General
-
Target
http://twitch.tv
-
Sample
240623-tan8zswfpa
Static task
static1
URLScan task
urlscan1
Behavioral task
behavioral1
Sample
http://twitch.tv
Resource
win7-20240508-en
31 signatures
1800 seconds
Malware Config
Targets
-
-
Target
http://twitch.tv
-
Modifies visibility of file extensions in Explorer
-
Grants admin privileges
Uses net.exe to modify the user's privileges.
-
Boot or Logon Autostart Execution: Active Setup
Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.
-
Drops startup file
-
Executes dropped EXE
-
Loads dropped DLL
-
Drops desktop.ini file(s)
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Drops file in System32 directory
-
Sets desktop wallpaper using registry
-
MITRE ATT&CK Matrix ATT&CK v13
Persistence
Account Manipulation
1Boot or Logon Autostart Execution
1Active Setup
1Event Triggered Execution
1Accessibility Features
1Privilege Escalation
Boot or Logon Autostart Execution
1Active Setup
1Event Triggered Execution
1Accessibility Features
1Defense Evasion
Hide Artifacts
1Hidden Files and Directories
1Modify Registry
6