General
-
Target
69.exe
-
Size
2.4MB
-
Sample
241010-2mlydswbmn
-
MD5
165b9d15346eed1bd8da9780eb7ab4bf
-
SHA1
a9895dca7b49cd345634809d03baa51d5078c639
-
SHA256
6606052fe50484563254b45f679dcbb9d42fff8ede7e8dba609e2760a5e0b3b7
-
SHA512
b70d1ca87b71b2d0b9611e51e0a26e27b7d1a75072113965cbced770e3f46d9b7147225cb566ec06cac2921f8e4860faf882f96d2a866b2408dfacd4aaeecbf7
-
SSDEEP
49152:GpUlRhMQfcBROIbrGTPmbpzyLdKDfWLDooV9VwwzuDDFDdexGQw:GpUlBcjnpkwfkkS9V/YTAGj
Static task
static1
Malware Config
Targets
-
-
Target
69.exe
-
Size
2.4MB
-
MD5
165b9d15346eed1bd8da9780eb7ab4bf
-
SHA1
a9895dca7b49cd345634809d03baa51d5078c639
-
SHA256
6606052fe50484563254b45f679dcbb9d42fff8ede7e8dba609e2760a5e0b3b7
-
SHA512
b70d1ca87b71b2d0b9611e51e0a26e27b7d1a75072113965cbced770e3f46d9b7147225cb566ec06cac2921f8e4860faf882f96d2a866b2408dfacd4aaeecbf7
-
SSDEEP
49152:GpUlRhMQfcBROIbrGTPmbpzyLdKDfWLDooV9VwwzuDDFDdexGQw:GpUlBcjnpkwfkkS9V/YTAGj
-
Disables Task Manager via registry modification
-
Possible privilege escalation attempt
-
Executes dropped EXE
-
Modifies file permissions
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Drops file in System32 directory
-
MITRE ATT&CK Enterprise v15
Privilege Escalation
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Create or Modify System Process
1Windows Service
1Defense Evasion
Abuse Elevation Control Mechanism
1Bypass User Account Control
1File and Directory Permissions Modification
1Impair Defenses
2Disable or Modify Tools
1Modify Registry
1