General
-
Target
http://start-process PowerShell -verb runas
-
Sample
240627-mc3qtsyelj
Score
8/10
Malware Config
Targets
-
-
Target
http://start-process PowerShell -verb runas
Score8/10-
Downloads MZ/PE file
-
Modifies Windows Firewall
-
Stops running service(s)
-
ACProtect 1.3x - 1.4x DLL software
Detects file using ACProtect software.
-
Executes dropped EXE
-
Loads dropped DLL
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Detected potential entity reuse from brand microsoft.
-
Drops file in System32 directory
-
MITRE ATT&CK Matrix ATT&CK v13
Execution
System Services
1Service Execution
1Command and Scripting Interpreter
1Persistence
Create or Modify System Process
2Windows Service
2Event Triggered Execution
1Netsh Helper DLL
1Privilege Escalation
Create or Modify System Process
2Windows Service
2Access Token Manipulation
1Create Process with Token
1Event Triggered Execution
1Netsh Helper DLL
1