General
Static task
static1
URLScan task
urlscan1
Malware Config
Targets
-
-
Downloads MZ/PE file
-
Drops file in Drivers directory
-
Executes dropped EXE
-
Impair Defenses: Safe Mode Boot
-
Unexpected DNS network traffic destination
Network traffic to other servers than the configured DNS servers was detected on the DNS port.
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
AutoIT Executable
AutoIT scripts compiled to PE executables.
-
MITRE ATT&CK Enterprise v15
Defense Evasion
Impair Defenses
1Safe Mode Boot
1Modify Registry
1Subvert Trust Controls
2Install Root Certificate
1SIP and Trust Provider Hijacking
1Credential Access
Credentials from Password Stores
1Credentials from Web Browsers
1Unsecured Credentials
1Credentials In Files
1