d9d71bd82b62bf4b6acd175d3b0f1de86679e2de5dd240a4169847fe2eaee37e

Analysis

max time kernel
122s
max time network
126s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
13/01/2024, 22:06

Target

5987675876223cbcc877d12596eb6659.vbs
Size

16KB
MD5

5987675876223cbcc877d12596eb6659
SHA1

368525f48795195509e1672c149e6ee3bdeb301d
SHA256

d9d71bd82b62bf4b6acd175d3b0f1de86679e2de5dd240a4169847fe2eaee37e
SHA512

657168672d613f34a69f4907855db89a2220edf7ebebeebfdb33f552273349e5fba7683668901e6a88bedafa2d606e836305f53f14a3133fbacad1107bbae3a5
SSDEEP

384:vfW5qefuO+GuIzWKcx7Rnl7c7N37NR/fall0I3c7BnnntcRm1ccBbcRcpMyGcu2M:ZeTVenJ

Score

3^/10

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2632 wrote to memory of 2160	2632	WScript.exe	28
PID 2632 wrote to memory of 2160	2632	WScript.exe	28
PID 2632 wrote to memory of 2160	2632	WScript.exe	28

C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\5987675876223cbcc877d12596eb6659.vbs"
1⤵
- Suspicious use of WriteProcessMemory
PID:2632
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c set date=%date% &&date 2007-4-1 &&ping -n 19 127.0.0.1&&date %date%
  2⤵
  PID:2160

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact