Analysis
-
max time kernel
118s -
max time network
119s -
platform
windows7_x64 -
resource
win7-20240508-en -
resource tags
-
submitted
26-05-2024 20:16
General
-
Target
code.vbs
-
Size
642B
-
MD5
d56b8338d67b5b32af99fabcff84743c
-
SHA1
5d91d677bfcc592342b533eb120fab513f3b4136
-
SHA256
d4e22efe33f6e7efe8949460d43be2ee850930ac5818c0071ab8cd909cb4523d
-
SHA512
dfcb09b81d7a62972a8bfeca78e611efc7c922ddab32c971fed5f6e05b822139ef6d322183ca0852a5fbf875e575c1792a4c5f4d5521d2086ace988a067e0d79
Score
3/10
Malware Config
Signatures
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Kills process with taskkill 1 IoCs
-
Suspicious use of AdjustPrivilegeToken 1 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Windows\System32\WScript.exe"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\code.vbs"1⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\System32\cmd.execmd /c ""C:\Users\Admin\AppData\Roaming\what.bat" "2⤵
-
-
C:\Windows\System32\cmd.execmd /c ""C:\Users\Admin\AppData\Roaming\what.bat" "2⤵
-
-
C:\Windows\System32\cmd.execmd /c ""C:\Users\Admin\AppData\Roaming\what.bat" "2⤵
-
-
C:\Windows\System32\cmd.execmd /c ""C:\Users\Admin\AppData\Roaming\what.bat" "2⤵
-
-
C:\Windows\System32\cmd.execmd /c ""C:\Users\Admin\AppData\Roaming\what.bat" "2⤵
-
-
C:\Windows\System32\cmd.execmd /c ""C:\Users\Admin\AppData\Roaming\what.bat" "2⤵
-
-
C:\Windows\System32\cmd.execmd /c ""C:\Users\Admin\AppData\Roaming\what.bat" "2⤵
-
-
C:\Windows\System32\cmd.execmd /c ""C:\Users\Admin\AppData\Roaming\what.bat" "2⤵
-
-
C:\Windows\System32\cmd.execmd /c ""C:\Users\Admin\AppData\Roaming\what.bat" "2⤵
-
-
C:\Windows\System32\cmd.execmd /c ""C:\Users\Admin\AppData\Roaming\what.bat" "2⤵
-
-
C:\Windows\System32\cmd.execmd /c ""C:\Users\Admin\AppData\Roaming\what.bat" "2⤵
-
-
C:\Windows\System32\cmd.execmd /c ""C:\Users\Admin\AppData\Roaming\what.bat" "2⤵
-
-
C:\Windows\System32\cmd.execmd /c ""C:\Users\Admin\AppData\Roaming\what.bat" "2⤵
-
-
C:\Windows\System32\cmd.execmd /c ""C:\Users\Admin\AppData\Roaming\what.bat" "2⤵
-
-
C:\Windows\System32\cmd.execmd /c ""C:\Users\Admin\AppData\Roaming\what.bat" "2⤵
-
-
C:\Windows\System32\cmd.execmd /c ""C:\Users\Admin\AppData\Roaming\what.bat" "2⤵
-
-
C:\Windows\System32\cmd.execmd /c ""C:\Users\Admin\AppData\Roaming\what.bat" "2⤵
-
-
C:\Windows\System32\cmd.execmd /c ""C:\Users\Admin\AppData\Roaming\what.bat" "2⤵
-
-
C:\Windows\System32\cmd.execmd /c ""C:\Users\Admin\AppData\Roaming\what.bat" "2⤵
-
-
C:\Windows\System32\cmd.execmd /c ""C:\Users\Admin\AppData\Roaming\what.bat" "2⤵
-
-
C:\Windows\System32\cmd.execmd /c ""C:\Users\Admin\AppData\Roaming\what.bat" "2⤵
-
-
C:\Windows\System32\cmd.execmd /c ""C:\Users\Admin\AppData\Roaming\what.bat" "2⤵
-
-
C:\Windows\System32\cmd.execmd /c ""C:\Users\Admin\AppData\Roaming\what.bat" "2⤵
-
-
C:\Windows\System32\cmd.execmd /c ""C:\Users\Admin\AppData\Roaming\what.bat" "2⤵
-
-
C:\Windows\System32\cmd.execmd /c ""C:\Users\Admin\AppData\Roaming\what.bat" "2⤵
-
-
C:\Windows\System32\cmd.execmd /c ""C:\Users\Admin\AppData\Roaming\what.bat" "2⤵
-
-
C:\Windows\System32\cmd.execmd /c ""C:\Users\Admin\AppData\Roaming\what.bat" "2⤵
-
-
C:\Windows\System32\cmd.execmd /c ""C:\Users\Admin\AppData\Roaming\what.bat" "2⤵
-
-
C:\Windows\System32\cmd.execmd /c ""C:\Users\Admin\AppData\Roaming\what.bat" "2⤵
-
-
C:\Windows\System32\cmd.execmd /c ""C:\Users\Admin\AppData\Roaming\what.bat" "2⤵
-
-
C:\Windows\System32\taskkill.exe"C:\Windows\System32\taskkill.exe" /f /im cmd.exe2⤵
- Kills process with taskkill
- Suspicious use of AdjustPrivilegeToken
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
138B
MD522daf7675069fd1357b39383b8644f8f
SHA16a7b3097021897cd55b48d16ea8e548e085a4f31
SHA2561b357376ed2cdf28d86f7f9a56b509f02f5d1efa43df0028d04873901228e773
SHA5127f1152a982419baf844b33d78538cb37223bb7e357fbc2e2501214d977a3c9388dbc194c899610d4f0d1dbe48b38a0e1a0c95156439457d8c04a637f7fd092be