Overview

overview

7

Static

static

1

erik.wsf

windows7-x64

3

erik.wsf

windows10-2004-x64

7

Resubmissions

10-06-2024 11:36

240610-nqplsshg99 7

10-06-2024 11:35

240610-nqdjjahg87 7

Analysis

  • max time kernel
    150s
  • max time network
    150s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240426-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
  • submitted
    10-06-2024 11:35

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    erik.wsf

  • Size

    869B

  • MD5

    9e3ca5c5494b2f0188a8d7c0b7b9db37

  • SHA1

    af5979db6d478971ad6ad16a08d8f5330daeb2d3

  • SHA256

    a39031c9a2ee80545ff2f221d59b47ca8d9fd27e89681ae22c94f06795399a81

  • SHA512

    f59cb74e8df2a79f421584764fc3fd5e5b6fcac688a887f8e02c72c19a048539fb7900a07cf3d3c7a1811f16adbed29900ba08abbef7869dc39d931d0c06c2d2

Score
7/10

Malware Config

Signatures

  • Checks computer location settings 2 TTPs 1 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious use of WriteProcessMemory 2 IoCs

Processes

  • C:\Windows\System32\WScript.exe
    "C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\erik.wsf"
    1⤵
    • Checks computer location settings
    • Suspicious use of WriteProcessMemory
    PID:4500
    • C:\Windows\System32\cmd.exe
      "C:\Windows\System32\cmd.exe" /c
      2⤵
        PID:1612

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads