General
-
Target
spoof.zip
-
Size
565KB
-
Sample
240930-r1j1vazhrm
-
MD5
135bfcd7aaeeb3735f0c54b5f369dd8d
-
SHA1
8f79cc33c22469bdf1305c7e139772dda8c0bb98
-
SHA256
ad28a59e2234cee44a0eee96aff1c7a71054a40734d289fe0d436e79247ad6d3
-
SHA512
8df5ac25479ffdf60309f95a69078ea249b8c6efc34f5a80a6daa06f9e391a490c7c63ebc9dffb8f6fa121a2293b317b94674b34ee22c079090aecfb8eeb769a
-
SSDEEP
12288:Cq0wZ837dYRzxko5wLJXOKfegCEkwg+al7+fzohptnT1cby21fX:x0fLdYDyLJXN2gCEV2KfzAnBcby2JX
Static task
static1
Behavioral task
behavioral1
Sample
spoof.zip
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
spoof.zip
Resource
win10v2004-20240802-en
Malware Config
Targets
-
-
Target
spoof.zip
-
Size
565KB
-
MD5
135bfcd7aaeeb3735f0c54b5f369dd8d
-
SHA1
8f79cc33c22469bdf1305c7e139772dda8c0bb98
-
SHA256
ad28a59e2234cee44a0eee96aff1c7a71054a40734d289fe0d436e79247ad6d3
-
SHA512
8df5ac25479ffdf60309f95a69078ea249b8c6efc34f5a80a6daa06f9e391a490c7c63ebc9dffb8f6fa121a2293b317b94674b34ee22c079090aecfb8eeb769a
-
SSDEEP
12288:Cq0wZ837dYRzxko5wLJXOKfegCEkwg+al7+fzohptnT1cby21fX:x0fLdYDyLJXN2gCEV2KfzAnBcby2JX
-
Modifies visibility of file extensions in Explorer
-
Modifies visiblity of hidden/system files in Explorer
-
Modifies boot configuration data using bcdedit
-
Modify Registry: Disable Windows Driver Blocklist
Disable Windows Driver Blocklist via Registry.
-
Possible privilege escalation attempt
-
Modifies file permissions
-
Power Settings
powercfg controls all configurable power system settings on a Windows system and can be abused to prevent an infected host from locking or shutting down.
-
Drops file in System32 directory
-
Sets desktop wallpaper using registry
-
MITRE ATT&CK Enterprise v15
Privilege Escalation
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Defense Evasion
Abuse Elevation Control Mechanism
1Bypass User Account Control
1File and Directory Permissions Modification
1Hide Artifacts
2Hidden Files and Directories
2Impair Defenses
2Disable or Modify Tools
1Modify Registry
5