Analysis
-
max time kernel
126s -
max time network
121s -
platform
windows10-2004_x64 -
resource
win10v2004-20240611-en -
resource tags
arch:x64arch:x86image:win10v2004-20240611-enlocale:en-usos:windows10-2004-x64system -
submitted
12/06/2024, 20:18
Static task
static1
Behavioral task
behavioral1
Sample
vXt561.vbs
Resource
win10v2004-20240611-en
General
-
Target
vXt561.vbs
-
Size
159B
-
MD5
b0f5e542e3e350df705079d776292abd
-
SHA1
851317dc6851cef830e82a718335eefc3088160a
-
SHA256
11ff5508e46f0544d7a046fd28ca8b645723f42455db4007cb6cc0f9c53ecf4f
-
SHA512
88ca930bb36b9582bb816109355645fe9b624a4eec6aedfed37144afa66cf50d9088b1b9e399ed887c012b993ecb840dacf5be8cb68d3138f68312693cd7d750
Malware Config
Signatures
-
Blocklisted process makes network request 1 IoCs
flow pid Process 2 3508 WScript.exe -
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName chrome.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer chrome.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS chrome.exe -
Modifies data under HKEY_USERS 2 IoCs
description ioc Process Set value (int) \REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133626972096423692" chrome.exe Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry chrome.exe -
Suspicious behavior: EnumeratesProcesses 2 IoCs
pid Process 1784 chrome.exe 1784 chrome.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs
pid Process 1784 chrome.exe 1784 chrome.exe 1784 chrome.exe 1784 chrome.exe 1784 chrome.exe 1784 chrome.exe -
Suspicious use of AdjustPrivilegeToken 64 IoCs
description pid Process Token: SeShutdownPrivilege 1784 chrome.exe Token: SeCreatePagefilePrivilege 1784 chrome.exe Token: SeShutdownPrivilege 1784 chrome.exe Token: SeCreatePagefilePrivilege 1784 chrome.exe Token: SeShutdownPrivilege 1784 chrome.exe Token: SeCreatePagefilePrivilege 1784 chrome.exe Token: SeShutdownPrivilege 1784 chrome.exe Token: SeCreatePagefilePrivilege 1784 chrome.exe Token: SeShutdownPrivilege 1784 chrome.exe Token: SeCreatePagefilePrivilege 1784 chrome.exe Token: SeShutdownPrivilege 1784 chrome.exe Token: SeCreatePagefilePrivilege 1784 chrome.exe Token: SeShutdownPrivilege 1784 chrome.exe Token: SeCreatePagefilePrivilege 1784 chrome.exe Token: SeShutdownPrivilege 1784 chrome.exe Token: SeCreatePagefilePrivilege 1784 chrome.exe Token: SeShutdownPrivilege 1784 chrome.exe Token: SeCreatePagefilePrivilege 1784 chrome.exe Token: SeShutdownPrivilege 1784 chrome.exe Token: SeCreatePagefilePrivilege 1784 chrome.exe Token: SeShutdownPrivilege 1784 chrome.exe Token: SeCreatePagefilePrivilege 1784 chrome.exe Token: SeShutdownPrivilege 1784 chrome.exe Token: SeCreatePagefilePrivilege 1784 chrome.exe Token: SeShutdownPrivilege 1784 chrome.exe Token: SeCreatePagefilePrivilege 1784 chrome.exe Token: SeShutdownPrivilege 1784 chrome.exe Token: SeCreatePagefilePrivilege 1784 chrome.exe Token: SeShutdownPrivilege 1784 chrome.exe Token: SeCreatePagefilePrivilege 1784 chrome.exe Token: SeShutdownPrivilege 1784 chrome.exe Token: SeCreatePagefilePrivilege 1784 chrome.exe Token: SeShutdownPrivilege 1784 chrome.exe Token: SeCreatePagefilePrivilege 1784 chrome.exe Token: SeShutdownPrivilege 1784 chrome.exe Token: SeCreatePagefilePrivilege 1784 chrome.exe Token: SeShutdownPrivilege 1784 chrome.exe Token: SeCreatePagefilePrivilege 1784 chrome.exe Token: SeShutdownPrivilege 1784 chrome.exe Token: SeCreatePagefilePrivilege 1784 chrome.exe Token: SeShutdownPrivilege 1784 chrome.exe Token: SeCreatePagefilePrivilege 1784 chrome.exe Token: SeShutdownPrivilege 1784 chrome.exe Token: SeCreatePagefilePrivilege 1784 chrome.exe Token: SeShutdownPrivilege 1784 chrome.exe Token: SeCreatePagefilePrivilege 1784 chrome.exe Token: SeShutdownPrivilege 1784 chrome.exe Token: SeCreatePagefilePrivilege 1784 chrome.exe Token: SeShutdownPrivilege 1784 chrome.exe Token: SeCreatePagefilePrivilege 1784 chrome.exe Token: SeShutdownPrivilege 1784 chrome.exe Token: SeCreatePagefilePrivilege 1784 chrome.exe Token: SeShutdownPrivilege 1784 chrome.exe Token: SeCreatePagefilePrivilege 1784 chrome.exe Token: SeShutdownPrivilege 1784 chrome.exe Token: SeCreatePagefilePrivilege 1784 chrome.exe Token: SeShutdownPrivilege 1784 chrome.exe Token: SeCreatePagefilePrivilege 1784 chrome.exe Token: SeShutdownPrivilege 1784 chrome.exe Token: SeCreatePagefilePrivilege 1784 chrome.exe Token: SeShutdownPrivilege 1784 chrome.exe Token: SeCreatePagefilePrivilege 1784 chrome.exe Token: SeShutdownPrivilege 1784 chrome.exe Token: SeCreatePagefilePrivilege 1784 chrome.exe -
Suspicious use of FindShellTrayWindow 26 IoCs
pid Process 1784 chrome.exe 1784 chrome.exe 1784 chrome.exe 1784 chrome.exe 1784 chrome.exe 1784 chrome.exe 1784 chrome.exe 1784 chrome.exe 1784 chrome.exe 1784 chrome.exe 1784 chrome.exe 1784 chrome.exe 1784 chrome.exe 1784 chrome.exe 1784 chrome.exe 1784 chrome.exe 1784 chrome.exe 1784 chrome.exe 1784 chrome.exe 1784 chrome.exe 1784 chrome.exe 1784 chrome.exe 1784 chrome.exe 1784 chrome.exe 1784 chrome.exe 1784 chrome.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 1784 chrome.exe 1784 chrome.exe 1784 chrome.exe 1784 chrome.exe 1784 chrome.exe 1784 chrome.exe 1784 chrome.exe 1784 chrome.exe 1784 chrome.exe 1784 chrome.exe 1784 chrome.exe 1784 chrome.exe 1784 chrome.exe 1784 chrome.exe 1784 chrome.exe 1784 chrome.exe 1784 chrome.exe 1784 chrome.exe 1784 chrome.exe 1784 chrome.exe 1784 chrome.exe 1784 chrome.exe 1784 chrome.exe 1784 chrome.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 1784 wrote to memory of 3024 1784 chrome.exe 90 PID 1784 wrote to memory of 3024 1784 chrome.exe 90 PID 1784 wrote to memory of 3296 1784 chrome.exe 91 PID 1784 wrote to memory of 3296 1784 chrome.exe 91 PID 1784 wrote to memory of 3296 1784 chrome.exe 91 PID 1784 wrote to memory of 3296 1784 chrome.exe 91 PID 1784 wrote to memory of 3296 1784 chrome.exe 91 PID 1784 wrote to memory of 3296 1784 chrome.exe 91 PID 1784 wrote to memory of 3296 1784 chrome.exe 91 PID 1784 wrote to memory of 3296 1784 chrome.exe 91 PID 1784 wrote to memory of 3296 1784 chrome.exe 91 PID 1784 wrote to memory of 3296 1784 chrome.exe 91 PID 1784 wrote to memory of 3296 1784 chrome.exe 91 PID 1784 wrote to memory of 3296 1784 chrome.exe 91 PID 1784 wrote to memory of 3296 1784 chrome.exe 91 PID 1784 wrote to memory of 3296 1784 chrome.exe 91 PID 1784 wrote to memory of 3296 1784 chrome.exe 91 PID 1784 wrote to memory of 3296 1784 chrome.exe 91 PID 1784 wrote to memory of 3296 1784 chrome.exe 91 PID 1784 wrote to memory of 3296 1784 chrome.exe 91 PID 1784 wrote to memory of 3296 1784 chrome.exe 91 PID 1784 wrote to memory of 3296 1784 chrome.exe 91 PID 1784 wrote to memory of 3296 1784 chrome.exe 91 PID 1784 wrote to memory of 3296 1784 chrome.exe 91 PID 1784 wrote to memory of 3296 1784 chrome.exe 91 PID 1784 wrote to memory of 3296 1784 chrome.exe 91 PID 1784 wrote to memory of 3296 1784 chrome.exe 91 PID 1784 wrote to memory of 3296 1784 chrome.exe 91 PID 1784 wrote to memory of 3296 1784 chrome.exe 91 PID 1784 wrote to memory of 3296 1784 chrome.exe 91 PID 1784 wrote to memory of 3296 1784 chrome.exe 91 PID 1784 wrote to memory of 3296 1784 chrome.exe 91 PID 1784 wrote to memory of 3296 1784 chrome.exe 91 PID 1784 wrote to memory of 1712 1784 chrome.exe 92 PID 1784 wrote to memory of 1712 1784 chrome.exe 92 PID 1784 wrote to memory of 320 1784 chrome.exe 93 PID 1784 wrote to memory of 320 1784 chrome.exe 93 PID 1784 wrote to memory of 320 1784 chrome.exe 93 PID 1784 wrote to memory of 320 1784 chrome.exe 93 PID 1784 wrote to memory of 320 1784 chrome.exe 93 PID 1784 wrote to memory of 320 1784 chrome.exe 93 PID 1784 wrote to memory of 320 1784 chrome.exe 93 PID 1784 wrote to memory of 320 1784 chrome.exe 93 PID 1784 wrote to memory of 320 1784 chrome.exe 93 PID 1784 wrote to memory of 320 1784 chrome.exe 93 PID 1784 wrote to memory of 320 1784 chrome.exe 93 PID 1784 wrote to memory of 320 1784 chrome.exe 93 PID 1784 wrote to memory of 320 1784 chrome.exe 93 PID 1784 wrote to memory of 320 1784 chrome.exe 93 PID 1784 wrote to memory of 320 1784 chrome.exe 93 PID 1784 wrote to memory of 320 1784 chrome.exe 93 PID 1784 wrote to memory of 320 1784 chrome.exe 93 PID 1784 wrote to memory of 320 1784 chrome.exe 93 PID 1784 wrote to memory of 320 1784 chrome.exe 93 PID 1784 wrote to memory of 320 1784 chrome.exe 93 PID 1784 wrote to memory of 320 1784 chrome.exe 93 PID 1784 wrote to memory of 320 1784 chrome.exe 93 PID 1784 wrote to memory of 320 1784 chrome.exe 93 PID 1784 wrote to memory of 320 1784 chrome.exe 93 PID 1784 wrote to memory of 320 1784 chrome.exe 93 PID 1784 wrote to memory of 320 1784 chrome.exe 93 PID 1784 wrote to memory of 320 1784 chrome.exe 93 PID 1784 wrote to memory of 320 1784 chrome.exe 93 PID 1784 wrote to memory of 320 1784 chrome.exe 93
Processes
-
C:\Windows\System32\WScript.exe"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\vXt561.vbs"1⤵
- Blocklisted process makes network request
PID:3508
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe"1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1784 -
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0x11c,0x120,0x124,0xd0,0x128,0x7fff2cf4ab58,0x7fff2cf4ab68,0x7fff2cf4ab782⤵PID:3024
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1692 --field-trial-handle=1888,i,18112285234454289301,17282689199125183104,131072 /prefetch:22⤵PID:3296
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2152 --field-trial-handle=1888,i,18112285234454289301,17282689199125183104,131072 /prefetch:82⤵PID:1712
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2256 --field-trial-handle=1888,i,18112285234454289301,17282689199125183104,131072 /prefetch:82⤵PID:320
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3104 --field-trial-handle=1888,i,18112285234454289301,17282689199125183104,131072 /prefetch:12⤵PID:4772
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3132 --field-trial-handle=1888,i,18112285234454289301,17282689199125183104,131072 /prefetch:12⤵PID:3216
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4372 --field-trial-handle=1888,i,18112285234454289301,17282689199125183104,131072 /prefetch:12⤵PID:5116
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4304 --field-trial-handle=1888,i,18112285234454289301,17282689199125183104,131072 /prefetch:82⤵PID:2560
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4664 --field-trial-handle=1888,i,18112285234454289301,17282689199125183104,131072 /prefetch:82⤵PID:2512
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4692 --field-trial-handle=1888,i,18112285234454289301,17282689199125183104,131072 /prefetch:82⤵PID:3256
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4836 --field-trial-handle=1888,i,18112285234454289301,17282689199125183104,131072 /prefetch:82⤵PID:3004
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5028 --field-trial-handle=1888,i,18112285234454289301,17282689199125183104,131072 /prefetch:82⤵PID:3180
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=4676 --field-trial-handle=1888,i,18112285234454289301,17282689199125183104,131072 /prefetch:12⤵PID:5016
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=4504 --field-trial-handle=1888,i,18112285234454289301,17282689199125183104,131072 /prefetch:12⤵PID:5080
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=4388 --field-trial-handle=1888,i,18112285234454289301,17282689199125183104,131072 /prefetch:12⤵PID:3080
-
-
C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"1⤵PID:656
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
2B
MD5d751713988987e9331980363e24189ce
SHA197d170e1550eee4afc0af065b78cda302a97674c
SHA2564f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
SHA512b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af
-
Filesize
356B
MD5fbf1841e5e8309e8f1e536a026a02505
SHA10d8df58a9fb89c319e47f9b3d0d3cfce2c975924
SHA256b94dcd8f36d8dea5d809f60b406d35a96868b7a18b9ce1756784003635881290
SHA512613a8b69044c06ecac57b1d479532f15f2dee39ca28e3b22c70d8a29828588e88a35c7810fcdc38d953ed980f512333a9b83436838c7647fc90139325f47474a
-
Filesize
6KB
MD58e81c9c6e2e10b31b8e35097c26e07cc
SHA1d3a762a1bc1ff2edf2a7b47a0526d3477241dee6
SHA2565864fa96cf5438d4bf0aa0ac0fa0924b0aed37f051af89b211b5d9dab2a5abc4
SHA512da02c36865545e333ebcf829f9933d409a734ee6a0ca4b45a1177fccfa89fd37480bfd6c929d879fdca93756bed776a40f52ff3e2921d00268a06a050f131f0b
-
Filesize
16KB
MD53a50d55c5dadf0b7af7b98299bed95bb
SHA17d0a480d4c1440cacffc1bd6922a5f7bf5292fe2
SHA256327895a5b69eae35c825befa37bf0baaef1d4a5fe09914a94767a9fca3ef8f50
SHA512c614d5cdf5bba4c13e77e6dcf150471cc26121391966efbdfc8c09df009b875a6252769fb2dcf3ed10888a236f01f6c3adf443111463a1a6f6215bf26d4ef1e0
-
Filesize
274KB
MD55c13e1bc4fc8fa0c44ebf0e52cfd6269
SHA1de370f32baf3d83f8d23f4aa7e3867fcf09f50c7
SHA256100b498f61f3a677beff8d06347aac2a3b177deb58baa6cc4a9f19719693eeec
SHA5121af33ee3a23714c774fba9685ce8ac2364914cc1bd147e526569bb4f6930df939f7bb10d0323fca852cc65dc56e286f84515130c48fbc2874e34c6ba06c92791