General
-
Target
NOT A VIRUS RUN TURN OFF ANTIVIRUS.exe
-
Size
444KB
-
Sample
250108-fxyt2sxrdm
-
MD5
4b80ce9b09f66de598cd62ed65023a67
-
SHA1
6806afeb86cbe5d35e1738743d4946a7cecbd1b2
-
SHA256
2f76c5b27fc74986634ca1c3835f056d7e08b9d17f81f5277c20db4c86b7f2c5
-
SHA512
f96e5a2f7f3131ba26a260b789be24b6c5c720c5fda234f457763427edb5d51307b968aedccb7609b2db79d8be20117dd3941d7186c62541c7721bb928146843
-
SSDEEP
12288:NF2itC7rxZjmoXuaiHi/Xy3I3sBmy1CLoMavQ9oZ:zHSZqoXuWPzloMaI9oZ
Static task
static1
Behavioral task
behavioral1
Sample
NOT A VIRUS RUN TURN OFF ANTIVIRUS.exe
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
NOT A VIRUS RUN TURN OFF ANTIVIRUS.exe
Resource
win10v2004-20241007-en
Malware Config
Targets
-
-
Target
NOT A VIRUS RUN TURN OFF ANTIVIRUS.exe
-
Size
444KB
-
MD5
4b80ce9b09f66de598cd62ed65023a67
-
SHA1
6806afeb86cbe5d35e1738743d4946a7cecbd1b2
-
SHA256
2f76c5b27fc74986634ca1c3835f056d7e08b9d17f81f5277c20db4c86b7f2c5
-
SHA512
f96e5a2f7f3131ba26a260b789be24b6c5c720c5fda234f457763427edb5d51307b968aedccb7609b2db79d8be20117dd3941d7186c62541c7721bb928146843
-
SSDEEP
12288:NF2itC7rxZjmoXuaiHi/Xy3I3sBmy1CLoMavQ9oZ:zHSZqoXuWPzloMaI9oZ
Score10/10-
Command and Scripting Interpreter: PowerShell
Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
-
Event Triggered Execution: Image File Execution Options Injection
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Adds Run key to start application
-
MITRE ATT&CK Enterprise v15
Execution
Command and Scripting Interpreter
1PowerShell
1Scheduled Task/Job
1Scheduled Task
1Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Event Triggered Execution
1Image File Execution Options Injection
1Scheduled Task/Job
1Scheduled Task
1Privilege Escalation
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Event Triggered Execution
1Image File Execution Options Injection
1Scheduled Task/Job
1Scheduled Task
1Defense Evasion
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Impair Defenses
3Disable or Modify Tools
3Modify Registry
5