MalwareAnalysisSeries

This repository contains the analysis reports, technical details or any tools created for helping in malware analysis. Additionally, the repo contains extracted TTPs with code along with the detection rules

Project maintained by shaddy43 Hosted on GitHub Pages — Theme by mattgraham

MedusaLocker: Disable UAC Prompt

MedusaLocker Image

This TTP is used to disable UAC prompt in the victim system and has been extracted from MedusaLocker Ransomware. It modifies registry keys to disable UAC prompt. It requires Admin privileges to disable the UAC on the system. Once the testcase has successfully been executed, every process can be opened as admin without the admin prompt shown on the screen.

The test case doesn’t necessarily disable UAC. But only disables the prompt, which means that the malware can open any process as admin without any consent from user and can easily elevate privileges.

Open the registry key

RegOpenKeyEx(HKEY_LOCAL_MACHINE, L"SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\System", 0, KEY_ALL_ACCESS, &hKey);

Change the value

RegSetValueEx(hKey, L"ConsentPromptBehaviorAdmin", 0, REG_DWORD, (LPBYTE)&value, sizeof(DWORD));

Find Complete Code Click Here: Shaddy43/MalwareAnalaysisSeries

Disclaimer

For educational purposes only!!!