Overview

overview

10

Static

static

ce53debed7...65.vbs

windows7_x64

10

ce53debed7...65.vbs

windows10_x64

8

Analysis

  • max time kernel
    123s
  • max time network
    161s
  • platform
    windows10_x64
  • resource
    win10-en-20211208
  • submitted
    28-01-2022 18:15

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    ce53debed7256fb71532e0348214356383070d24cc86ac59e94395225761f765.vbs

  • Size

    27KB

  • MD5

    6d4c57b3600d896553e1a4aa0419dfec

  • SHA1

    ae960f8bcb5401e756a4074ca9fdfe6d4b303b23

  • SHA256

    ce53debed7256fb71532e0348214356383070d24cc86ac59e94395225761f765

  • SHA512

    183f4178aa5ff56a7a27f4e6ef70c1a3e9b1fd098a624511053833f0cd310d6dbfc4235f764be204994409a871dce92fbb8559c18750f505f3fcd7cd650d91fa

Score
8/10

Malware Config

Signatures

  • Blocklisted process makes network request 2 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

Processes

  • C:\Windows\System32\WScript.exe
    "C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\ce53debed7256fb71532e0348214356383070d24cc86ac59e94395225761f765.vbs"
    1⤵
    • Blocklisted process makes network request
    PID:660

Network

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

1
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Replay Monitor

Loading Replay Monitor...

Downloads