Overview

overview

8

Static

static

1

ADZP 20 Complex.cmd

windows11-21h2-x64

8

Sharing

Copy URL
Twitter E-mail

General

  • Target

    ADZP 20 Complex.cmd

  • Size

    10KB

  • Sample

    240706-3lggyszdjb

  • MD5

    e12f846bf65a57321794ad4fbf1fac8b

  • SHA1

    6e3126868a68005fc0a426da13d256c2a0136b5e

  • SHA256

    e01060af4aebe2aa52c598e171b6f5cb2e0de2b8857c72b56301140611bda390

  • SHA512

    21b7871ffe232f0f3501cce4e035b1c3dd13813091b967ce2479ff555640154c8c700dcadf029b4868d9f25f52e5b47cf2459ae90c3e0cd4080772f1d2ae664c

  • SSDEEP

    192:88fvn9rD7rYVTiuIxhoAtpYAjDj8+3M8dfmJWap3ahzKcd1h4kuWSZBxAp:BVNmJWo3yzK+

Score
8/10
defense_evasiondiscoveryevasionexecutionexploitpersistenceprivilege_escalation

Malware Config

Targets

    • Target

      ADZP 20 Complex.cmd

    • Size

      10KB

    • MD5

      e12f846bf65a57321794ad4fbf1fac8b

    • SHA1

      6e3126868a68005fc0a426da13d256c2a0136b5e

    • SHA256

      e01060af4aebe2aa52c598e171b6f5cb2e0de2b8857c72b56301140611bda390

    • SHA512

      21b7871ffe232f0f3501cce4e035b1c3dd13813091b967ce2479ff555640154c8c700dcadf029b4868d9f25f52e5b47cf2459ae90c3e0cd4080772f1d2ae664c

    • SSDEEP

      192:88fvn9rD7rYVTiuIxhoAtpYAjDj8+3M8dfmJWap3ahzKcd1h4kuWSZBxAp:BVNmJWo3yzK+

    Score
    8/10
    defense_evasiondiscoveryevasionexecutionexploitpersistenceprivilege_escalation

    • Command and Scripting Interpreter: PowerShell

      Run Powershell and hide display window.

      execution

    • Disables Task Manager via registry modification

      evasion

    • Modifies Windows Firewall

      evasion

    • Possible privilege escalation attempt

      exploit

    • Modifies file permissions

      discovery

    • Adds Run key to start application

      persistence

    • File and Directory Permissions Modification: Windows File and Directory Permissions Modification

      defense_evasion

    • Modifies boot configuration data using bcdedit

    • Drops autorun.inf file

      Malware can abuse Windows Autorun to spread further via attached volumes.

    behavioral1

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Replication Through Removable Media

1
T1091

Execution

Command and Scripting Interpreter

2
T1059

PowerShell

1
T1059.001

Persistence

Create or Modify System Process

1
T1543

Windows Service

1
T1543.003

Boot or Logon Autostart Execution

1
T1547

Registry Run Keys / Startup Folder

1
T1547.001

Event Triggered Execution

1
T1546

Netsh Helper DLL

1
T1546.007

Privilege Escalation

Create or Modify System Process

1
T1543

Windows Service

1
T1543.003

Boot or Logon Autostart Execution

1
T1547

Registry Run Keys / Startup Folder

1
T1547.001

Event Triggered Execution

1
T1546

Netsh Helper DLL

1
T1546.007

Defense Evasion

Impair Defenses

1
T1562

Disable or Modify System Firewall

1
T1562.004

File and Directory Permissions Modification

2
T1222

Windows File and Directory Permissions Modification

1
T1222.001

Modify Registry

2
T1112

Hide Artifacts

1
T1564

Hidden Files and Directories

1
T1564.001

Credential Access

Discovery

System Information Discovery

1
T1082

Lateral Movement

Replication Through Removable Media

1
T1091

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks