Analysis

  • max time kernel
    146s
  • max time network
    160s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240226-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
  • submitted
    02-03-2024 23:24

General

  • Target

    MicrosoftWindowsServicesEtc/DgzRun.vbs

  • Size

    341B

  • MD5

    a91417f7c55510155771f1f644dd6c7e

  • SHA1

    41bdb69c5baca73f49231d5b5f77975b79e55bdf

  • SHA256

    729f7540887cf32a5d4e1968a284c46cf904752821c734bd970ecd30a848477a

  • SHA512

    f786699c1ab9d7c74dd9eb9d76a76728980b29e84999a166a47b7ee102d8e545901ed0fcb30331712490a36de2d726115b661ad3900cdc2bfcfc601d00b76b07

Score
7/10

Malware Config

Signatures

  • Checks computer location settings 2 TTPs 1 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious use of WriteProcessMemory 2 IoCs

Processes

  • C:\Windows\System32\WScript.exe
    "C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\MicrosoftWindowsServicesEtc\DgzRun.vbs"
    1⤵
    • Checks computer location settings
    • Suspicious use of WriteProcessMemory
    PID:1988
    • C:\Windows\System32\wscript.exe
      "C:\Windows\System32\wscript.exe" "C:\Program Files\MicrosoftWindowsServicesEtc\healgen.vbs" RunAsAdministrator
      2⤵
        PID:4284

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads