Overview

overview

7

Static

static

1

51e909c1ba...fc.vbs

windows7-x64

3

51e909c1ba...fc.vbs

windows10-2004-x64

7

Analysis

  • max time kernel
    117s
  • max time network
    153s
  • platform
    windows7_x64
  • resource
    win7-20231215-en
  • resource tags

    arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
  • submitted
    10/01/2024, 23:25

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    51e909c1badb84a70df015d4ed3d78fc.vbs

  • Size

    17KB

  • MD5

    51e909c1badb84a70df015d4ed3d78fc

  • SHA1

    7e05dd9ae5416cef9acf19ffe04cf2df5396c1f6

  • SHA256

    355b7ad8cbfe01fddd5922203a911aa8c2d8adf8e2ec5f141889db1f0c640c2b

  • SHA512

    f39a828dc22e9d53873b448d61bae74c622fba9420f163d78a3904f3fba0d2770d15c55f73ac044234765cee7eff1bdc5321dd18c593a2cde40e088989b1a772

  • SSDEEP

    192:cZhbwnqhbXlM4Ud8GMQsM4UiuM4UFpM4UORkcWD4cfuc87NU2U3B5ht6HAw+:c70nmK4UCGrl4Um4UM4UUZWZfD8shAgX

Score
3/10

Malware Config

Signatures

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Kills process with taskkill 3 IoCs
    evasion
  • Modifies Internet Explorer settings 1 TTPs 56 IoCs
    adwarespyware
  • Suspicious use of AdjustPrivilegeToken 3 IoCs
  • Suspicious use of FindShellTrayWindow 2 IoCs
  • Suspicious use of SetWindowsHookEx 10 IoCs
  • Suspicious use of WriteProcessMemory 23 IoCs

Processes

  • C:\Windows\System32\WScript.exe
    "C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\51e909c1badb84a70df015d4ed3d78fc.vbs"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:304
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" https://cs-16.ro/
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2660
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2660 CREDAT:275457 /prefetch:2
        3⤵
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:2860
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" https://blackghost.ro/
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:1444
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1444 CREDAT:275457 /prefetch:2
        3⤵
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:2600
    • C:\Windows\System32\taskkill.exe
      "C:\Windows\System32\taskkill.exe" /f /im ati.exe
      2⤵
      • Kills process with taskkill
      • Suspicious use of AdjustPrivilegeToken
      PID:2364
    • C:\Windows\System32\taskkill.exe
      "C:\Windows\System32\taskkill.exe" /f /im hlds.exe
      2⤵
      • Kills process with taskkill
      • Suspicious use of AdjustPrivilegeToken
      PID:1424
    • C:\Windows\System32\taskkill.exe
      "C:\Windows\System32\taskkill.exe" /f /im ati.exe
      2⤵
      • Kills process with taskkill
      • Suspicious use of AdjustPrivilegeToken
      PID:2872

Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          344B

          MD5

          99f2f092070df3971fa890964014fe90

          SHA1

          2e6f168c57139f8e1f3ec7a1d401d87f3965fb09

          SHA256

          f70cb3e6a8a7dfa380faa720ab50c94ce001c0730da6b088bf7a5225b9d89b1b

          SHA512

          ba2657072a6c9cf5e6077eb157310ee026ecda65801e83eab5c7b7fffe4bf44fdd3eb9c1a8e77bf23acac8f601b28032b6e96ded3d8de57fd6b891f6b5636f5b

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          344B

          MD5

          4240e9db80d48733b7bb24765f89c329

          SHA1

          3341a1d0cd6267d7148fc8a188c630b6f0b3edc0

          SHA256

          6924471d22a7ad4cc2daeec486a2068dd68c27f51ca32ae8aeef7a4f75294f68

          SHA512

          6ff53103b55c90d2c7a8516bcfe389a44e58eca696f55ea685e03c29fb0641d662127c4a46fbb6b82663cec1af7332d75ac39fa9e77ae75738cc6e5fba524a8d

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          344B

          MD5

          72632c6842d922b0ee11b688b4bab587

          SHA1

          e6d2bc89da04cb76e16458f50c83292b5f92c221

          SHA256

          0f53e735efe47d9859972a60846796f5fbb5520f60a079c279e41fe5f9e9ce97

          SHA512

          435c9636dfdef04255b5e79200a69e8df186a9dcbf1e491a6132c1b1d1a31ced3e1b5a6a612d85373f8fe623b56e3445b03cd45d0a3f0c3a97b39f5a88d00b7e

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          344B

          MD5

          3c65a5da52586eceef560580b81ebd89

          SHA1

          4f5760557a765987ec4805651d099ce28a672d78

          SHA256

          59d3a5a48cd0ffe48da6db38bb11c132ffdc22dbc3373808bbac6360f3b7aae1

          SHA512

          fda0a14e1768357592bf453d7afe0039b5920288db6471e5775b6d006ef26ae88f478fe5cebe7939d60dd5f68b07e5bdec396ce703907503452707ed290126d4

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          344B

          MD5

          3bbd03ff4fde8e0afc926ddc75cf1aa4

          SHA1

          7bdcf3533297dbec5f7deb10f789687185a80eaa

          SHA256

          752a21842cbada63bd3f8da5b2db1ca6f21a418db123b11a425cf68bf2a8ef6d

          SHA512

          5e1483e950f8dd6a284336a5414c930875057ca73f3e420684f3ffd869b241c1e1f9b5fd7ec3fc41b9dda03e21293e9dd6778014f4122321b38204c6534cb6da

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          344B

          MD5

          bb7a9321c8637db2b511ab99dc7e5d74

          SHA1

          3db6ab3aa529dea9ae0033dd6f400d9135542d2c

          SHA256

          718308e9bd5afd3877ff9c3b17dc9ebcc45b71c3d3902920d6ca9de0f78908fd

          SHA512

          3daefcc76753048af027dc503b0dce3b1041a8d5d29bcada1f43dee1b3f3d5904f52f233234e22bae1458462d47cc3d8ec195c9f85cbd420b724b1621acab38a

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          344B

          MD5

          aed737737d244e3ab465c975d5e8aaf6

          SHA1

          89a50684fdb0b63174c2d5504eed88e9697fadc4

          SHA256

          31f0d56b30bf116e86e0cda7b03d8769bb41833431771c22d71f10587c1e3e09

          SHA512

          849d4452e84ddeddef98a4514bfc947e386b78504749906bfbf680690d06df052787b51b890898e14b8db03865dca8b331dd1e1df9403da81e5dc8ab9150e2d0

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          344B

          MD5

          6b28ffce06b000c4379146bc66ccc656

          SHA1

          d73739a05fe06d265fd9846eb37b049274187118

          SHA256

          a6c25599f37b28c0f2e78379f5bbc54e8403ab76dff960f5f78421741d81a55d

          SHA512

          6eb7d22c8375c8c06e398af4139c3e6cd38649021bcf9b366bb46ed8b0ce9057bcf4beb79cc5957e8fcc53d167cdc2ade91a85f3bb5636533e5341b3de5cf393

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          344B

          MD5

          21a2f5d3b6a403a1cb8bfe212f709bcc

          SHA1

          94f622a99827ada2a453b0cb398597e1fe123322

          SHA256

          9f2a3604cd65939d4ff37fafb0203a79ee9cdaeea58966103d657331b209a5a3

          SHA512

          db4c7636ccc5f2fae8bda66f0fb436e5089d3907b60a6e33bfe2f3a978ab3ec02fa881d38e23738fea9fe9638f2e41648d2e112475a84cb381d8a58607906117

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          344B

          MD5

          2b9bdf5f1fb1b3ff8d4f46084829c4c7

          SHA1

          2d206a89992ab4fb7bb2e1abf7ba60c3bec6caab

          SHA256

          3b4e59f277d492612323c19e701cb6c16a99d0a39a14241104329a056477535e

          SHA512

          4e9b9199ccb3cf0f02cb5f2e84a0a07042da59bdb7e663b61cb797b222c6006971b6638a4023adc0206bdfdcee53b5d618e93c3d951beb64d93dd2f31108ebff

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          344B

          MD5

          8ba063618d43fce217089cf9133718b4

          SHA1

          26532917b92f44f72fae91280cc0416352d3344f

          SHA256

          fbd163a9af50db674a0448813ab49de1fd92349f18afd30b2690cfa7e0736278

          SHA512

          87b4cd3972c2cc638ea177601a0996850abcc5cb5d4885eae8491db17d44bea85de0e3a4e25d6898c04f5d99075bacf2547ec4314ed43041bf77132a72824dfb

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          344B

          MD5

          45182bd7d21dbaec48dc41e0fb98273c

          SHA1

          8b5a033374b5fc683cbf3cbaa6b242d16d354af1

          SHA256

          5689b4474acf14a2e4ea585c512e4e40f1826cea690530f425550564f99ba754

          SHA512

          45db8badf5e80cd8558ea905e108a80b51a0ea295d103abba4dc8a1e68954c5f671f73ae11cb8162734f37b618d654ce86865a3337623165d66025c6e1072ebf

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          344B

          MD5

          36bdf291de7d2dad47dd46f443c5ca98

          SHA1

          1fd3e6fc335c6e2661f8e0d941d095aa176ffc36

          SHA256

          943ca1bc38c21e1ce62b12a2c13a75e481b443d5422016a9fbec90274233519c

          SHA512

          41475aad2daf8eb9d8e83c54af44c95beb001db59998085e383e49ae8045f48f7b5ab4641b868f78ded3c101ef3d95137027ae2b5af4a61747379982dfa74475

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          344B

          MD5

          e6897434ca6d817b449379cc9e33a7d4

          SHA1

          563574bef8879c06fa432cb80020fa059dd1caec

          SHA256

          e590fa7ec9ea016731b8da2cf15f4326043a07659dc50c72901f5def75e62675

          SHA512

          edc8fade77e85c02075a924c5688df35b919f445fd74539daaae39703b2036b51019b7af3b3019a729951c9c0f5ecf52577753c640fe9f8f5d098039965df460

          Download Submit

        • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{C127A941-B00F-11EE-86C9-CE9B5D0C5DE4}.dat
          Filesize

          5KB

          MD5

          2b7f54c82ff67094958895277862ae10

          SHA1

          6e96717218418799bf975d8a3dcb2e26786dc2d3

          SHA256

          941b492c20ea63a36a6ed71ef351f2e653792e7cf45041dbd59881e829e9d156

          SHA512

          d5a4c8e9568272a108f17d70aab76e0929a6957ccf43aa8e3f293e2ad0932a1e0a602e7455a4dd11c10f53eac9aef0eafd43709669c869c107facb5c4e324a48

          Download Submit

        • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{C127D051-B00F-11EE-86C9-CE9B5D0C5DE4}.dat
          Filesize

          5KB

          MD5

          682e6736e618fc3b4117017ac5c8a0e5

          SHA1

          2fdc783bf0775c94edb740a57fd8f5f85dbb6f26

          SHA256

          e738cd2c8fb5b7685ceb846770096791b0b2a1c36a2de6bfdb4b43aff0c7baa0

          SHA512

          700b0d1faee7a14d90fbcd7ef2e73d2c5029f74bdcaef56bb6085245bee006c975045f86887ca0b32e57727615b1983c4831950df23483cf807dbffa85194fbf

          Download Submit

        • C:\Users\Admin\AppData\Local\Temp\Cab78AC.tmp
          Filesize

          65KB

          MD5

          ac05d27423a85adc1622c714f2cb6184

          SHA1

          b0fe2b1abddb97837ea0195be70ab2ff14d43198

          SHA256

          c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

          SHA512

          6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

          Download Submit

        • C:\Users\Admin\AppData\Local\Temp\Tar79B8.tmp
          Filesize

          171KB

          MD5

          9c0c641c06238516f27941aa1166d427

          SHA1

          64cd549fb8cf014fcd9312aa7a5b023847b6c977

          SHA256

          4276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f

          SHA512

          936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06

          Download Submit