General
-
Target
https://github.com/vouy/Amidewin-Perm-Spoofer-Source/blob/main/x64/Release/Solution.exe
-
Sample
240704-rs412sxgrr
Static task
static1
URLScan task
urlscan1
Behavioral task
behavioral1
Sample
https://github.com/vouy/Amidewin-Perm-Spoofer-Source/blob/main/x64/Release/Solution.exe
Resource
win10v2004-20240611-en
Malware Config
Targets
-
-
Target
https://github.com/vouy/Amidewin-Perm-Spoofer-Source/blob/main/x64/Release/Solution.exe
-
Deletes shadow copies
Ransomware often targets backup files to inhibit system recovery.
-
Downloads MZ/PE file
-
Modifies Windows Firewall
-
Executes dropped EXE
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Legitimate hosting services abused for malware hosting/C2
-
Drops file in System32 directory
-
MITRE ATT&CK Matrix ATT&CK v13
Execution
Windows Management Instrumentation
1System Services
1Service Execution
1Command and Scripting Interpreter
1Persistence
Create or Modify System Process
2Windows Service
2Event Triggered Execution
1Netsh Helper DLL
1Privilege Escalation
Create or Modify System Process
2Windows Service
2Event Triggered Execution
1Netsh Helper DLL
1Defense Evasion
Indicator Removal
2File Deletion
2Impair Defenses
2Disable or Modify System Firewall
1Direct Volume Access
1Modify Registry
1