Overview

overview

10

Static

static

3707ad9488...f5.vbs

windows7_x64

10

3707ad9488...f5.vbs

windows10-2004_x64

10

Analysis

  • max time kernel
    8s
  • max time network
    16s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-en-20220113
  • submitted
    05-02-2022 16:55

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    3707ad9488f65a2425dc524d7a496e4458410d31b576348487993272505018f5.vbs

  • Size

    1.1MB

  • MD5

    88cb1b3a2c58a40c6ecbd2897465337d

  • SHA1

    2e866fde78317929b59ed9cf63806116b38a0602

  • SHA256

    3707ad9488f65a2425dc524d7a496e4458410d31b576348487993272505018f5

  • SHA512

    08450aaefbe3cce898ac8c6dcb5b065b773fdd2b0f66a630711b85d5510f8553f8d19fa6e634d42a6508deb46c10162b2ed74fd3a433f727799a56bbe4cc1bbc

Score
10/10

Malware Config

Signatures

  • Process spawned unexpected child process 1 IoCs

    This typically indicates the parent process was compromised via an exploit or macro.

  • Loads dropped DLL 1 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Windows\System32\WScript.exe
    "C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\3707ad9488f65a2425dc524d7a496e4458410d31b576348487993272505018f5.vbs"
    1⤵
    • Suspicious use of FindShellTrayWindow
    PID:1532
  • C:\Windows\system32\rundll32.exe
    rundll32 C:\Users\Admin\AppData\Local\Temp\sRjbEZvCFOESXQJ.exe,DllRegisterServer
    1⤵
    • Process spawned unexpected child process
    • Suspicious use of WriteProcessMemory
    PID:2460
    • C:\Windows\SysWOW64\rundll32.exe
      rundll32 C:\Users\Admin\AppData\Local\Temp\sRjbEZvCFOESXQJ.exe,DllRegisterServer
      2⤵
      • Loads dropped DLL
      PID:396

Network

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

1
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\sRjbEZvCFOESXQJ.exe
    MD5

    fcb76558dbf86a26c4bdd2811d5d06b6

    SHA1

    dabfb88a8dea9c8c258be021a3d190e145a65847

    SHA256

    81a9eb444ffc7c5a700d4da6198c2f929d0e312d38667b9d3e29740eccabca3f

    SHA512

    01f4f2457a7660fed51afb1b99f856eaae1398d4e8291c91adf1fdd7343f68e16a18d6e3054f2c6d063b785b51ccc3da4da6aae3544a697902aa70716ad96471

    Download Submit
  • C:\Users\Admin\AppData\Local\Temp\sRjbEZvCFOESXQJ.exe
    MD5

    fcb76558dbf86a26c4bdd2811d5d06b6

    SHA1

    dabfb88a8dea9c8c258be021a3d190e145a65847

    SHA256

    81a9eb444ffc7c5a700d4da6198c2f929d0e312d38667b9d3e29740eccabca3f

    SHA512

    01f4f2457a7660fed51afb1b99f856eaae1398d4e8291c91adf1fdd7343f68e16a18d6e3054f2c6d063b785b51ccc3da4da6aae3544a697902aa70716ad96471

    Download Submit