Overview

overview

8

Static

static

3

parsec-windows.exe

windows7-x64

8

parsec-windows.exe

windows10-2004-x64

3

$PLUGINSDI...ID.dll

windows7-x64

3

$PLUGINSDI...ID.dll

windows10-2004-x64

3

$PLUGINSDI...em.dll

windows7-x64

3

$PLUGINSDI...em.dll

windows10-2004-x64

3

$PLUGINSDI...gs.dll

windows7-x64

3

$PLUGINSDI...gs.dll

windows10-2004-x64

3

$PLUGINSDI...ec.dll

windows7-x64

3

$PLUGINSDI...ec.dll

windows10-2004-x64

3

parsecd.exe

windows7-x64

1

parsecd.exe

windows10-2004-x64

1

pservice.exe

windows7-x64

1

pservice.exe

windows10-2004-x64

1

skel/parse...3b.dll

windows7-x64

1

skel/parse...3b.dll

windows10-2004-x64

1

teams.exe

windows7-x64

1

teams.exe

windows10-2004-x64

1

vusb/parsec-vud.exe

windows7-x64

3

vusb/parsec-vud.exe

windows10-2004-x64

3

wscripts/f...dd.vbs

windows7-x64

1

wscripts/f...dd.vbs

windows10-2004-x64

1

wscripts/f...ve.vbs

windows7-x64

8

wscripts/f...ve.vbs

windows10-2004-x64

8

wscripts/l...up.vbs

windows7-x64

3

wscripts/l...up.vbs

windows10-2004-x64

7

wscripts/s...ll.vbs

windows7-x64

8

wscripts/s...ll.vbs

windows10-2004-x64

8

wscripts/s...ec.vbs

windows7-x64

4

wscripts/s...ec.vbs

windows10-2004-x64

7

wscripts/s...ve.vbs

windows7-x64

8

wscripts/s...ve.vbs

windows10-2004-x64

8

Analysis

  • max time kernel
    118s
  • max time network
    119s
  • platform
    windows7_x64
  • resource
    win7-20240508-en
  • resource tags

    arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
  • submitted
    03/07/2024, 04:39 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    wscripts/legacy-cleanup.vbs

  • Size

    115B

  • MD5

    c78520c3162c1962f3164714b37eb4d0

  • SHA1

    67c19b8aea7ad99465976dbcd3efcfdd7d62e3fe

  • SHA256

    dea38bd553abe93c689de42d0220add18f9be3e3d2fa53f97eb8649f586df4f3

  • SHA512

    cfbfc2c7dd8019f98b77e8881680ef9d0135a210fb9b0136a4992c236d971e247aa1641cd2eafdc5f6f5bb61002b30ea14b226127c4cef04f3b3d6be3a941fcc

Score
3/10

Malware Config

Signatures

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious use of WriteProcessMemory 3 IoCs
  • Uses Task Scheduler COM API 1 TTPs

    The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.

    persistence

Processes

  • C:\Windows\System32\WScript.exe
    "C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\wscripts\legacy-cleanup.vbs"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2928
    • C:\Windows\System32\schtasks.exe
      "C:\Windows\System32\schtasks.exe" /delete /tn ParsecTeams /f
      2⤵
        PID:1964

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    We care about your privacy.

    This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.