52ec3ba075a507e62bb6e3272fb13b30a8ddc0f62c4ea194311d558b338eb5ed

Analysis

max time kernel
122s
max time network
125s
platform
windows7_x64
resource
win7-20230712-en
resource tags

arch:x64arch:x86image:win7-20230712-enlocale:en-usos:windows7-x64system
submitted
12-08-2023 16:22

Target

info.vbe
Size

1KB
MD5

e9ffdb716af3d355b25096a8ed4de8ef
SHA1

66e2b15ba4dbfa127c3ec86abce666870a4a168a
SHA256

30daba44a4a25ff5750508613f897057a55337458f19b562e2ed1172c77e626b
SHA512

f157dc99dfd4c1bec37deba85ed5250f70e169ab2d21b2c75d7d94b4463608c3c74ed9ab773e1359735cb95cb1f38333887d3c8e65c80c0cdfeee8bcb0d019f3

Score

3^/10

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2596 wrote to memory of 2288	2596	WScript.exe	28
PID 2596 wrote to memory of 2288	2596	WScript.exe	28
PID 2596 wrote to memory of 2288	2596	WScript.exe	28

C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\info.vbe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2596
- C:\Windows\System32\cscript.exe
  "C:\Windows\System32\cscript.exe" "C:\Users\Admin\AppData\Local\Temp\info.vbe"
  2⤵
  PID:2288

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact