Analysis
-
max time kernel
148s -
max time network
155s -
platform
windows10-2004_x64 -
resource
win10v2004-20220901-en -
resource tags
arch:x64arch:x86image:win10v2004-20220901-enlocale:en-usos:windows10-2004-x64system -
submitted
25-11-2022 12:45
Static task
static1
Behavioral task
behavioral1
Sample
cc3b856033ff6cdcbe707979f63d1de301f6548b09be177852c31c4d7d5b4b51.vbs
Resource
win7-20220901-en
Behavioral task
behavioral2
Sample
cc3b856033ff6cdcbe707979f63d1de301f6548b09be177852c31c4d7d5b4b51.vbs
Resource
win10v2004-20220901-en
General
-
Target
cc3b856033ff6cdcbe707979f63d1de301f6548b09be177852c31c4d7d5b4b51.vbs
-
Size
13KB
-
MD5
c04494737fc2e2bf5a94fe2246dc846a
-
SHA1
31ef9a307703a63f0ba855acd780a50c20e2ffa7
-
SHA256
cc3b856033ff6cdcbe707979f63d1de301f6548b09be177852c31c4d7d5b4b51
-
SHA512
815b3f68519f34f8a19690eed1d545e647827f3b0f4c59939f583446f1bedbd8ea73b23966522c3c2861d8ea4784f63c600f6b5bb04eeb877f766fc1835a6f5a
-
SSDEEP
384:MzzVqiGagRYwZSFFOECXCghDSHXWmZg1r+9f7qN:MzxqagRYwZSGECXCgMmsgV/N
Malware Config
Signatures
-
Drops startup file 2 IoCs
Processes:
WScript.exedescription ioc process File created C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\cc3b856033ff6cdcbe707979f63d1de301f6548b09be177852c31c4d7d5b4b51.vbs WScript.exe File opened for modification C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\cc3b856033ff6cdcbe707979f63d1de301f6548b09be177852c31c4d7d5b4b51.vbs WScript.exe -
Adds Run key to start application 2 TTPs 4 IoCs
Processes:
WScript.exedescription ioc process Key created \REGISTRY\USER\S-1-5-21-929662420-1054238289-2961194603-1000\software\microsoft\windows\currentversion\run WScript.exe Set value (str) \REGISTRY\USER\S-1-5-21-929662420-1054238289-2961194603-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\cc3b856033ff6cdcbe707979f63d1de301f6548b09be177852c31c4d7d5b4b51 = "wscript.exe //B \"C:\\Users\\Admin\\AppData\\Local\\Temp\\cc3b856033ff6cdcbe707979f63d1de301f6548b09be177852c31c4d7d5b4b51.vbs\"" WScript.exe Key created \REGISTRY\MACHINE\software\microsoft\windows\currentversion\run WScript.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\cc3b856033ff6cdcbe707979f63d1de301f6548b09be177852c31c4d7d5b4b51 = "wscript.exe //B \"C:\\Users\\Admin\\AppData\\Local\\Temp\\cc3b856033ff6cdcbe707979f63d1de301f6548b09be177852c31c4d7d5b4b51.vbs\"" WScript.exe -
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.