Hi Guys, 
As the titile suggests, I've been investigating an attack for the past few days, However I'm hitting some brick walls in terms of functionality.
I've done thorough dynamic analysis and it seems that the malware is just doing the following.
Step (1) Drop new executable.
Step (2) Disable windows Defender
Step (3) Add Persistence
Step (4) Call Home
I also believe I have discovered a password hardcoded via static analysis using strings, anyone willing to help further the investigation would be greatly thanked!
					
										
																										
            As the titile suggests, I've been investigating an attack for the past few days, However I'm hitting some brick walls in terms of functionality.
I've done thorough dynamic analysis and it seems that the malware is just doing the following.
Step (1) Drop new executable.
Step (2) Disable windows Defender
Step (3) Add Persistence
Step (4) Call Home
I also believe I have discovered a password hardcoded via static analysis using strings, anyone willing to help further the investigation would be greatly thanked!


