Overview

overview

10

Static

static

1

Adil Windows test.bat

windows10-2004-x64

10

Resubmissions

05-12-2024 18:59

241205-xnkz9sxlbt 5

05-12-2024 18:46

241205-xe5cjswrd1 10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Adil Windows test.bat

  • Size

    12KB

  • Sample

    241205-xe5cjswrd1

  • MD5

    de58ceaf3e15b74f37ded57ca6a4b3db

  • SHA1

    e1d566f0c71cd042c541a82cc0c2d5b734439429

  • SHA256

    d6b89a4217578b742d1efd9c717ede6a302492842ed7afbe7d4fc45f16e790a5

  • SHA512

    71c64af60a0180fb44dc53ef7bcf74ee3e29d30b6b0d4246bb8b9658be4bfe0fed2f153784dbf2ad93aaa459ca6b17e5c2324bbebb3b6e91ce2257ace5a0da64

  • SSDEEP

    192:A9AcZIbMED95MxPaxmmpeO7D8HqYT1+gvwoKNfcP7b8T0j:UA6IQbwreO7D89T1rKNfBu

Score
10/10
defense_evasiondiscoveryevasionexecutionlateral_movementpersistenceprivilege_escalationransomwaretrojan

Malware Config

Targets

    • Target

      Adil Windows test.bat

    • Size

      12KB

    • MD5

      de58ceaf3e15b74f37ded57ca6a4b3db

    • SHA1

      e1d566f0c71cd042c541a82cc0c2d5b734439429

    • SHA256

      d6b89a4217578b742d1efd9c717ede6a302492842ed7afbe7d4fc45f16e790a5

    • SHA512

      71c64af60a0180fb44dc53ef7bcf74ee3e29d30b6b0d4246bb8b9658be4bfe0fed2f153784dbf2ad93aaa459ca6b17e5c2324bbebb3b6e91ce2257ace5a0da64

    • SSDEEP

      192:A9AcZIbMED95MxPaxmmpeO7D8HqYT1+gvwoKNfcP7b8T0j:UA6IQbwreO7D89T1rKNfBu

    Score
    10/10
    defense_evasiondiscoveryevasionexecutionlateral_movementpersistenceprivilege_escalationransomwaretrojan

    • Disables service(s)

      evasionexecution

    • UAC bypass

      evasiontrojan

    • Modifies boot configuration data using bcdedit

      ransomwareevasion

    • Modifies Windows Firewall

      evasion

    • Stops running service(s)

      evasionexecution

    • Allows Network login with blank passwords

      Allows local user accounts with blank passwords to access device from the network.

    • Hijack Execution Flow: Executable Installer File Permissions Weakness

      Possible Turn off User Account Control's privilege elevation for standard users.

      defense_evasionpersistenceprivilege_escalation

    • Password Policy Discovery

      Attempt to access detailed information about the password policy used within an enterprise network.

      discovery

    • Remote Services: SMB/Windows Admin Shares

      Adversaries may use Valid Accounts to interact with a remote network share using Server Message Block (SMB).

      lateral_movement

    • Drops file in System32 directory

    behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

System Services

2
T1569

Service Execution

2
T1569.002

Persistence

Create or Modify System Process

3
T1543

Windows Service

3
T1543.003

Event Triggered Execution

1
T1546

Netsh Helper DLL

1
T1546.007

Hijack Execution Flow

1
T1574

Executable Installer File Permissions Weakness

1
T1574.005

Privilege Escalation

Abuse Elevation Control Mechanism

1
T1548

Bypass User Account Control

1
T1548.002

Create or Modify System Process

3
T1543

Windows Service

3
T1543.003

Event Triggered Execution

1
T1546

Netsh Helper DLL

1
T1546.007

Hijack Execution Flow

1
T1574

Executable Installer File Permissions Weakness

1
T1574.005

Defense Evasion

Abuse Elevation Control Mechanism

1
T1548

Bypass User Account Control

1
T1548.002

Hijack Execution Flow

1
T1574

Executable Installer File Permissions Weakness

1
T1574.005

Impair Defenses

3
T1562

Disable or Modify System Firewall

1
T1562.004

Disable or Modify Tools

1
T1562.001

Modify Registry

2
T1112

Credential Access

Discovery

Password Policy Discovery

1
T1201

Peripheral Device Discovery

1
T1120

Query Registry

1
T1012

System Information Discovery

1
T1082

Lateral Movement

Remote Services

2
T1021

Remote Desktop Protocol

1
T1021.001

SMB/Windows Admin Shares

1
T1021.002

Collection

Command and Control

Exfiltration

Impact

Inhibit System Recovery

1
T1490

Service Stop

2
T1489

Tasks