General
-
Target
RFQ_IMAGES_Hayyas (Waltham Cross).vbs
-
Size
10KB
-
Sample
200713-qn5f67npks
-
MD5
b4d24a672f4a1daa990c11c03db8295e
-
SHA1
16b930060de04f72d7f9b735c5c383fbb256e2a4
-
SHA256
e81b0ab02b19ac2f9e57d1db647377d1449a4f08bb95070b49f81249b44ed43f
-
SHA512
f4c874f2d194a587b9cf08b3a0d2553e03ca98cf1409d26ccfb970532d2e5d1608d38a3abc32aad35c3d3824d24b5fca7f0407306053a3a24b6f3099a48c99c0
Malware Config
Targets
-
-
Target
RFQ_IMAGES_Hayyas (Waltham Cross).vbs
-
Size
10KB
-
MD5
b4d24a672f4a1daa990c11c03db8295e
-
SHA1
16b930060de04f72d7f9b735c5c383fbb256e2a4
-
SHA256
e81b0ab02b19ac2f9e57d1db647377d1449a4f08bb95070b49f81249b44ed43f
-
SHA512
f4c874f2d194a587b9cf08b3a0d2553e03ca98cf1409d26ccfb970532d2e5d1608d38a3abc32aad35c3d3824d24b5fca7f0407306053a3a24b6f3099a48c99c0
Score10/10-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Blacklisted process makes network request
-
Adds Run entry to start application
-
Legitimate hosting services abused for malware hosting/C2
-
Drops file in System32 directory
-