General
-
Target
http://start-process PowerShell -verb runas
-
Sample
240627-mc3qtsyelj
Static task
static1
URLScan task
urlscan1
Behavioral task
behavioral1
Sample
http://start-process PowerShell -verb runas
Resource
win11-20240611-en
windows11-21h2-x64
31 signatures
1800 seconds
Malware Config
Targets
-
-
Target
http://start-process PowerShell -verb runas
-
Downloads MZ/PE file
-
Modifies Windows Firewall
-
ACProtect 1.3x - 1.4x DLL software
Detects file using ACProtect software.
-
Executes dropped EXE
-
Loads dropped DLL
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Drops file in System32 directory
-
MITRE ATT&CK Matrix ATT&CK v13
Execution
System Services
1Service Execution
1Command and Scripting Interpreter
1Persistence
Create or Modify System Process
2Windows Service
2Event Triggered Execution
1Netsh Helper DLL
1Privilege Escalation
Create or Modify System Process
2Windows Service
2Access Token Manipulation
1Create Process with Token
1Event Triggered Execution
1Netsh Helper DLL
1