a02a412d2473436299327d9fa657e74de2a045d6acfa0bc65f8039e0b59a789a

Analysis

max time kernel
119s
max time network
120s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
02-02-2024 22:12

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

a02a412d2473436299327d9fa657e74de2a045d6acfa0bc65f8039e0b59a789a.vbs
Size

13KB
MD5

ac40043dfff45adbef127e83f42e4a51
SHA1

ae383d034a85930489e4d5d912adcd24c15930b4
SHA256

a02a412d2473436299327d9fa657e74de2a045d6acfa0bc65f8039e0b59a789a
SHA512

83b5537fe5576852731267225f16c57a338ff34229a94ba9c4428ec0d901bc8a97c72d9485c4b2978b9afbe42515b5361252ddd7692246c7a5a3a6cabba784f3
SSDEEP

384:2QUlrh8oPP5I+5JugMRs9Fpg5UfXXHbNADlpqTiFX:2QobPa4+Rspu6nHbNAhUiFX

Score

3^/10

Malware Config

Signatures

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2236 wrote to memory of 2528	2236	WScript.exe	28
PID 2236 wrote to memory of 2528	2236	WScript.exe	28
PID 2236 wrote to memory of 2528	2236	WScript.exe	28

C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\a02a412d2473436299327d9fa657e74de2a045d6acfa0bc65f8039e0b59a789a.vbs"
1⤵
- Suspicious use of WriteProcessMemory
PID:2236
- C:\Windows\system32\cmd.exe
  "C:\Windows\system32\cmd.exe" /c debug < C:\Windows\temp\ISDEL901.tmp
  2⤵
  PID:2528

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\temp\ISDEL901.tmp

Filesize
12KB

MD5
ee708082309d09bad35bc5a3df557b0f

SHA1
701fe538d612783bce834ef926ccb1c4367e231d

SHA256
55fbc10bbbd2fff0963ca151bd15cee961c9363d45010d4c99a584a2616621a6

SHA512
ac22872308e05b2690440e14d0c8f411b8f1dca4ac4706d7791e2bbc7bde747a995c6cd0c365bdae3b0375ab515e6ab68cdcfcb3c17d407697aee5cf2580d533

Download Submit