Analysis

  • max time kernel
    122s
  • max time network
    122s
  • platform
    windows7_x64
  • resource
    win7-20240508-en
  • resource tags

    arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
  • submitted
    28-06-2024 01:53

General

  • Target

    LOEVIQHNNBLMJQGX.vbs

  • Size

    820B

  • MD5

    3b02a48a86c436a42cece067efd1616d

  • SHA1

    7963c51e6de1389ea22c2fdff4f6ad436556e891

  • SHA256

    adc0a2c378fc9c87efbb3863c49fa0ac2a25e32a69e320105b79878d1bbcfca6

  • SHA512

    cf0d9bc3e908e7a3153529e1e975d98806e632f3e5ce708e1c15f64749214d7ac4a02496af99a3a3af382c4ebb89ac31b3d03787303678c3b6b37158816e3523

Score
3/10

Malware Config

Signatures

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Runs net.exe
  • Suspicious use of WriteProcessMemory 6 IoCs

Processes

  • C:\Windows\System32\WScript.exe
    "C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\LOEVIQHNNBLMJQGX.vbs"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1936
    • C:\Windows\System32\net.exe
      "C:\Windows\System32\net.exe" session
      2⤵
      • Suspicious use of WriteProcessMemory
      PID:1944
      • C:\Windows\system32\net1.exe
        C:\Windows\system32\net1 session
        3⤵
          PID:2016

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads