Overview

overview

10

Static

static

10

Channel.url

windows7_x64

6

Channel.url

windows10-2004_x64

6

Robot.url

windows7_x64

6

Robot.url

windows10-2004_x64

3

Thanks.vbs

windows7_x64

1

Thanks.vbs

windows10-2004_x64

1

Trinity to...ls.exe

windows7_x64

10

Trinity to...ls.exe

windows10-2004_x64

1

Web.url

windows7_x64

6

Web.url

windows10-2004_x64

6

Analysis

  • max time kernel
    2s
  • max time network
    42s
  • platform
    windows7_x64
  • resource
    win7-20220414-en
  • submitted
    24-05-2022 17:42

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Thanks.vbs

  • Size

    1KB

  • MD5

    7d25b62d12494679ab5a8c8e0314bbc9

  • SHA1

    1f127c1afe2f8d7ea39c2e9c8d3b505306c72364

  • SHA256

    d707f9bcc12de7c30e61d7796a4681056ebbff7fe25d5276e05edf02859fd39a

  • SHA512

    511968294dbb3018a7e97212997de9acd5389c2798eb6b3c509bce3f0d2b99d98c512632fe8a61a8b0cae81cd3da649f273fa1e08309d4708c0ba29324a0c667

Score
1/10

Malware Config

Signatures

  • Suspicious use of AdjustPrivilegeToken 2 IoCs

Processes

  • C:\Windows\System32\WScript.exe
    "C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Thanks.vbs"
    1⤵
      PID:376
      • C:\Windows\System32\notepad.exe
        "C:\Windows\System32\notepad.exe"
        2⤵
          PID:1448
      • C:\Windows\SysWOW64\DllHost.exe
        C:\Windows\SysWOW64\DllHost.exe /Processid:{3F6B5E16-092A-41ED-930B-0B4125D91D4E}
        1⤵
          PID:1324
        • C:\Windows\system32\AUDIODG.EXE
          C:\Windows\system32\AUDIODG.EXE 0x50c
          1⤵
          • Suspicious use of AdjustPrivilegeToken
          PID:1348

        Network

        MITRE ATT&CK Matrix

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • memory/376-54-0x000007FEFBD41000-0x000007FEFBD43000-memory.dmp
          Filesize

          8KB

          Download
        • memory/1448-55-0x0000000000000000-mapping.dmp
          Download