General

  • Target

    https://transactcampus-my.sharepoint.com/:u:/p/jermaine_moore/EQbfFMyPxglIh3K27rqw79UB54icqYO6Gbq92vFUX91rZQ?e=nXkXAx

  • Sample

    240930-khc19avgrl

Malware Config

Targets

    • Target

      https://transactcampus-my.sharepoint.com/:u:/p/jermaine_moore/EQbfFMyPxglIh3K27rqw79UB54icqYO6Gbq92vFUX91rZQ?e=nXkXAx

    • Command and Scripting Interpreter: PowerShell

      Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.

    • Possible privilege escalation attempt

    • Modifies file permissions

    • Network Share Discovery

      Attempt to gather information on host network.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks