Overview

overview

7

Static

static

1

code.vbs

windows7-x64

code.vbs

windows10-2004-x64

7

Analysis

  • max time kernel
    112s
  • max time network
    113s
  • platform
    windows7_x64
  • resource
    win7-20231129-en
  • resource tags

    arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
  • submitted
    28-06-2024 09:44

Sharing

Copy URL
Twitter E-mail

Errors

Reason
Machine shutdown
Report Analysis Logs

General

  • Target

    code.vbs

  • Size

    1KB

  • MD5

    c8db0910ef325367970ff1c2b5130701

  • SHA1

    2b0ca564f0103ad0b6bfb52d2c9a1a8965171fc3

  • SHA256

    0d0bafc8f1c3a563f60ad72972b9e2c01fd40286920a1be6dce381999d9db9a7

  • SHA512

    7777856eb1e83c6f1ef3f72e6e9707502aef013cca449ed6e831999ed6cafe31adf6f8e59012ed097867275dff49b619f81baf0dfd7365e5952b873db2642c1f

Score
7/10

Malware Config

Signatures

  • Drops startup file 1 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Opens file in notepad (likely ransom note) 1 IoCs
    ransomware
  • Suspicious use of AdjustPrivilegeToken 2 IoCs
  • Suspicious use of WriteProcessMemory 9 IoCs

Processes

  • C:\Windows\System32\WScript.exe
    "C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\code.vbs"
    1⤵
    • Drops startup file
    • Suspicious use of WriteProcessMemory
    PID:1600
    • C:\Windows\system32\NOTEPAD.EXE
      "C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Desktop\NOTEHERE.txt
      2⤵
      • Opens file in notepad (likely ransom note)
      PID:2840
    • C:\Windows\explorer.exe
      "C:\Windows\explorer.exe"
      2⤵
        PID:2672
      • C:\Windows\System32\shutdown.exe
        "C:\Windows\System32\shutdown.exe" /r /t 0
        2⤵
        • Suspicious use of AdjustPrivilegeToken
        PID:1928
    • C:\Windows\system32\LogonUI.exe
      "LogonUI.exe" /flags:0x0
      1⤵
        PID:2328
      • C:\Windows\system32\LogonUI.exe
        "LogonUI.exe" /flags:0x1
        1⤵
          PID:3032

        Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Users\Admin\Desktop\NOTEHERE.txt
          Filesize

          44B

          MD5

          9e7cd7c706e24d89a098713bda2ff52b

          SHA1

          ae5129be07fa9677b3e4c061cd9b1f13bc845920

          SHA256

          b6f67920cfcefee9c4d113cc74e3d111a48fbe2f8643fbe42f67a16c077a3be8

          SHA512

          588a23bc60e8dc0cdc4e07ac4cd5c1932b079b548a8e2561a3ab778423234cb4ec310c5a3cd11742e78837d653d51effaad89ea473cd3bccfbc7384e43cd23ae

          Download Submit

        • C:\Users\Admin\Desktop\desktop.enc
          Filesize

          51B

          MD5

          485e50795d7a48d060b4f5a17a467278

          SHA1

          c38adc10ce5699e212cffb4f719d9c489073ec1a

          SHA256

          a74f37ca88daf16d63ae8e06a15fc4b7433a2e388e418290c6dbdc121c7ba91c

          SHA512

          e6bc3ce356e77aac3872e5dc501db6ae255019e0a70f8bf6cb557983b3e5d2f37d1ced3facdf7839802f6f765cdb0b22c969139b5d4df22503053a7fe3f0ced3

          Download Submit