General
-
Target
dasdasd.exe
-
Size
444KB
-
Sample
241109-v9zz7s1rdr
-
MD5
66ae10586372d32559b884649c3b1102
-
SHA1
a889bbb0baf97ad846ab088624a6383d8b57711a
-
SHA256
43cecbee43e517d644c43c91f1ca4a8c19b7f27e4972cb0fe30f6095f6d240d6
-
SHA512
ea30568093d7a5655f8d3561bac56ebd558ea5667d6221d50fd2b8e7d95505a74a278a70d7f09845f91523035e1c2d4fa3c1b466a72482c6794974ef143be09e
-
SSDEEP
12288:YF2itC7rxZjmoXuaiHi/Xy3I3sBmy1CLoMavQ9m:mHSZqoXuWPzloMaI9
Static task
static1
Behavioral task
behavioral1
Sample
dasdasd.exe
Resource
win7-20241023-en
Malware Config
Targets
-
-
Target
dasdasd.exe
-
Size
444KB
-
MD5
66ae10586372d32559b884649c3b1102
-
SHA1
a889bbb0baf97ad846ab088624a6383d8b57711a
-
SHA256
43cecbee43e517d644c43c91f1ca4a8c19b7f27e4972cb0fe30f6095f6d240d6
-
SHA512
ea30568093d7a5655f8d3561bac56ebd558ea5667d6221d50fd2b8e7d95505a74a278a70d7f09845f91523035e1c2d4fa3c1b466a72482c6794974ef143be09e
-
SSDEEP
12288:YF2itC7rxZjmoXuaiHi/Xy3I3sBmy1CLoMavQ9m:mHSZqoXuWPzloMaI9
-
Command and Scripting Interpreter: PowerShell
Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
-
Event Triggered Execution: Image File Execution Options Injection
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Adds Run key to start application
-
Writes to the Master Boot Record (MBR)
Bootkits write to the MBR to gain persistence at a level below the operating system.
-
MITRE ATT&CK Enterprise v15
Execution
Command and Scripting Interpreter
1PowerShell
1Scheduled Task/Job
1Scheduled Task
1Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Event Triggered Execution
1Image File Execution Options Injection
1Pre-OS Boot
1Bootkit
1Scheduled Task/Job
1Scheduled Task
1Privilege Escalation
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Event Triggered Execution
1Image File Execution Options Injection
1Scheduled Task/Job
1Scheduled Task
1Defense Evasion
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Impair Defenses
3Disable or Modify Tools
3Modify Registry
5Pre-OS Boot
1Bootkit
1