c2fd4a5dba7d04c838652279671ac7f7db223e32385cc38e4c410dcad8788a69

Analysis

max time kernel
149s
max time network
154s
platform
windows10-2004_x64
resource
win10v2004-20240412-en
resource tags

arch:x64arch:x86image:win10v2004-20240412-enlocale:en-usos:windows10-2004-x64system
submitted
24/04/2024, 18:12

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

file.vbs
Size

2KB
MD5

622bdb8317fac84e6facaf0e72afe7ab
SHA1

0eb7ea5376f0db5b3a1a79fff2397b27b86400ab
SHA256

c2fd4a5dba7d04c838652279671ac7f7db223e32385cc38e4c410dcad8788a69
SHA512

01ca6da5a8851eb91c7ba0462300dfc7e26dfc7353a0144a0f87726808cba2f7e5ce4e38dccc54483abb2dd1554d79b2eeef30122abd614cb58cc2accf34fcae

Score

7^/10

Malware Config

Signatures

Drops startup file 1 IoCs

description	ioc	Process
File created	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\startup.vbs	WScript.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Opens file in notepad (likely ransom note) 1 IoCs

ransomware

pid	Process
4416	NOTEPAD.EXE

C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\file.vbs"
1⤵
- Drops startup file
PID:4060

C:\Windows\system32\NOTEPAD.EXE
"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Desktop\fuck9.txt
1⤵
- Opens file in notepad (likely ransom note)
PID:4416

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\Desktop\fuck5.txt

Filesize
148B

MD5
6d5234ccf8642ec33e1d2fb599105fb2

SHA1
92a335a27ed628a56c2b6c57ae75fb06d21c8ecd

SHA256
5f651287534f1c68412c43b30ff686202dca21be5ac121d431d87a1f0015e6ee

SHA512
fd783bef3bf454a0f1dd65fe14f16a21bf3ab6ae75e2f45fd8860215ae520ee121046bb3e634934cd17595ccbc2eb85abd48d49853e50e3e748a5714d91199e3

Download Submit