Resubmissions

30-09-2024 12:56

240930-p6fjhazhrc 10

General

  • Target

    ULTIMAETWEAKS.bat

  • Size

    330KB

  • Sample

    240930-p6fjhazhrc

  • MD5

    bc37eb910116669d003e217c0b6cb36e

  • SHA1

    317f3f8b73cb6cf8b424fecfa7b8a9ec326bb7c5

  • SHA256

    f1c360f996f5febc682d56d849b369f9a9fee8d6402c2a75e8de24322ec39441

  • SHA512

    4ea6a77405ff623e2a97c5ac5a15cf863bac7677787ceeba6a048aefe7928de0a2b1ab4c4d66bce0797db06100793ed18a16ac79febe9f86fa0558b3bb79de5d

  • SSDEEP

    1536:VUkO7+Ym+bChbCFACzAC3rbwP+yVd+ipHD/EEUmjNG0H0QcFlV4S0v:87zbmbkAqAyhiV7EElcFlV4S0v

Malware Config

Targets

    • Target

      ULTIMAETWEAKS.bat

    • Size

      330KB

    • MD5

      bc37eb910116669d003e217c0b6cb36e

    • SHA1

      317f3f8b73cb6cf8b424fecfa7b8a9ec326bb7c5

    • SHA256

      f1c360f996f5febc682d56d849b369f9a9fee8d6402c2a75e8de24322ec39441

    • SHA512

      4ea6a77405ff623e2a97c5ac5a15cf863bac7677787ceeba6a048aefe7928de0a2b1ab4c4d66bce0797db06100793ed18a16ac79febe9f86fa0558b3bb79de5d

    • SSDEEP

      1536:VUkO7+Ym+bChbCFACzAC3rbwP+yVd+ipHD/EEUmjNG0H0QcFlV4S0v:87zbmbkAqAyhiV7EElcFlV4S0v

    • Disables service(s)

    • Modifies visibility of file extensions in Explorer

    • UAC bypass

    • Disables taskbar notifications via registry modification

    • Possible privilege escalation attempt

    • Server Software Component: Terminal Services DLL

    • Stops running service(s)

    • Executes dropped EXE

    • Loads dropped DLL

    • Modifies file permissions

    • Modifies system executable filetype association

    • Adds Run key to start application

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Hijack Execution Flow: Executable Installer File Permissions Weakness

      Possible Turn off User Account Control's privilege elevation for standard users.

    • Power Settings

      powercfg controls all configurable power system settings on a Windows system and can be abused to prevent an infected host from locking or shutting down.

    • Hide Artifacts: Hidden Files and Directories

MITRE ATT&CK Enterprise v15

Tasks