General
-
Target
4093bbcc81ac07e93a0ad1e1817e1529deb8ea3b06239308658b2712e0adff9eN
-
Size
8.6MB
-
Sample
241006-qlsh1awclk
-
MD5
02ce76f0e3f059f1d527040a2a1d4be0
-
SHA1
52514341de8327bd65d8b333ecff025f639e4ac5
-
SHA256
4093bbcc81ac07e93a0ad1e1817e1529deb8ea3b06239308658b2712e0adff9e
-
SHA512
9668643323493751f0021cc83ad222f422c77f12b0c0e214c18c245940d9e883a8edf8d28caeb8f1ee68ff043a181bfe0d5676a76d67ac128b8470cdfb5548be
-
SSDEEP
196608:zE0aFaUSCsXDjDyfadJolpPgToa10/MIGdFOnJ4H6U62jto4UKFTUy:QLFaHCEDjJ83a10YsQ7o4
Behavioral task
behavioral1
Sample
4093bbcc81ac07e93a0ad1e1817e1529deb8ea3b06239308658b2712e0adff9eN.exe
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
4093bbcc81ac07e93a0ad1e1817e1529deb8ea3b06239308658b2712e0adff9eN.exe
Resource
win10v2004-20240802-en
Malware Config
Targets
-
-
Target
4093bbcc81ac07e93a0ad1e1817e1529deb8ea3b06239308658b2712e0adff9eN
-
Size
8.6MB
-
MD5
02ce76f0e3f059f1d527040a2a1d4be0
-
SHA1
52514341de8327bd65d8b333ecff025f639e4ac5
-
SHA256
4093bbcc81ac07e93a0ad1e1817e1529deb8ea3b06239308658b2712e0adff9e
-
SHA512
9668643323493751f0021cc83ad222f422c77f12b0c0e214c18c245940d9e883a8edf8d28caeb8f1ee68ff043a181bfe0d5676a76d67ac128b8470cdfb5548be
-
SSDEEP
196608:zE0aFaUSCsXDjDyfadJolpPgToa10/MIGdFOnJ4H6U62jto4UKFTUy:QLFaHCEDjJ83a10YsQ7o4
-
Command and Scripting Interpreter: PowerShell
Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
-
Modifies Windows Firewall
-
Possible privilege escalation attempt
-
Loads dropped DLL
-
Modifies file permissions
-
MITRE ATT&CK Enterprise v15
Persistence
Create or Modify System Process
1Windows Service
1Event Triggered Execution
1Netsh Helper DLL
1Privilege Escalation
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Create or Modify System Process
1Windows Service
1Event Triggered Execution
1Netsh Helper DLL
1