Analysis

  • max time kernel
    150s
  • max time network
    157s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20221111-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20221111-enlocale:en-usos:windows10-2004-x64system
  • submitted
    23-11-2022 09:35

General

  • Target

    49d24056a61b688a35c1c486f2f11787446a71f425e935084f2cca79245c1838.vbs

  • Size

    137KB

  • MD5

    8a766b081dc4e3a60d8aa9fef5b25b65

  • SHA1

    8e47fcbf4d4e1452959c88ab3ff385ba1c349a1b

  • SHA256

    49d24056a61b688a35c1c486f2f11787446a71f425e935084f2cca79245c1838

  • SHA512

    511c91cdbf931c063daa97da1b0d8b9f802f008dd390503720a40ff8579eafbfb3de4710f174acd7bb6627f49f55026a254345c5a269124563fb0026ab2428be

  • SSDEEP

    192:EmdL+vn03wunMNfNbP3vx9vu8vwyydvNFMj4X0z9bqwlw5v0wQFmixqY+vwv0yra:vmRmuqzkkeo

Score
8/10

Malware Config

Signatures

  • Blocklisted process makes network request 5 IoCs
  • Drops startup file 2 IoCs
  • Adds Run key to start application 2 TTPs 4 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

Processes

  • C:\Windows\System32\WScript.exe
    "C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\49d24056a61b688a35c1c486f2f11787446a71f425e935084f2cca79245c1838.vbs"
    1⤵
    • Blocklisted process makes network request
    • Drops startup file
    • Adds Run key to start application
    PID:1036

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads