65696cf5e3699270adbc1527cac52fa86b5bee0e723b2d9d58e709138edbe30e

Analysis

max time kernel
149s
max time network
153s
platform
windows10-2004_x64
resource
win10v2004-20240412-en
resource tags

arch:x64arch:x86image:win10v2004-20240412-enlocale:en-usos:windows10-2004-x64system
submitted
24-04-2024 18:14

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

script.vbs
Size

2KB
MD5

c0a9800ff183b11bda9465fd11e2c4b7
SHA1

c53c6cfa295aa66e658bc6d782b3a854c44e8323
SHA256

65696cf5e3699270adbc1527cac52fa86b5bee0e723b2d9d58e709138edbe30e
SHA512

de910d3cb20c68b9b67b7830d5be1f7b1c869ffa1f4d7d457b4ba37e3967ca9302285fb26fb04c4b151ff168e6054c169cffaf94e158f65f1505c878db03dc33

Score

7^/10

Malware Config

Signatures

Drops startup file 1 IoCs

description	ioc	Process
File created	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\startup.vbs	WScript.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\script.vbs"
1⤵
- Drops startup file
PID:3664

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\Desktop\HAHAHA5.txt

Filesize
42B

MD5
e8707e31d8cf81374a07cb902defe587

SHA1
5df6eb3058c5d6686f8b73875d33dd147bf23b75

SHA256
5d98322bd62b61fd527598c3dbd745f3f00328a79e9f870307f63ed9ec207bac

SHA512
dba34e1e47b533d46e8f9d0fcc29a32682e60fc8c10786109ef7d47d93e0ef40f64065f3d8898ece672fbdbab3d182e3f2e1fdab9473c7617ecd01fa4f95c1e2

Download Submit