f6925b16f65103a11dc398ce38d6b7520093fd130c1f3e9b7d14f82314163eca | Triage

Submit
Reports

Overview

overview

3

Static

static

f6925b16f6...ca.vbs

windows7-x64

3

f6925b16f6...ca.vbs

windows10-2004-x64

3

Analysis

max time kernel
161s
max time network
189s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
20/10/2022, 16:09

Sharing

Copy URL Twitter E-mail

Static task

static1

Behavioral task

behavioral1

Sample

f6925b16f65103a11dc398ce38d6b7520093fd130c1f3e9b7d14f82314163eca.vbs

Resource

win7-20220901-en

windows7-x64

1 signatures

150 seconds

Behavioral task

behavioral2

Sample

f6925b16f65103a11dc398ce38d6b7520093fd130c1f3e9b7d14f82314163eca.vbs

Resource

win10v2004-20220812-en

windows10-2004-x64

1 signatures

150 seconds

Report Analysis Logs

General

Target

f6925b16f65103a11dc398ce38d6b7520093fd130c1f3e9b7d14f82314163eca.vbs
Size

3KB
MD5

814b871f106adf359bcb81908dcac5a7
SHA1

25648b69351e6dd22c021719c87e338cd810df25
SHA256

f6925b16f65103a11dc398ce38d6b7520093fd130c1f3e9b7d14f82314163eca
SHA512

961b4d935553456c8ae900c28ff940b0aeda48259ae06a28c749daf6d4a8fa5e9a03efe37fae6d1d742f03e8bba07184a52c6db8367971ee0d9747e90ab8ef6d

Score

3^/10

Malware Config

Signatures

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

System Information Discovery
T1082

Processes

C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\f6925b16f65103a11dc398ce38d6b7520093fd130c1f3e9b7d14f82314163eca.vbs"
1⤵
PID:4208

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

© 2018-2025

Terms | Privacy