Analysis

  • max time kernel
    145s
  • max time network
    154s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20230915-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20230915-enlocale:en-usos:windows10-2004-x64system
  • submitted
    12-10-2023 06:28

General

  • Target

    tmp560779530.vbs

  • Size

    710B

  • MD5

    5e5a87d0034e80e6b86a64387779dc2e

  • SHA1

    109469f781a1cd257d7e8ef443ad961c6d740733

  • SHA256

    74bb36d7b564db9687d94f8038d5e8b0c951da5d7799c0c9ce8b25fef6238185

  • SHA512

    026a957405509add41171907f420ba52b68079d007be9084417adf667accdfa13e3c6af0c096e147935337648a548c9f56d95c83fb9087d4094c99ebd1f08432

Score
1/10

Malware Config

Signatures

  • Modifies Internet Explorer settings 1 TTPs 43 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 4 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Windows\System32\WScript.exe
    "C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\tmp560779530.vbs"
    1⤵
      PID:4440
    • C:\Program Files (x86)\Internet Explorer\ielowutil.exe
      "C:\Program Files (x86)\Internet Explorer\ielowutil.exe" -CLSID:{0002DF01-0000-0000-C000-000000000046} -Embedding
      1⤵
        PID:3388
      • C:\Program Files\Internet Explorer\iexplore.exe
        "C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
        1⤵
        • Modifies Internet Explorer settings
        • Suspicious use of FindShellTrayWindow
        • Suspicious use of SetWindowsHookEx
        • Suspicious use of WriteProcessMemory
        PID:3420
        • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
          "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:3420 CREDAT:17410 /prefetch:2
          2⤵
          • Modifies Internet Explorer settings
          • Suspicious use of SetWindowsHookEx
          PID:852

      Network

      MITRE ATT&CK Enterprise v15

      Replay Monitor

      Loading Replay Monitor...

      Downloads

      • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\cw5vowd\imagestore.dat

        Filesize

        2KB

        MD5

        ceb0027271d6dc61bec5da60c17c0634

        SHA1

        e95aa7cfbdb26619dc8d9c99430c285bd7a8d145

        SHA256

        b66da004a1ad2714535739fbf110b434ce8f701dc031e8f77394753e4d570421

        SHA512

        c60666c1c6e2353ade620c8cb52e704c8854348de26aa2a5b468783cf5b8c755bf1a910f182ca6f14bce65ad3be1da24ac931039a6799cf52445a5af220c37cb

      • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\N8VHZYYG\favicon[1].ico

        Filesize

        2KB

        MD5

        a2606f1274e1ca7769c7a713ae7c444a

        SHA1

        f5619384b322523f10b127f89675e1b29ac7db3f

        SHA256

        791525a225922b4680d5dd9cee1a3fe11596045c85569bce6449743ab30af70a

        SHA512

        b0283c2cc9192c1e63a1479e41a64c622495e8305ade63949e36a106ae1ab545bfce1a7dd18d03ae26ca1a321f14fce78aed42d3b16a8568c14234b8d54b1c69

      • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\N8VHZYYG\suggestions[1].en-US

        Filesize

        17KB

        MD5

        5a34cb996293fde2cb7a4ac89587393a

        SHA1

        3c96c993500690d1a77873cd62bc639b3a10653f

        SHA256

        c6a5377cbc07eece33790cfc70572e12c7a48ad8296be25c0cc805a1f384dbad

        SHA512

        e1b7d0107733f81937415104e70f68b1be6fd0ca65dccf4ff72637943d44278d3a77f704aedff59d2dbc0d56a609b2590c8ec0dd6bc48ab30f1dad0c07a0a3ee