General
-
Target
test.txt
-
Size
18B
-
Sample
250218-ttqadstlfr
-
MD5
5b3f97d48c8751bd031b7ea53545bdb6
-
SHA1
88be3374c62f23406ec83bb11279f8423bd3f88d
-
SHA256
d8fce9dd9c65ca143343f7711859a7cffc3c5e656a8b84108183fb769a12ed8b
-
SHA512
ed2de1eec50310ced4bde8ef6ae4b7902920b007df7b6aeb200cfe9fcc0d36ef05af7526c4675be2feac52831668798d5fe3523175efad6f6549b30f30a0b5d6
Malware Config
Targets
-
-
Target
test.txt
-
Size
18B
-
MD5
5b3f97d48c8751bd031b7ea53545bdb6
-
SHA1
88be3374c62f23406ec83bb11279f8423bd3f88d
-
SHA256
d8fce9dd9c65ca143343f7711859a7cffc3c5e656a8b84108183fb769a12ed8b
-
SHA512
ed2de1eec50310ced4bde8ef6ae4b7902920b007df7b6aeb200cfe9fcc0d36ef05af7526c4675be2feac52831668798d5fe3523175efad6f6549b30f30a0b5d6
Score10/10-
Disables service(s)
-
Modifies Windows Defender DisableAntiSpyware settings
-
Modifies Windows Defender Real-time Protection settings
-
Modifies security service
-
UAC bypass
-
Deletes shadow copies
Ransomware often targets backup files to inhibit system recovery.
-
Grants admin privileges
Uses net.exe to modify the user's privileges.
-
Modifies boot configuration data using bcdedit
-
Blocks application from running via registry modification
Adds application to list of disallowed applications.
-
Disables RegEdit via registry modification
-
Disables Task Manager via registry modification
-
Disables use of System Restore points
-
Event Triggered Execution: Image File Execution Options Injection
-
Indicator Removal: Network Share Connection Removal
Adversaries may remove share connections that are no longer useful in order to clean up traces of their operation.
-
Modifies Windows Firewall
-
Stops running service(s)
-
Legitimate hosting services abused for malware hosting/C2
-
Power Settings
powercfg controls all configurable power system settings on a Windows system and can be abused to prevent an infected host from locking or shutting down.
-
Drops file in System32 directory
-
MITRE ATT&CK Enterprise v15
Execution
System Services
2Service Execution
2Windows Management Instrumentation
1Persistence
Account Manipulation
1Create or Modify System Process
6Windows Service
6Event Triggered Execution
2Image File Execution Options Injection
1Netsh Helper DLL
1Power Settings
1Privilege Escalation
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Account Manipulation
1Create or Modify System Process
6Windows Service
6Event Triggered Execution
2Image File Execution Options Injection
1Netsh Helper DLL
1Defense Evasion
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Direct Volume Access
1Impair Defenses
5Disable or Modify System Firewall
1Disable or Modify Tools
3Indicator Removal
3File Deletion
2Network Share Connection Removal
1Modify Registry
4