Overview

overview

10

Static

static

1

BYBBLJDYNKYQRCIW.ps1

windows7-x64

3

BYBBLJDYNKYQRCIW.ps1

windows10-2004-x64

10

LOEVIQHNNBLMJQGX.vbs

windows7-x64

3

LOEVIQHNNBLMJQGX.vbs

windows10-2004-x64

7

NOXOIMAYDCJQRTDL.bat

windows7-x64

8

NOXOIMAYDCJQRTDL.bat

windows10-2004-x64

8

PLYEDPJAJZDJPATK.vbs

windows7-x64

3

PLYEDPJAJZDJPATK.vbs

windows10-2004-x64

7

XKAHEZZHLYETQDGK.bat

windows7-x64

8

XKAHEZZHLYETQDGK.bat

windows10-2004-x64

8

YEJVMCIJLIUXHSQV.ps1

windows7-x64

3

YEJVMCIJLIUXHSQV.ps1

windows10-2004-x64

3

Analysis

  • max time kernel
    147s
  • max time network
    149s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240508-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
  • submitted
    28/06/2024, 01:53

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    PLYEDPJAJZDJPATK.vbs

  • Size

    887B

  • MD5

    993627e0d502460f2b211b906e7f5cb7

  • SHA1

    59d6ae8236d27c8f2f2b5abdc51ea77680e4455a

  • SHA256

    735461ba3154b4804533018cf78b53bcf1fceff7688b3c3c64952ff0f6f04125

  • SHA512

    fc85dfa5b1e34899f1ca98f4ca91b04fc3b29c819ded63df5fc382f63566d723bc3f93e2d4314d8ee3d7e6ba71b3aa05d02eac6248fc118d667358fa5fd67db1

Score
7/10

Malware Config

Signatures

  • Checks computer location settings 2 TTPs 1 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Runs net.exe
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Windows\System32\WScript.exe
    "C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\PLYEDPJAJZDJPATK.vbs"
    1⤵
    • Checks computer location settings
    • Suspicious use of WriteProcessMemory
    PID:4340
    • C:\Windows\System32\net.exe
      "C:\Windows\System32\net.exe" session
      2⤵
      • Suspicious use of WriteProcessMemory
      PID:652
      • C:\Windows\system32\net1.exe
        C:\Windows\system32\net1 session
        3⤵
          PID:2552

    Network

          MITRE ATT&CK Enterprise v15

          Replay Monitor

          Loading Replay Monitor...

          Downloads