Overview

overview

10

Static

static

6

22D1F555S0...1S.vbs

windows7_x64

8

22D1F555S0...1S.vbs

windows10_x64

8

~.exe

windows7_x64

10

~.exe

windows10_x64

10

Analysis

  • max time kernel
    16s
  • max time network
    110s
  • platform
    windows10_x64
  • resource
    win10v20201028
  • submitted
    02-11-2020 15:12

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    22D1F555S00DF22S1F44AAA5D1S.vbs

Score
8/10

Malware Config

Signatures

  • Blocklisted process makes network request 1 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

  • Modifies registry class 1 IoCs
  • Suspicious use of WriteProcessMemory 2 IoCs

Processes

  • C:\Windows\System32\WScript.exe
    "C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\22D1F555S00DF22S1F44AAA5D1S.vbs"
    1⤵
    • Modifies registry class
    • Suspicious use of WriteProcessMemory
    PID:508
    • C:\Windows\System32\WScript.exe
      "C:\Windows\System32\WScript.exe" "C:\Users\Public\M77.vbs"
      2⤵
      • Blocklisted process makes network request
      PID:2488

Network

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

1
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Public\M77.vbs
    MD5

    5aec3639f28abb4748a5677d23d5e9e6

    SHA1

    8c2aaf57bfa5235c2e45f44f04fc387ef2b1abd9

    SHA256

    0714fac09f397831033f871b24b9850a72e6833a231e4f207c82c13c59d93945

    SHA512

    8c6d28e0402acaa40ea762ab6e5763e5994ae8b57f063650e9aa882aa4afdb030102701d45698908022fdf036e2e668075dd9fc6852d1936be469bc3ae38d075

    Download Submit
  • memory/2488-0-0x0000000000000000-mapping.dmp
    Download