Overview

overview

7

Static

static

1

c208bd9125...29.vbs

windows7-x64

3

c208bd9125...29.vbs

windows10-2004-x64

7

Analysis

  • max time kernel
    149s
  • max time network
    152s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240226-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
  • submitted
    12-03-2024 00:48

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    c208bd9125b122e748d5e7fb96394d29.vbs

  • Size

    697B

  • MD5

    c208bd9125b122e748d5e7fb96394d29

  • SHA1

    fb0e01a7d20287fa2b7968ab9291ddbecde31327

  • SHA256

    9d07b462e2367862c766c9b24645a2f7940e3d1fd76784b296bf91c872acf2a4

  • SHA512

    b5526201d7d580ae28b4ab07f8af1e122dd89da7998804888ced271fd54936069367ca29afbc8bbf28c139888d4397939ceea742ff04eef78df69775b00e0802

Score
7/10

Malware Config

Signatures

  • Checks computer location settings 2 TTPs 1 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious use of WriteProcessMemory 2 IoCs

Processes

  • C:\Windows\System32\WScript.exe
    "C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\c208bd9125b122e748d5e7fb96394d29.vbs"
    1⤵
    • Checks computer location settings
    • Suspicious use of WriteProcessMemory
    PID:3668
    • C:\Windows\System32\cmd.exe
      "C:\Windows\System32\cmd.exe" /c set date=%date% &&date 1985-1-1 &&ping -n 10 127.0.0.1&&date %date%
      2⤵
        PID:3064

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads