Overview

overview

8

Static

static

3

parsec-win...1).exe

windows11-21h2-x64

8

$PLUGINSDI...ID.dll

windows11-21h2-x64

3

$PLUGINSDI...em.dll

windows11-21h2-x64

3

$PLUGINSDI...gs.dll

windows11-21h2-x64

3

$PLUGINSDI...ec.dll

windows11-21h2-x64

3

parsecd.exe

windows11-21h2-x64

1

pservice.exe

windows11-21h2-x64

1

skel/parse...5a.dll

windows11-21h2-x64

1

teams.exe

windows11-21h2-x64

1

vdd/parsec-vdd.exe

windows11-21h2-x64

8

$PLUGINSDI...em.dll

windows11-21h2-x64

3

$PLUGINSDI...ec.dll

windows11-21h2-x64

3

driver/mm.dll

windows11-21h2-x64

1

nefconw.exe

windows11-21h2-x64

1

vddinstall.bat

windows11-21h2-x64

8

vdduninstall.bat

windows11-21h2-x64

4

vusb/parsec-vud.exe

windows11-21h2-x64

8

$PLUGINSDI...em.dll

windows11-21h2-x64

3

$PLUGINSDI...fo.dll

windows11-21h2-x64

3

$PLUGINSDI...gs.dll

windows11-21h2-x64

3

$PLUGINSDI...ec.dll

windows11-21h2-x64

3

nefconc.exe

windows11-21h2-x64

1

nefconw.exe

windows11-21h2-x64

1

parsecvirt...ds.sys

windows11-21h2-x64

1

parsecvusb...ba.sys

windows11-21h2-x64

1

vusbinstall.bat

windows11-21h2-x64

8

wscripts/f...dd.vbs

windows11-21h2-x64

1

wscripts/f...ve.vbs

windows11-21h2-x64

8

wscripts/l...up.vbs

windows11-21h2-x64

3

wscripts/s...ll.vbs

windows11-21h2-x64

8

wscripts/s...ec.vbs

windows11-21h2-x64

4

wscripts/s...ve.vbs

windows11-21h2-x64

8

Sharing

Copy URL Twitter E-mail

General

  • Target

    parsec-windows (1).exe

  • Size

    3.9MB

  • Sample

    241012-hyajystepm

  • MD5

    5be3333a5e6933a5e8977e85dc56f571

  • SHA1

    5fc2e86bea1b723948f1a2d83395109573f08b16

  • SHA256

    32ab1d25825f510b8be2bfd73a48d6539db914a9382726dd486be114f6ccae6e

  • SHA512

    6332fb8296b5d66bbedba535dd48dae351939643f705476a19de79f71aac05083913d75e11b8a9de953031c8224c2a638035fbfc434f249c8d7ae824ba2b78ed

  • SSDEEP

    98304:js+MQnPLeMNCvYaPhJTcYaxYEDzuWqbZJM3+:jsvyeMjguYax7z+bi+

Score
8/10
discoveryevasionexecutionpersistenceprivilege_escalation

Malware Config

Targets

    • Target

      parsec-windows (1).exe

    • Size

      3.9MB

    • MD5

      5be3333a5e6933a5e8977e85dc56f571

    • SHA1

      5fc2e86bea1b723948f1a2d83395109573f08b16

    • SHA256

      32ab1d25825f510b8be2bfd73a48d6539db914a9382726dd486be114f6ccae6e

    • SHA512

      6332fb8296b5d66bbedba535dd48dae351939643f705476a19de79f71aac05083913d75e11b8a9de953031c8224c2a638035fbfc434f249c8d7ae824ba2b78ed

    • SSDEEP

      98304:js+MQnPLeMNCvYaPhJTcYaxYEDzuWqbZJM3+:jsvyeMjguYax7z+bi+

    Score
    8/10
    discoveryevasionexecutionpersistenceprivilege_escalation
    behavioral1

    • Target

      $PLUGINSDIR/ApplicationID.dll

    • Size

      196KB

    • MD5

      a858c1a57e32485505b1977cf0a125be

    • SHA1

      25d86c4b51f7cc10fc70e3a0493a39c4460cc350

    • SHA256

      1462a072345e86318b981089b08b613a34027ddf527bfb66606c683f218fc3b4

    • SHA512

      32b597fc2412a9407fd12ac77c556ff9740f1dd0d2055426d11a7baf21b09c536a84cfb97865b4e94168656514e7ce71eb2bc4122aa340100f4ce483bad1722d

    • SSDEEP

      3072:2pBNN6AmU9cDlKd3P6V9nSm49WTgKg4Fa1V3FuXRAuAg0FubA9cVsL+73:2pzxmQ3yL+9MgKbxAOEXY

    Score
    3/10
    discovery
    behavioral2

    • Target

      $PLUGINSDIR/System.dll

    • Size

      12KB

    • MD5

      cff85c549d536f651d4fb8387f1976f2

    • SHA1

      d41ce3a5ff609df9cf5c7e207d3b59bf8a48530e

    • SHA256

      8dc562cda7217a3a52db898243de3e2ed68b80e62ddcb8619545ed0b4e7f65a8

    • SHA512

      531d6328daf3b86d85556016d299798fa06fefc81604185108a342d000e203094c8c12226a12bd6e1f89b0db501fb66f827b610d460b933bd4ab936ac2fd8a88

    • SSDEEP

      192:Zjvco0qWTlt70m5Aj/lQ0sEWD/wtYbBHFNaDybC7y+XBz0QPi:FHQlt70mij/lQRv/9VMjzr

    Score
    3/10
    discovery
    behavioral3

    • Target

      $PLUGINSDIR/nsDialogs.dll

    • Size

      9KB

    • MD5

      6c3f8c94d0727894d706940a8a980543

    • SHA1

      0d1bcad901be377f38d579aafc0c41c0ef8dcefd

    • SHA256

      56b96add1978b1abba286f7f8982b0efbe007d4a48b3ded6a4d408e01d753fe2

    • SHA512

      2094f0e4bb7c806a5ff27f83a1d572a5512d979eefda3345baff27d2c89e828f68466d08c3ca250da11b01fc0407a21743037c25e94fbe688566dd7deaebd355

    • SSDEEP

      96:o0svUu3Uy+sytcS8176b+XR8pCHFcMcxSgB5PKtAtgt+Nt+rnt3DVEB3YcNqkzfS:o0svWyNO81b8pCHFcM0PuAgkOyuIFc

    Score
    3/10
    discovery
    behavioral4

    • Target

      $PLUGINSDIR/nsExec.dll

    • Size

      7KB

    • MD5

      675c4948e1efc929edcabfe67148eddd

    • SHA1

      f5bdd2c4329ed2732ecfe3423c3cc482606eb28e

    • SHA256

      1076ca39c449ed1a968021b76ef31f22a5692dfafeea29460e8d970a63c59906

    • SHA512

      61737021f86f54279d0a4e35db0d0808e9a55d89784a31d597f2e4b65b7bbeec99aa6c79d65258259130eeda2e5b2820f4f1247777a3010f2dc53e30c612a683

    • SSDEEP

      96:J9zdzBzMDByZtr/HDQIUIq9m6v6vBckzu9wSBpLEgvElHlernNQaSGYuH2DQ:JykDr/HA5v6G2IElFernNQZGdHW

    Score
    3/10
    discovery
    behavioral5

    • Target

      parsecd.exe

    • Size

      454KB

    • MD5

      62beb668110b4c5ddad09bb20d921cb6

    • SHA1

      f3706372c01d1e607ff8c605307de6ef2c26c1a4

    • SHA256

      6f1be9e26e403a885cc3b1ff0e4dbecbc96c0821119d25990c3e211564f215d5

    • SHA512

      8994c3f1c78b0a816ecf30e463af8d6ddfd0a0ce7b962cbf13e9bbd360d37a024b8ee69c76745f4c332a4786dbfb9216667b1d03c32c60a7c06e85359a2186ee

    • SSDEEP

      6144:rkdyuNAbS9p400tm61bXdCwx+3y6kR1DnjvGms7X5od0:rkUuNAbS9p9cx1rdCwh6+/+msjmd0

    Score
    1/10
    behavioral6

    • Target

      pservice.exe

    • Size

      408KB

    • MD5

      46cd3fc327af9109bd143ba7f16df397

    • SHA1

      53d2a6bcf0d21168050b852e287c2ef62f52f909

    • SHA256

      5a699a165838c739e449ac19a52e0a05b841bcee1a27f7d348f0dd04c8e277a3

    • SHA512

      d6e35f0dd4f6ef259dd7040d80cd469f27eb460836a4c767d40678ce82b46ce4c38b329c0cf3b41236cea2f0333f94669cfbef05ef484d91035f52ad4c1a5ca3

    • SSDEEP

      6144:qaoZkv+B1x9heMY32Z4iZDzDJGjvGms7X5Hm:4Zkv+B1x9cMu2ZzS+msjZ

    Score
    1/10
    behavioral7

    • Target

      skel/parsecd-150-95a.dll

    • Size

      3.4MB

    • MD5

      e12b3a175af451d906f547027f0fa078

    • SHA1

      b08f783c7f6479a62c74433087e041a58af02ee4

    • SHA256

      e1c7498a58769c2d740d54895f04bf7e0926576583efee02b79239b5a0411b5c

    • SHA512

      6d595595f0413d1f9cbe380e8f3903b872a20d425eda47454aab3d05e4acd0c8ad24681b76f65bc00c7f71441ae62853b2ef636e98df1b605b16f5a4376a9dcd

    • SSDEEP

      49152:Ie2UZFSMiNx9Et0/y5aAWdMCChm0Np89SgvOM/ti7Ioo2v30ayYd5HClWkhKDoyg:IeX47Ml+aBEvZBlkAH3

    Score
    1/10
    behavioral8

    • Target

      teams.exe

    • Size

      342KB

    • MD5

      faa24223985abfbf64e4ddcd43f062d3

    • SHA1

      e1374dc7c98405efc5a44aa3229b97eabdd69bb2

    • SHA256

      6dc71b2e92b770dcfeca4a32c8f1787210311f731f1124754df193ec22d5d13e

    • SHA512

      23324afcb51508f5ea3f120a5787b150a8226d677c5a55fef219674b4d619fd0d7300d2b4cad917864d5f54788b9c8546db2a77aa4f0d666a956014169c4a6c9

    • SSDEEP

      6144:GAR9duE83BYjyEbU1SDgFg8EwkSdbAxD22y6jvGmp:H9gp3WjyEbU1SDAgJw40c+mp

    Score
    1/10
    behavioral9

    • Target

      vdd/parsec-vdd.exe

    • Size

      505KB

    • MD5

      4b9a3048286692a865187013b70f44e8

    • SHA1

      eefe91d9702314341acccd828fe4edb6ee570d7b

    • SHA256

      e23332448fdaf5aa017cb308db5ef6855fac526a7ded05d80c039404126d5362

    • SHA512

      a38b9a0a1626d9f40ff2c718717a793108c7e773b25493cc53c595e6b9840cc4de66587549f43ce00569b368834327184a90d55da3c4ae0e269e1d0edef6238d

    • SSDEEP

      12288:QbLQNEFqf6MouZQqdF9zuAkDjdCjXHSZz2AKhAOYYA:QbUNEFKXrZ6ZjdFZxKhAOYv

    Score
    8/10
    discovery

    • Drops file in Drivers directory

    • Drops file in System32 directory

    behavioral10

    • Target

      $PLUGINSDIR/System.dll

    • Size

      12KB

    • MD5

      cff85c549d536f651d4fb8387f1976f2

    • SHA1

      d41ce3a5ff609df9cf5c7e207d3b59bf8a48530e

    • SHA256

      8dc562cda7217a3a52db898243de3e2ed68b80e62ddcb8619545ed0b4e7f65a8

    • SHA512

      531d6328daf3b86d85556016d299798fa06fefc81604185108a342d000e203094c8c12226a12bd6e1f89b0db501fb66f827b610d460b933bd4ab936ac2fd8a88

    • SSDEEP

      192:Zjvco0qWTlt70m5Aj/lQ0sEWD/wtYbBHFNaDybC7y+XBz0QPi:FHQlt70mij/lQRv/9VMjzr

    Score
    3/10
    discovery
    behavioral11

    • Target

      $PLUGINSDIR/nsExec.dll

    • Size

      7KB

    • MD5

      675c4948e1efc929edcabfe67148eddd

    • SHA1

      f5bdd2c4329ed2732ecfe3423c3cc482606eb28e

    • SHA256

      1076ca39c449ed1a968021b76ef31f22a5692dfafeea29460e8d970a63c59906

    • SHA512

      61737021f86f54279d0a4e35db0d0808e9a55d89784a31d597f2e4b65b7bbeec99aa6c79d65258259130eeda2e5b2820f4f1247777a3010f2dc53e30c612a683

    • SSDEEP

      96:J9zdzBzMDByZtr/HDQIUIq9m6v6vBckzu9wSBpLEgvElHlernNQaSGYuH2DQ:JykDr/HA5v6G2IElFernNQZGdHW

    Score
    3/10
    discovery
    behavioral12

    • Target

      driver/mm.dll

    • Size

      169KB

    • MD5

      f09967cc8cc9bf03612ddecb6bf86daa

    • SHA1

      166f8e3000b6a1e2b13b46e85b7559b9837b9aa7

    • SHA256

      96db6ae2f950b56e52be3e68f92893afa94645eae09fea2abd5dd1985758150a

    • SHA512

      190d2edea81c42a2d7a5bc69cb98f03368e702a5fcb3fc1dcd4e9c387687bab542e4b0e5de67292e8b8a7efed7fd9e30d1efdd35bcdfea28417de71db0e13864

    • SSDEEP

      3072:3zx0G2cnU93aR9bN9m3KUrru7qqybewIvUZdRfCzzr/:3zS9w9m3KUHAVvUZWXz

    Score
    1/10
    behavioral13

    • Target

      nefconw.exe

    • Size

      574KB

    • MD5

      e9f2bc8c82ac755f47c7f89d1530f1a1

    • SHA1

      7ce5938c4b8a3eb4de49f7a7e34972f5f2acfcb5

    • SHA256

      cf746d1b0bbb713993d4a90dccd774c78d9fff8c2ba5a054b6c8f56c77e1eee1

    • SHA512

      86ed0a391d22631da9bdc7eb9cb096ba4de4c6619c6c4326030cb03d196b63e5aa156bac264a48d5b4cda7401844a3b5050259b41859d32e0c4d39b96913c2ce

    • SSDEEP

      12288:o27GX/DYwTLMcdMcYsWpP86/6L94gsleElgEo0JFoG:o27GX/DYwTLMcdMcYtF8S6L94gslbOED

    Score
    1/10
    behavioral14

    • Target

      vddinstall.bat

    • Size

      420B

    • MD5

      ee1bfb5ccbb3949e3258155e141a68a5

    • SHA1

      b79dd1e75e3e7acd8d21d7b17c86673a6c6383d9

    • SHA256

      1e7c35eb6c296f96aee5ae4bbbd40395e8019bde95ef9bef91260dd8ef03c6d1

    • SHA512

      b37d680f5dab52536926c718eb1b4c1f0e78552c061756f998e3a3ccb2dc4fbea15dd1a4b181646a68a2987a22ce225c185c2ef2bb1d10a70c780ada8cf9f9aa

    Score
    8/10

    • Drops file in Drivers directory

    • Drops file in System32 directory

    behavioral15

    • Target

      vdduninstall.bat

    • Size

      272B

    • MD5

      fbc8d5e19f89dffccd165f44abf114b4

    • SHA1

      a07501ea396a4e29654352cf8ed71c7819109e5d

    • SHA256

      8f503e40a32959d9d2ee5a9e2a3da627f6ed158e6c87c47ef17f1e5d74f47b9a

    • SHA512

      08739f57b74ea457f505d416c5cc6c50539343ee33e80d76b95ca1a9b8760eaef9e97712a5824d8c22a7287c819149a6b60e6a08511e292cac71ef064ad168f6

    Score
    4/10
    behavioral16

    • Target

      vusb/parsec-vud.exe

    • Size

      885KB

    • MD5

      2d009d446a0ba83ec2f12242f7ed126c

    • SHA1

      7e5346787e8950a8b3f17fb3f527e0f80055f059

    • SHA256

      436088a5eb416935d7bd452e4e53123c2e65b737eab7d98ebe1913618f95e61b

    • SHA512

      1a3e761f5cb3ad8b4979d60d197ab5ff75929408ddb065080d687be02a33058a953dfcb8f01e5b87332fe54cf578bed191122e57bb2f0d2fcf7a6874dfaf8a57

    • SSDEEP

      24576:Ib45b9QaRG2zB9aKXrZ6bcmH0q8qHFael5:CsuWGcjLzmUaHX

    Score
    8/10
    discoverypersistence

    • Drops file in Drivers directory

    • Adds Run key to start application

      persistence

    • Drops file in System32 directory

    behavioral17

    • Target

      $PLUGINSDIR/System.dll

    • Size

      12KB

    • MD5

      cff85c549d536f651d4fb8387f1976f2

    • SHA1

      d41ce3a5ff609df9cf5c7e207d3b59bf8a48530e

    • SHA256

      8dc562cda7217a3a52db898243de3e2ed68b80e62ddcb8619545ed0b4e7f65a8

    • SHA512

      531d6328daf3b86d85556016d299798fa06fefc81604185108a342d000e203094c8c12226a12bd6e1f89b0db501fb66f827b610d460b933bd4ab936ac2fd8a88

    • SSDEEP

      192:Zjvco0qWTlt70m5Aj/lQ0sEWD/wtYbBHFNaDybC7y+XBz0QPi:FHQlt70mij/lQRv/9VMjzr

    Score
    3/10
    discovery
    behavioral18

    • Target

      $PLUGINSDIR/UserInfo.dll

    • Size

      4KB

    • MD5

      2f69afa9d17a5245ec9b5bb03d56f63c

    • SHA1

      e0a133222136b3d4783e965513a690c23826aec9

    • SHA256

      e54989d2b83e7282d0bec56b098635146aab5d5a283f1f89486816851ef885a0

    • SHA512

      bfd4af50e41ebc56e30355c722c2a55540a5bbddb68f1522ef7aabfe4f5f2a20e87fa9677ee3cdb3c0bf5bd3988b89d1224d32c9f23342a16e46c542d8dc0926

    Score
    3/10
    discovery
    behavioral19

    • Target

      $PLUGINSDIR/nsDialogs.dll

    • Size

      9KB

    • MD5

      6c3f8c94d0727894d706940a8a980543

    • SHA1

      0d1bcad901be377f38d579aafc0c41c0ef8dcefd

    • SHA256

      56b96add1978b1abba286f7f8982b0efbe007d4a48b3ded6a4d408e01d753fe2

    • SHA512

      2094f0e4bb7c806a5ff27f83a1d572a5512d979eefda3345baff27d2c89e828f68466d08c3ca250da11b01fc0407a21743037c25e94fbe688566dd7deaebd355

    • SSDEEP

      96:o0svUu3Uy+sytcS8176b+XR8pCHFcMcxSgB5PKtAtgt+Nt+rnt3DVEB3YcNqkzfS:o0svWyNO81b8pCHFcM0PuAgkOyuIFc

    Score
    3/10
    discovery
    behavioral20

    • Target

      $PLUGINSDIR/nsExec.dll

    • Size

      7KB

    • MD5

      675c4948e1efc929edcabfe67148eddd

    • SHA1

      f5bdd2c4329ed2732ecfe3423c3cc482606eb28e

    • SHA256

      1076ca39c449ed1a968021b76ef31f22a5692dfafeea29460e8d970a63c59906

    • SHA512

      61737021f86f54279d0a4e35db0d0808e9a55d89784a31d597f2e4b65b7bbeec99aa6c79d65258259130eeda2e5b2820f4f1247777a3010f2dc53e30c612a683

    • SSDEEP

      96:J9zdzBzMDByZtr/HDQIUIq9m6v6vBckzu9wSBpLEgvElHlernNQaSGYuH2DQ:JykDr/HA5v6G2IElFernNQZGdHW

    Score
    3/10
    discovery
    behavioral21

    • Target

      nefconc.exe

    • Size

      582KB

    • MD5

      dddee00430f7a3d52580b7c85d63d9dc

    • SHA1

      ff3b7a60062ef85186ea305168cc9bc207a0c5b0

    • SHA256

      002cbd46bbfaa2d9e04a578f7200711b5740bda119166f111e2590d8b19d3e68

    • SHA512

      faac2f9135aa58ddab6391d4711498a45f51a0429040833aea8d1f0f7c64ef27435c8a2d9c3e49c8bc8bdfec276ca455a719e2b401ea34994d57483c8fefe5ba

    • SSDEEP

      12288:qmTp2f8iWOZiu7uRt3eWuHE0e14BdpfVuW70q2cJto9VuZHPq:nTp2f8iWOZiu7uRt3nIE0+4BdpfVuW7Q

    Score
    1/10
    behavioral22

    • Target

      nefconw.exe

    • Size

      574KB

    • MD5

      e9f2bc8c82ac755f47c7f89d1530f1a1

    • SHA1

      7ce5938c4b8a3eb4de49f7a7e34972f5f2acfcb5

    • SHA256

      cf746d1b0bbb713993d4a90dccd774c78d9fff8c2ba5a054b6c8f56c77e1eee1

    • SHA512

      86ed0a391d22631da9bdc7eb9cb096ba4de4c6619c6c4326030cb03d196b63e5aa156bac264a48d5b4cda7401844a3b5050259b41859d32e0c4d39b96913c2ce

    • SSDEEP

      12288:o27GX/DYwTLMcdMcYsWpP86/6L94gsleElgEo0JFoG:o27GX/DYwTLMcdMcYtF8S6L94gslbOED

    Score
    1/10
    behavioral23

    • Target

      parsecvirtualds/parsecvirtualds.sys

    • Size

      26KB

    • MD5

      0790b2e5b9d6b38b566c6bc796f0364a

    • SHA1

      1c87512273f9e98e43ea1b048a67995a93e02b4e

    • SHA256

      4b98d337ed94646d10bdb0395a29d10dcac50c660c5176c1937a823301bd6ca1

    • SHA512

      03a8e2be9c98385ec13cde7ee321ab73235289de22deb1029b795392b90a447dfa46182d40cbbc091b39ab0df8f5a8e9fc7a80f1d839f36ec8c678bdf746844e

    • SSDEEP

      384:OOq45ajAwai+E3n5bWbkcBnqRTjdfHpl1eUNh3YDX+iR9zYjI:O/45al/RcVw1Hf1zH3YDuO9zyI

    Score
    1/10
    behavioral24

    • Target

      parsecvusba/parsecvusba.sys

    • Size

      257KB

    • MD5

      591ab089c7184e33d0f4db12b4ca5498

    • SHA1

      8f45cfc643564bb1d69b6a5059c2403542afa0f3

    • SHA256

      8fdc89a3ba70b279827b4a29b4ed22a59373fc9304de4ccd06fd3428bff4b0f1

    • SHA512

      d8a662eee3d466c0a44718c4e14b1d4f65310bf84d484c7362423970c57c0dc604ecc3d5a5bcc09ad9e328e3bf1402a50d8a7414ca4ef634d8fb618ce18fc286

    • SSDEEP

      3072:xRE2rWFQ6X4P1n4rjzwpj1KCUBnN295ehsH6oGfyo55BRkGU8qwwdyk0mwvF6Vqu:7xPBSXwND+N2SEo55UVw3k0OhRD

    Score
    1/10
    behavioral25

    • Target

      vusbinstall.bat

    • Size

      327B

    • MD5

      3b3ca1091eb59f0fa9ed9c9a50b3bf81

    • SHA1

      bd3a9cccd279e4fff79ae840d6397b1e8ab8cba0

    • SHA256

      94ee200ca574dd4499779048db279264c872833c96a500e0f49b1342ee5f4802

    • SHA512

      8f86db66c0bfc7e043eed738cf026acf6aead862410a17fe02a2e26fdeb77b59a1162b1d67868a428f9b0c604a31963cba8ef534b25af1bc60448424ca6ccd1b

    Score
    8/10
    persistence

    • Drops file in Drivers directory

    • Adds Run key to start application

      persistence

    • Drops file in System32 directory

    behavioral26

    • Target

      wscripts/firewall-add.vbs

    • Size

      307B

    • MD5

      882374285898f16b5f9ff44afc1ae701

    • SHA1

      31c9445557c9b8ecda1f0a6d5ff666e01dd1c3ca

    • SHA256

      0be5aa5cc6395a86878f56b131e13db4908e48f06e892ff8f8cf9e2d3b6c8abb

    • SHA512

      3b05158b03b57a4d2cbfee9cef6adfe973d080264a88e5cdeb85c59b567529cd1cd2a3b5d8538cb8637d140fd8691dc8826388ab669b7bfb2d5c1c4174069243

    Score
    1/10
    behavioral27

    • Target

      wscripts/firewall-remove.vbs

    • Size

      367B

    • MD5

      5d4d70cdf36fcdaa292da1da9133320c

    • SHA1

      92dc18d3d1128d43f482ab56804136c687b00713

    • SHA256

      75f1dece4fda689a907f6d74b513adb0c1771c1b79ea71160179542c9c4ab2f0

    • SHA512

      b54c92fbecb10ddf66d1b7ad950ffbc13f504c71081a8bd56c28c5689a2bf19bd81b467e0697c38f140c72a273eb9eb837105e738c6f1ac4f43344e2ab521778

    Score
    8/10
    evasionpersistenceprivilege_escalation
    behavioral28

    • Target

      wscripts/legacy-cleanup.vbs

    • Size

      115B

    • MD5

      c78520c3162c1962f3164714b37eb4d0

    • SHA1

      67c19b8aea7ad99465976dbcd3efcfdd7d62e3fe

    • SHA256

      dea38bd553abe93c689de42d0220add18f9be3e3d2fa53f97eb8649f586df4f3

    • SHA512

      cfbfc2c7dd8019f98b77e8881680ef9d0135a210fb9b0136a4992c236d971e247aa1641cd2eafdc5f6f5bb61002b30ea14b226127c4cef04f3b3d6be3a941fcc

    Score
    3/10
    behavioral29

    • Target

      wscripts/service-install.vbs

    • Size

      412B

    • MD5

      971e2a344a6e17347a81eeb21ada7ba7

    • SHA1

      37e034c29adda9b118b75bfdc7c6f41aac71e257

    • SHA256

      01f62a12de3307b375dff3ebcd6961d76ffcbc24f70682c7875655a811ce76a1

    • SHA512

      5ea0750dc07ff1a0eb1807043b48fb9ed54f6dcb96ce03cb543b0ea36d326779814b6cb87091373574911662a35d75b576e35c5b8d781db36fe1503f8287c65d

    Score
    8/10
    executionpersistence
    behavioral30

    • Target

      wscripts/service-kill-parsec.vbs

    • Size

      164B

    • MD5

      f7b0c63e7aea5cbd96f7bf1021b28b73

    • SHA1

      fc5b11a6bf022740de3ba15455b06ad3f061366b

    • SHA256

      71f9cc28497b959377439f6611615ef582745dd5b9cca02b5c4b24bb1fc3dfb8

    • SHA512

      c957b7b45b188af0b6e6698507e94564e8e5ccc8dbf5f0237827df373878291095887422584f7f3b7833cbcdd682531fa75c974ba1137031b32bf2ffba268191

    Score
    4/10
    behavioral31

    • Target

      wscripts/service-remove.vbs

    • Size

      150B

    • MD5

      b90e75dd7903cb2d6328bb3714865c7a

    • SHA1

      2d32868deb198726ed5feb80b66542bad7fbacee

    • SHA256

      970b3c2a9ea1906a177810990478932e3517f47aba267cf2ab9e4ba65e7b475f

    • SHA512

      3d4bfb86ec98fd85843ae5b63dcf5f475c6500380f02bb4d0dee15a5f7e2334abdbbcd9420b8ac05b5beb8a63b9ea16abcd70ae01c04b87a423fc288ff4dca0a

    Score
    8/10
    evasionexecution
    behavioral32

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

System Services

2
T1569

Service Execution

2
T1569.002

Persistence

Boot or Logon Autostart Execution

1
T1547

Registry Run Keys / Startup Folder

1
T1547.001

Create or Modify System Process

3
T1543

Windows Service

3
T1543.003

Event Triggered Execution

1
T1546

Netsh Helper DLL

1
T1546.007

Privilege Escalation

Boot or Logon Autostart Execution

1
T1547

Registry Run Keys / Startup Folder

1
T1547.001

Create or Modify System Process

3
T1543

Windows Service

3
T1543.003

Event Triggered Execution

1
T1546

Netsh Helper DLL

1
T1546.007

Defense Evasion

Impair Defenses

2
T1562

Disable or Modify System Firewall

1
T1562.004

Modify Registry

1
T1112

Credential Access

Discovery

Peripheral Device Discovery

1
T1120

Query Registry

4
T1012

System Information Discovery

3
T1082

System Location Discovery

1
T1614

System Language Discovery

1
T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Service Stop

1
T1489

Tasks

static1

Score
3/10

behavioral1

discoveryevasionexecutionpersistenceprivilege_escalation
Score
8/10

behavioral2

discovery
Score
3/10

behavioral3

discovery
Score
3/10

behavioral4

discovery
Score
3/10

behavioral5

discovery
Score
3/10

behavioral6

Score
1/10

behavioral7

Score
1/10

behavioral8

Score
1/10

behavioral9

Score
1/10

behavioral10

discovery
Score
8/10

behavioral11

discovery
Score
3/10

behavioral12

discovery
Score
3/10

behavioral13

Score
1/10

behavioral14

Score
1/10

behavioral15

Score
8/10

behavioral16

Score
4/10

behavioral17

discoverypersistence
Score
8/10

behavioral18

discovery
Score
3/10

behavioral19

discovery
Score
3/10

behavioral20

discovery
Score
3/10

behavioral21

discovery
Score
3/10

behavioral22

Score
1/10

behavioral23

Score
1/10

behavioral24

Score
1/10

behavioral25

Score
1/10

behavioral26

persistence
Score
8/10

behavioral27

Score
1/10

behavioral28

evasionpersistenceprivilege_escalation
Score
8/10

behavioral29

Score
3/10

behavioral30

executionpersistence
Score
8/10

behavioral31

Score
4/10

behavioral32

evasionexecution
Score
8/10