Overview

overview

10

Static

static

10

ed03f8136c...18.exe

windows7-x64

7

ed03f8136c...18.exe

windows10-2004-x64

7

$PLUGINSDI...ad.dll

windows7-x64

3

$PLUGINSDI...ad.dll

windows10-2004-x64

3

$PLUGINSDI...ll.dll

windows7-x64

3

$PLUGINSDI...ll.dll

windows10-2004-x64

3

$PLUGINSDI...nu.dll

windows7-x64

3

$PLUGINSDI...nu.dll

windows10-2004-x64

3

$PLUGINSDI...em.dll

windows7-x64

3

$PLUGINSDI...em.dll

windows10-2004-x64

3

$PLUGINSDI...gs.dll

windows7-x64

3

$PLUGINSDI...gs.dll

windows10-2004-x64

3

$PLUGINSDI...ec.dll

windows7-x64

3

$PLUGINSDI...ec.dll

windows10-2004-x64

3

$PLUGINSDI...om.dll

windows7-x64

7

$PLUGINSDI...om.dll

windows10-2004-x64

7

$PLUGINSDI...ry.dll

windows7-x64

3

$PLUGINSDI...ry.dll

windows10-2004-x64

3

$TEMP/v.vbs

windows7-x64

3

$TEMP/v.vbs

windows10-2004-x64

3

$TEMP/xcmd.exe

windows7-x64

9

$TEMP/xcmd.exe

windows10-2004-x64

9

$_48_/$APP...md.exe

windows7-x64

9

$_48_/$APP...md.exe

windows10-2004-x64

9

$_48_/1.html

windows7-x64

6

$_48_/1.html

windows10-2004-x64

1

$_48_/3.bat

windows7-x64

1

$_48_/3.bat

windows10-2004-x64

1

$_48_/3.vbs

windows7-x64

4

$_48_/3.vbs

windows10-2004-x64

7

$_48_/qq.vbs

windows7-x64

3

$_48_/qq.vbs

windows10-2004-x64

7

Analysis

  • max time kernel
    119s
  • max time network
    122s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    11-04-2024 08:42

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    $_48_/qq.vbs

  • Size

    1KB

  • MD5

    fb8a0c0af287b4b015369b5e756d2bb2

  • SHA1

    6d2f48d51f5b01e4d5e852b1652c79098fb92a7a

  • SHA256

    9ad1f7f062cb13e077fffd5a0642a46feffb17ad89415cc6365f9a012ded5fc4

  • SHA512

    35b59fb0c8b5a70ec32cb69e561e0559644f2a3d19caa28387891fcd6be6ec35781a760ab3f84cc4c9fef2b61cbcb57692e67971c18c8fdfca18fe169502651a

Score
3/10

Malware Config

Signatures

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious use of WriteProcessMemory 12 IoCs
  • Views/modifies file attributes 1 TTPs 1 IoCs
    evasion

Processes

  • C:\Windows\System32\WScript.exe
    "C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\$_48_\qq.vbs"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2220
    • C:\Windows\System32\attrib.exe
      "C:\Windows\System32\attrib.exe" "C:\Program Files\NetMeeting\ie.html" +R
      2⤵
      • Views/modifies file attributes
      PID:1740
    • C:\Windows\System32\cmd.exe
      "C:\Windows\System32\cmd.exe" /c echo Y| cacls "C:\Program Files\NetMeeting\ie.html" /P Everyone:R
      2⤵
      • Suspicious use of WriteProcessMemory
      PID:2932
      • C:\Windows\system32\cmd.exe
        C:\Windows\system32\cmd.exe /S /D /c" echo Y"
        3⤵
          PID:2856
        • C:\Windows\system32\cacls.exe
          cacls "C:\Program Files\NetMeeting\ie.html" /P Everyone:R
          3⤵
            PID:2852

      Network

      MITRE ATT&CK Enterprise v15

      Replay Monitor

      Loading Replay Monitor...

      Downloads