa9mvYY5

Score
10/10
blankgrabberdiscoveryevasionexecutionupx

Malware Config

Targets

    • Target

      menace_tool.exe

    • Size

      25.0MB

    • MD5

      bc5612052b3f70790e09230ea7a02b74

    • SHA1

      2960ad9c964e9d2042229461c5e24719dc48e90e

    • SHA256

      bc7a70838b0d07d8eb533a523d40803eedc754538385c91a37aee0e20d1d3601

    • SHA512

      a0a08e5ff44a61bc4871e54361041cd693db43dcb779d21b73f79f0a43b7b2708388b4bb6388969d6ff854ce181987c7dfa253e7ef4b638f63bd6c6a49367a9a

    • SSDEEP

      196608:FGFcCaeN/FJMIDJf/gsAGKVrl1RmvXoY5:fe/Fqyf/gsa9mvYY5

    Score
    10/10
    discoveryevasionexecutionupx

    • Deletes Windows Defender Definitions

      Uses mpcmdrun utility to delete all AV definitions.

      evasion

    • Command and Scripting Interpreter: PowerShell

      Using powershell.exe command.

      execution

    • Loads dropped DLL

    • Enumerates processes with tasklist

      discovery

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx
    behavioral1

MITRE ATT&CK Enterprise v15

Tasks