General
-
Target
[1] Elite Pro Latency Optimization.bat
-
Size
178KB
-
Sample
241101-we2qzstfjr
-
MD5
d086eb1fd6743526be781bb39d7e9964
-
SHA1
755813822015044e27000bd05dfd56edeb7a1c73
-
SHA256
4af460a0ac06cf1e3a7190f99ada1df173c099821ed6cc8b110e895aae6916ed
-
SHA512
070881af05037f78f7315786be72fffffa85bd9b292d40c8e2b7d10c993f481e4d2414dc12cf29790afaec0b564c2f48e290aa826ba5fa109635a028ab66e5ae
-
SSDEEP
1536:dCilhVlsluNmcZwr1zNWxOWSEuvvSR0zXHM4:dCilhVlsl/cZm1zNWxOWSEkXzXHM4
Static task
static1
Behavioral task
behavioral1
Sample
[1] Elite Pro Latency Optimization.bat
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
[1] Elite Pro Latency Optimization.bat
Resource
win10v2004-20241007-en
Malware Config
Targets
-
-
Target
[1] Elite Pro Latency Optimization.bat
-
Size
178KB
-
MD5
d086eb1fd6743526be781bb39d7e9964
-
SHA1
755813822015044e27000bd05dfd56edeb7a1c73
-
SHA256
4af460a0ac06cf1e3a7190f99ada1df173c099821ed6cc8b110e895aae6916ed
-
SHA512
070881af05037f78f7315786be72fffffa85bd9b292d40c8e2b7d10c993f481e4d2414dc12cf29790afaec0b564c2f48e290aa826ba5fa109635a028ab66e5ae
-
SSDEEP
1536:dCilhVlsluNmcZwr1zNWxOWSEuvvSR0zXHM4:dCilhVlsl/cZm1zNWxOWSEkXzXHM4
-
Modifies firewall policy service
-
Modifies security service
-
Modifies visibility of file extensions in Explorer
-
Modifies visiblity of hidden/system files in Explorer
-
Turns off Windows Defender SpyNet reporting
-
Boot or Logon Autostart Execution: Active Setup
Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.
-
Event Triggered Execution: Image File Execution Options Injection
-
Possible privilege escalation attempt
-
Executes dropped EXE
-
Loads dropped DLL
-
Modifies file permissions
-
Modifies system executable filetype association
-
Adds Run key to start application
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Hijack Execution Flow: Executable Installer File Permissions Weakness
Possible Turn off User Account Control's privilege elevation for standard users.
-
Indicator Removal: File Deletion
Adversaries may delete files left behind by the actions of their intrusion activity.
-
Legitimate hosting services abused for malware hosting/C2
-
Maps connected drives based on registry
Disk information is often read in order to detect sandboxing environments.
-
Modifies boot configuration data using bcdedit
-
Remote Services: SMB/Windows Admin Shares
Adversaries may use Valid Accounts to interact with a remote network share using Server Message Block (SMB).
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
2Active Setup
1Registry Run Keys / Startup Folder
1Create or Modify System Process
3Windows Service
3Event Triggered Execution
2Change Default File Association
1Image File Execution Options Injection
1Hijack Execution Flow
1Executable Installer File Permissions Weakness
1Privilege Escalation
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Access Token Manipulation
1Create Process with Token
1Boot or Logon Autostart Execution
2Active Setup
1Registry Run Keys / Startup Folder
1Create or Modify System Process
3Windows Service
3Event Triggered Execution
2Change Default File Association
1Image File Execution Options Injection
1Hijack Execution Flow
1Executable Installer File Permissions Weakness
1Defense Evasion
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Access Token Manipulation
1Create Process with Token
1File and Directory Permissions Modification
1Hide Artifacts
3Hidden Files and Directories
2Ignore Process Interrupts
1Hijack Execution Flow
1Executable Installer File Permissions Weakness
1Impair Defenses
6Disable or Modify System Firewall
1Disable or Modify Tools
4Indicator Removal
2Clear Persistence
1File Deletion
1Modify Registry
14