Analysis
-
max time kernel
17s -
max time network
120s -
platform
windows10_x64 -
resource
win10v20210408 -
submitted
09-06-2021 18:57
Static task
static1
Behavioral task
behavioral1
Sample
IvHUBr2n.wsf
Resource
win7v20210408
windows7_x64
0 signatures
0 seconds
Behavioral task
behavioral2
Sample
IvHUBr2n.wsf
Resource
win10v20210408
windows10_x64
0 signatures
0 seconds
General
-
Target
IvHUBr2n.wsf
-
Size
7KB
-
MD5
854655955fd6ad26285ad083cc413602
-
SHA1
e1e1a57d75ea1ef2bcaf37a7c04ed83face11add
-
SHA256
c9704b81ede076637ffb9c981443620588c843475394f45769ea3e9743e54a0a
-
SHA512
7b2061f9281050c9db6aa683735a57f11ec931c38cf627f11115ab2bac4596029030c7f529b0746c61a197353f240bb93a3ea654885d3dd47b6629a6661eb94d
Score
8/10
Malware Config
Signatures
-
Blocklisted process makes network request 1 IoCs
Processes:
WScript.exeflow pid process 6 672 WScript.exe -
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.
-
Script User-Agent 1 IoCs
Uses user-agent string associated with script host/environment.
Processes:
description flow ioc HTTP User-Agent header 6 Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)