Overview

overview

3

Static

static

1

one/About.vbs

windows7-x64

1

one/About.vbs

windows10-2004-x64

1

one/Area.vbs

windows7-x64

1

one/Area.vbs

windows10-2004-x64

1

one/End.asp

windows7-x64

3

one/End.asp

windows10-2004-x64

3

one/Express_list.asp

windows7-x64

3

one/Express_list.asp

windows10-2004-x64

3

one/Foot.asp

windows7-x64

3

one/Foot.asp

windows10-2004-x64

3

one/Index.js

windows7-x64

1

one/Index.js

windows10-2004-x64

1

one/Job.vbs

windows7-x64

1

one/Job.vbs

windows10-2004-x64

1

one/Left.vbs

windows7-x64

1

one/Left.vbs

windows10-2004-x64

1

one/Main.vbs

windows7-x64

1

one/Main.vbs

windows10-2004-x64

1

one/Message.vbs

windows7-x64

1

one/Message.vbs

windows10-2004-x64

1

one/Netserve.asp

windows7-x64

3

one/Netserve.asp

windows10-2004-x64

3

one/Netsys...te.asp

windows7-x64

3

one/Netsys...te.asp

windows10-2004-x64

3

one/Netsys...ify.js

windows7-x64

1

one/Netsys...ify.js

windows10-2004-x64

1

one/Netsys...in.asp

windows7-x64

3

one/Netsys...in.asp

windows10-2004-x64

3

one/Netsys...ig.vbs

windows7-x64

1

one/Netsys...ig.vbs

windows10-2004-x64

1

one/Netsys...nn.asp

windows7-x64

3

one/Netsys...nn.asp

windows10-2004-x64

3

Analysis

  • max time kernel
    147s
  • max time network
    149s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231222-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231222-enlocale:en-usos:windows10-2004-x64system
  • submitted
    19-01-2024 13:09

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    one/Main.vbs

  • Size

    5KB

  • MD5

    d8931de6f3ad4f37ba6e988244aead19

  • SHA1

    0b8d098d19c928bc07114365c691b6b04c2bfb6e

  • SHA256

    7585745a2c4a6a7d25b0cd39a8aef36076f2eb225d5690b7f892fa4b6c9c24d6

  • SHA512

    cfbd1556ac7a07991a7c63fd9a6af423c2372528e12bff4ab480b72d37ea9968c3c7b96abaa42d1fc73998989a88b08a13c8b0f2a3d8a6dafa6a462d05b208a8

  • SSDEEP

    96:IKwxPLXLTLnBdmVmmk0t9/mkCCCUBG+hf+lZt9Hncb3mJueWEaWIgRBBx7:IK0P7PTHrmlttmLCD4+hf+lZt5cj3EtJ

Score
1/10

Malware Config

Signatures

  • Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes

  • C:\Windows\System32\WScript.exe
    "C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\one\Main.vbs"
    1⤵
      PID:1276
    • C:\Windows\system32\rundll32.exe
      "C:\Windows\system32\rundll32.exe" "C:\Windows\SYSTEM32\EDGEHTML.dll",#141 Microsoft.VCLibs.140.00_8wekyb3d8bbwe
      1⤵
        PID:1552
      • C:\Windows\System32\svchost.exe
        C:\Windows\System32\svchost.exe -k UnistackSvcGroup
        1⤵
        • Suspicious use of AdjustPrivilegeToken
        PID:4940

      Network

      MITRE ATT&CK Matrix

      Replay Monitor

      Loading Replay Monitor...

      Downloads

      • memory/4940-0-0x000001F9FCE40000-0x000001F9FCE50000-memory.dmp

        Filesize

        64KB

        Download

      • memory/4940-16-0x000001F9FCF40000-0x000001F9FCF50000-memory.dmp

        Filesize

        64KB

        Download

      • memory/4940-32-0x000001F9FD240000-0x000001F9FD241000-memory.dmp

        Filesize

        4KB

        Download

      • memory/4940-34-0x000001F9FD270000-0x000001F9FD271000-memory.dmp

        Filesize

        4KB

        Download

      • memory/4940-35-0x000001F9FD270000-0x000001F9FD271000-memory.dmp

        Filesize

        4KB

        Download

      • memory/4940-36-0x000001F9FD380000-0x000001F9FD381000-memory.dmp

        Filesize

        4KB

        Download