5f000b43575e765ceb6e2ec9c8ebc0de6679da3315008f9c8bcb1c0578abe5e1 | Triage

Analysis

max time kernel
118s
max time network
120s
platform
windows7_x64
resource
win7-20240704-en
resource tags

arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
submitted
05/07/2024, 17:45

Sharing

Report Analysis Logs

General

Target

run.vbs
Size

101B
MD5

696b3a336c893d3a07bce9f038c09544
SHA1

9682ede0f41d23a14d25bc8de7c75ea6742e25a9
SHA256

5f000b43575e765ceb6e2ec9c8ebc0de6679da3315008f9c8bcb1c0578abe5e1
SHA512

6ff84167b2fccf2725e52aef40f606cedfe2d90f2f02b52b0a2e24849708ce52889013d90234322ca21eebb41a78083c3cdc4ab340f44ca71e44f0a9ef6a2bb5

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2736 wrote to memory of 2852	2736	WScript.exe	30
PID 2736 wrote to memory of 2852	2736	WScript.exe	30
PID 2736 wrote to memory of 2852	2736	WScript.exe	30

C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\run.vbs"
1⤵
- Suspicious use of WriteProcessMemory
PID:2736
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c echo YOUR COMPUTER GOT HACKED && echo && echo bye && pause
  2⤵
  PID:2852

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads