General
-
Target
73XQ3ZO.bat
-
Size
308KB
-
Sample
241028-mvc8wsvmgt
-
MD5
4e1d04cf93737aee62004d5f85c8a9fe
-
SHA1
b89f9b86ced93bba8eb2f403b8d2e3faeb612a88
-
SHA256
023e19917d6208bd5a3417ac27c1bc18517e63baee93a9f00cab9d7ee3d595d2
-
SHA512
0a108d516f5b8ad47df2e9f122619b2f5721b26f09d8c82e887a44e89661c98dd697bfc9a3ed223db5bd9744c6e41e81e96bf2be13a9ec62f8eaa564ce982b01
-
SSDEEP
1536:ObChbCFACzAC3rbwP+yVd+ipHD/EEUmjNG0H0QcFlV4S0n:ObmbkAqAyhiV7EElcFlV4S0n
Malware Config
Targets
-
-
Target
73XQ3ZO.bat
-
Size
308KB
-
MD5
4e1d04cf93737aee62004d5f85c8a9fe
-
SHA1
b89f9b86ced93bba8eb2f403b8d2e3faeb612a88
-
SHA256
023e19917d6208bd5a3417ac27c1bc18517e63baee93a9f00cab9d7ee3d595d2
-
SHA512
0a108d516f5b8ad47df2e9f122619b2f5721b26f09d8c82e887a44e89661c98dd697bfc9a3ed223db5bd9744c6e41e81e96bf2be13a9ec62f8eaa564ce982b01
-
SSDEEP
1536:ObChbCFACzAC3rbwP+yVd+ipHD/EEUmjNG0H0QcFlV4S0n:ObmbkAqAyhiV7EElcFlV4S0n
Score10/10-
Disables service(s)
-
Modifies visibility of file extensions in Explorer
-
UAC bypass
-
Disables taskbar notifications via registry modification
-
Possible privilege escalation attempt
-
Server Software Component: Terminal Services DLL
-
Stops running service(s)
-
Executes dropped EXE
-
Loads dropped DLL
-
Modifies file permissions
-
Modifies system executable filetype association
-
Adds Run key to start application
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Hijack Execution Flow: Executable Installer File Permissions Weakness
Possible Turn off User Account Control's privilege elevation for standard users.
-
Drops file in System32 directory
-
MITRE ATT&CK Enterprise v15
Execution
Command and Scripting Interpreter
1PowerShell
1System Services
2Service Execution
2Persistence
Boot or Logon Autostart Execution
2Registry Run Keys / Startup Folder
1Time Providers
1Create or Modify System Process
2Windows Service
2Event Triggered Execution
1Change Default File Association
1Hijack Execution Flow
1Executable Installer File Permissions Weakness
1Server Software Component
1Terminal Services DLL
1Privilege Escalation
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Boot or Logon Autostart Execution
2Registry Run Keys / Startup Folder
1Time Providers
1Create or Modify System Process
2Windows Service
2Event Triggered Execution
1Change Default File Association
1Hijack Execution Flow
1Executable Installer File Permissions Weakness
1Defense Evasion
Abuse Elevation Control Mechanism
1Bypass User Account Control
1File and Directory Permissions Modification
1Hide Artifacts
2Hidden Files and Directories
2Hijack Execution Flow
1Executable Installer File Permissions Weakness
1Impair Defenses
3Disable or Modify Tools
2Modify Registry
5