Analysis
-
max time kernel
122s -
max time network
126s -
platform
windows7_x64 -
resource
win7-20231215-en -
resource tags
arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system -
submitted
13/01/2024, 22:06
Static task
static1
Behavioral task
behavioral1
Sample
5987675876223cbcc877d12596eb6659.vbs
Resource
win7-20231215-en
2 signatures
150 seconds
Behavioral task
behavioral2
Sample
5987675876223cbcc877d12596eb6659.vbs
Resource
win10v2004-20231215-en
3 signatures
150 seconds
General
-
Target
5987675876223cbcc877d12596eb6659.vbs
-
Size
16KB
-
MD5
5987675876223cbcc877d12596eb6659
-
SHA1
368525f48795195509e1672c149e6ee3bdeb301d
-
SHA256
d9d71bd82b62bf4b6acd175d3b0f1de86679e2de5dd240a4169847fe2eaee37e
-
SHA512
657168672d613f34a69f4907855db89a2220edf7ebebeebfdb33f552273349e5fba7683668901e6a88bedafa2d606e836305f53f14a3133fbacad1107bbae3a5
-
SSDEEP
384:vfW5qefuO+GuIzWKcx7Rnl7c7N37NR/fall0I3c7BnnntcRm1ccBbcRcpMyGcu2M:ZeTVenJ
Score
3/10
Malware Config
Signatures
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 2632 wrote to memory of 2160 2632 WScript.exe 28 PID 2632 wrote to memory of 2160 2632 WScript.exe 28 PID 2632 wrote to memory of 2160 2632 WScript.exe 28
Processes
-
C:\Windows\System32\WScript.exe"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\5987675876223cbcc877d12596eb6659.vbs"1⤵
- Suspicious use of WriteProcessMemory
PID:2632 -
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /c set date=%date% &&date 2007-4-1 &&ping -n 19 127.0.0.1&&date %date%2⤵PID:2160
-