General

  • Target

    ULTIMAETWEAKS_4.bat

  • Size

    324KB

  • Sample

    250119-1153raynbj

  • MD5

    e38ae4bfe11fb213a890f6b8b1177b3c

  • SHA1

    1a56de0a0f022289da4845a1373ccc37213553f6

  • SHA256

    2b262d34bb06ae2269f1f90f06ef3b549e1cb88e037f8e728bc7021cf533b5f3

  • SHA512

    85f975c868d07c8f409e1eaa9ec949765f9c7f5e9d6c6653fe647136fc6d6dc11335e867edec39c2095b286c612e2e16cd7a52bffb66dc34c328a33d0f0b5a60

  • SSDEEP

    1536:wYm+bChbCFACzAC3rbwP+yVd+ipHD/EEUmjNG0H0QcFlV4S0n:hbmbkAqAyhiV7EElcFlV4S0n

Malware Config

Targets

    • Target

      ULTIMAETWEAKS_4.bat

    • Size

      324KB

    • MD5

      e38ae4bfe11fb213a890f6b8b1177b3c

    • SHA1

      1a56de0a0f022289da4845a1373ccc37213553f6

    • SHA256

      2b262d34bb06ae2269f1f90f06ef3b549e1cb88e037f8e728bc7021cf533b5f3

    • SHA512

      85f975c868d07c8f409e1eaa9ec949765f9c7f5e9d6c6653fe647136fc6d6dc11335e867edec39c2095b286c612e2e16cd7a52bffb66dc34c328a33d0f0b5a60

    • SSDEEP

      1536:wYm+bChbCFACzAC3rbwP+yVd+ipHD/EEUmjNG0H0QcFlV4S0n:hbmbkAqAyhiV7EElcFlV4S0n

    • Disables service(s)

    • Modifies visibility of file extensions in Explorer

    • UAC bypass

    • Disables taskbar notifications via registry modification

    • Possible privilege escalation attempt

    • Server Software Component: Terminal Services DLL

    • Stops running service(s)

    • Executes dropped EXE

    • Loads dropped DLL

    • Modifies file permissions

    • Modifies system executable filetype association

    • Adds Run key to start application

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Hijack Execution Flow: Executable Installer File Permissions Weakness

      Possible Turn off User Account Control's privilege elevation for standard users.

    • Power Settings

      powercfg controls all configurable power system settings on a Windows system and can be abused to prevent an infected host from locking or shutting down.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks