Analysis
-
max time kernel
123s -
max time network
161s -
platform
windows10_x64 -
resource
win10-en-20211208 -
submitted
28-01-2022 18:15
Static task
static1
Behavioral task
behavioral1
Sample
ce53debed7256fb71532e0348214356383070d24cc86ac59e94395225761f765.vbs
Resource
win7-en-20211208
Behavioral task
behavioral2
Sample
ce53debed7256fb71532e0348214356383070d24cc86ac59e94395225761f765.vbs
Resource
win10-en-20211208
General
-
Target
ce53debed7256fb71532e0348214356383070d24cc86ac59e94395225761f765.vbs
-
Size
27KB
-
MD5
6d4c57b3600d896553e1a4aa0419dfec
-
SHA1
ae960f8bcb5401e756a4074ca9fdfe6d4b303b23
-
SHA256
ce53debed7256fb71532e0348214356383070d24cc86ac59e94395225761f765
-
SHA512
183f4178aa5ff56a7a27f4e6ef70c1a3e9b1fd098a624511053833f0cd310d6dbfc4235f764be204994409a871dce92fbb8559c18750f505f3fcd7cd650d91fa
Malware Config
Signatures
-
Blocklisted process makes network request 2 IoCs
Processes:
WScript.exeflow pid process 11 660 WScript.exe 13 660 WScript.exe -
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.