General
-
Target
Nuevodocumentodetexto.bat
-
Size
161B
-
Sample
250119-t47meswrcl
-
MD5
bfb548e1649da7e2822cd54634576f98
-
SHA1
6e3226cdd6afba344abf7373512baed8688a20de
-
SHA256
51e2b8a05553b168e86e2fbf344faca331585fd4b3f047b7e682886e98296413
-
SHA512
93d566fe861c2216ec59bfcc6c2eb52f8f30050cc16c9526af13fd34c9787171bbac50840b9ecf5546f6bcd0fcc9ef131c9e7b2d23e179a0f01cf866f0459389
Static task
static1
Behavioral task
behavioral1
Sample
Nuevodocumentodetexto.bat
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
Nuevodocumentodetexto.bat
Resource
win10v2004-20241007-en
Malware Config
Targets
-
-
Target
Nuevodocumentodetexto.bat
-
Size
161B
-
MD5
bfb548e1649da7e2822cd54634576f98
-
SHA1
6e3226cdd6afba344abf7373512baed8688a20de
-
SHA256
51e2b8a05553b168e86e2fbf344faca331585fd4b3f047b7e682886e98296413
-
SHA512
93d566fe861c2216ec59bfcc6c2eb52f8f30050cc16c9526af13fd34c9787171bbac50840b9ecf5546f6bcd0fcc9ef131c9e7b2d23e179a0f01cf866f0459389
Score8/10-
Drops file in Drivers directory
-
Manipulates Digital Signatures
Attackers can apply techniques such as modifying certain DLL exports to make their binary seem valid.
-
Possible privilege escalation attempt
-
Boot or Logon Autostart Execution: Print Processors
Adversaries may abuse print processors to run malicious DLLs during system boot for persistence and/or privilege escalation.
-
Executes dropped EXE
-
Loads dropped DLL
-
Modifies file permissions
-
Drops file in System32 directory
-