Extracted

• • Target

    Server.exe

  • Size

    93KB

  • MD5

    baf41f63bc78adc8c6d2436c8f37639a

  • SHA1

    e4c599d34c45f9afc8a33f7fab431940d8471708

  • SHA256

    05a2f56026b5a9e1ea1684b9a2a91a1cd814415f463c4b35626784d377891b54

  • SHA512

    f7b982de9411419132be9fa6ef0a050b99d56a97f5b23899e783250d847840fa336dea116ae92a547ab894d64997293601bda5c4145a18968cace8fac310d1ba

  • SSDEEP

    1536:OUwC+xhUa9urgOBPRNvM4jEwzGi1dDeDMgS:OUmUa9urgObdGi1dQl

  Score

  8^/10

  bootkitdefense_evasiondiscoveryexploitpersistenceprivilege_escalationransomwareupx

  • Disables RegEdit via registry modification

    defense_evasion

  • Disables Task Manager via registry modification

    defense_evasion

  • Manipulates Digital Signatures

    Attackers can apply techniques such as changing the registry keys of authenticode & Cryptography to obtain their binary as valid.

  • Modifies Windows Firewall

    defense_evasion

  • Possible privilege escalation attempt

    exploit

  • Executes dropped EXE

  • Modifies file permissions

    discovery

  • Enumerates connected drives

    Attempts to read the root path of hard drives other than the default C: drive.

  • Power Settings

    powercfg controls all configurable power system settings on a Windows system and can be abused to prevent an infected host from locking or shutting down.

    persistence

  • Writes to the Master Boot Record (MBR)

    Bootkits write to the MBR to gain persistence at a level below the operating system.

    bootkitpersistence

  • Enumerates processes with tasklist

    discovery

  • Sets desktop wallpaper using registry

    ransomware

  • UPX packed file

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  behavioral1