Overview

overview

7

Static

static

1

file.vbs

windows7-x64

3

file.vbs

windows10-2004-x64

7

Analysis

  • max time kernel
    149s
  • max time network
    147s
  • platform
    windows7_x64
  • resource
    win7-20240705-en
  • resource tags

    arch:x64arch:x86image:win7-20240705-enlocale:en-usos:windows7-x64system
  • submitted
    22-07-2024 22:03

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    file.vbs

  • Size

    2KB

  • MD5

    5c03e2ba7289156c5333281dedfe4690

  • SHA1

    220b2aeecc70b032eff914f54d7f4400885f3f3e

  • SHA256

    04d5dbf4d94cd9d72a730c35257d00a01b247d62cf0f981b30cd6b09790bafa1

  • SHA512

    1ff69455c6a2e8091250fc6f86a89a96ff0a7687b7359d85cccf9af839fcde5dd73b0cdfc4b27d0729c861a029f067bade6b89beff05e3ad7f15062c6ffad262

Score
3/10

Malware Config

Signatures

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies Internet Explorer settings 1 TTPs 44 IoCs
    adwarespyware
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 16 IoCs

Processes

  • C:\Windows\System32\WScript.exe
    "C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\file.vbs"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1440
    • C:\Windows\System32\WScript.exe
      "C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Roaming\D(‚Ã}]„¬)âÃĤ‘Ä[{msg.vbs"
      2⤵
        PID:2912
      • C:\Windows\System32\WScript.exe
        "C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Roaming\‚¬Ä(‘)[â{¤Ã„ÄDÃ}]msg.vbs"
        2⤵
          PID:2888
        • C:\Program Files\Internet Explorer\iexplore.exe
          "C:\Program Files\Internet Explorer\iexplore.exe" https://www.google.com/search?q=welcome+to+brazil
          2⤵
          • Modifies Internet Explorer settings
          • Suspicious use of FindShellTrayWindow
          • Suspicious use of SetWindowsHookEx
          • Suspicious use of WriteProcessMemory
          PID:2052
          • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
            "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2052 CREDAT:275457 /prefetch:2
            3⤵
            • Modifies Internet Explorer settings
            • Suspicious use of SetWindowsHookEx
            PID:1856
        • C:\Windows\System32\WScript.exe
          "C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Roaming\(Ã}Ä]â)[¬D‘‚Ä„Ã{¤msg.vbs"
          2⤵
            PID:2688

        Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          342B

          MD5

          1dadd56b6a799bdc3e14818484fc83a1

          SHA1

          0c734629d32045938ddd58407663e4b9dff2e259

          SHA256

          e14cb2b7748e01a35db8f9ac63ff19bb93c459ac0ec6b32b3cb87552efcec124

          SHA512

          f8de9a50ed4196077195fb108356c94e95e99d3ae4f593d2d938e356e9b5adbaac06221a4f3609f2654e74f06ac34f49f793cf8a6df668ba7a07175e8baf0ef9

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          342B

          MD5

          49d6c9627aacb0512a7070a2ef13175b

          SHA1

          f21ab8787eaa69482144a38698b52c90ad22b7c9

          SHA256

          42463daf32f10797b2d395087ae465911893c15436625e072b7713091cc33f75

          SHA512

          24b1c7faf91793e8bf288591d63a519facbe80d3a81ca7379791c948420697d1c0b4c57d04ef217be583083acf67f1739d16be85e41af9d81b596063c71ccb5f

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          342B

          MD5

          58df6ab71a3bcfd90539be4f04b389b6

          SHA1

          af8252a813c3d7176b3457074ad333f029f0e38a

          SHA256

          1946625243eecfa7d14e841da1c8779ebfe14977e43f8d89c2eeb533cc35f77d

          SHA512

          f517d6423428434047e6a1fc7cdb80aca5e7411d1a8811ccbc881d9c5538fb5a0f6b0b9a6b989f2e3cfa54d7bef53dfb85d3fa47d3bf1a6ebaf5118e8c9f53da

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          342B

          MD5

          59897a9a3ff7bffc9d106af0a3089f44

          SHA1

          86a0eafef9312f531465edcdc0f6195912b0476f

          SHA256

          b5dc6e9c175bc64e7838fe1bcb327be4d59d2fd77c7ddb62a03738de851fff3a

          SHA512

          575346c5d9cb2208c9c7b839079df7eee48d8ecb14577097baf707b616ddde6808747c254352e90bdfa478b4319214fb177c642be7dd8a69ce858f27fd1bdd63

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          342B

          MD5

          463e835dd725f3088a6f0bd56f02f8ee

          SHA1

          cc7eb671ef664861f92ad764b652640123be6550

          SHA256

          abb2b0219800366a79a71102c9804dad8a5cd70ad7d37022d8aebfa8b77d762a

          SHA512

          41aa054f9b5527ad11adab1077d0a26ed389c7117530d98928d5216c23168e2cd8415b60d13d1bd8a6cd2c8ee20486a6181bf5843a25dfdf0e85e43d2d0fef72

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          342B

          MD5

          e1e1dbda110844a4e9f97a778958ec33

          SHA1

          2f40b7caf641de419513700b7a1a77d537ffc269

          SHA256

          f4996f982f3dcdc94628b1fc0aa20a504525a33eaa9d85bdc037d38f4665723d

          SHA512

          0bc5f639441e4af3c40b20fa2bb5363c5dfb4e47ad3c37f2753ceda3708d13b62936106e6bcff00858fa4dee823723d30af2fd491c050b4ba25e66af14be038f

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          342B

          MD5

          fe36d9a6ee60eae30a44c9c331b6b3f4

          SHA1

          5ad4e87f86476ef5fae775bc869798b1a956dc7c

          SHA256

          5220217c46d3a847abcbc8e57fae1b36835ad239bb29da81db626cc4bd3081ad

          SHA512

          d7e27fc8314b1124443e1a5fba2b5a2a00966ddeb4918e8b588b1fefd5dd5897a0318c9c9c254ae1d7147fbe19e8c562ae7906346e339976d0f060a5dfb0588a

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          342B

          MD5

          99012916b236679aef9e7cef5ce094b6

          SHA1

          eb95807d2d8c6fe166b9cdebb5dc96aa7d9ccaef

          SHA256

          01d6a097b5ff38b80eb5d6f2a7fad9b4b66e5432fe678d4b239f29966cad9f7f

          SHA512

          717a64d357054fbd7d92fe23f0dc5eb11989e586a70567719b81333d946b57592fcee8f714ba775f63504a7a590468d273953f85d29c49069c85836623a85dd2

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          342B

          MD5

          9411191e7c14f285c5da97d1a845a61d

          SHA1

          9bc344e40fda060f143125f88eb0d1b3ade6f9e3

          SHA256

          1b9e4fc8615fcc9cc4af0963052eeeac1ef3362f942aecf7908e7dcfd520b0a5

          SHA512

          0346535c3f54cce8be5b4122f3e9ac96d5ab03db0640f6153a89c0bc24c94016a1a5d3ef9eeb49d32b76d015cec26e20d5cf845b2a2db32e79dc59c5a250a620

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          342B

          MD5

          83eb54bf87382cb710a3d3a5343af4eb

          SHA1

          6e52ad1df0e69b74d122b9e3804addaa3a01e4f8

          SHA256

          f4bf586d75ba80d9b520732a46953e78dd56d0a3af47c6af8d6ca9402970f470

          SHA512

          cd52742a71f21dbe3f5cfe9377d8b145846d04d5a15728592ed0bd900cbcf378189b7929ee90068ad62a21772728c992e9f242d2f716504df3f38ae2aeb7d167

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          342B

          MD5

          84c4e3a9559ed91b85c92b508f253f49

          SHA1

          3674602ea791c44557766e3e8db150a16c649dec

          SHA256

          c5b98225c6e07b32167038bd0d7ed60540ef6e3ee02a0894a8d789775b6e5960

          SHA512

          0a6c73be83e5c49498e83ab735e2f02fbd0291f80acc833c88c69f48217934947d090920b3b69394aab133eaef0a339e32a3b30e1b8bafa178e4b943c3ee49b7

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          342B

          MD5

          aa04af6637a81f2fb524ec8bac67693b

          SHA1

          aa4c1e1c54738c95db1d6a74a3470657fb394a03

          SHA256

          25e717e164384c02405585fcc4cc0648ffdbe353f67da69b3c558db4480d9e3d

          SHA512

          3df9f0618221f62892cc46d5353de01e799974c7f81c5747a25bfbc0130269b0664591b34bf9ce8cf5b17fc6f60647336fca76140a5e0581c0634185115bb046

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          342B

          MD5

          c74a58e82d9ff4648f746f7f3733dbfb

          SHA1

          285dac176504f75b243ae86d51696bc53ef392ab

          SHA256

          0abd1121339d60d13271eba6dadbdc4cfeaa1f9ae9b45fe47339e829393d9392

          SHA512

          b02d6d7c80f40f26eec1bdde586f4200069b03a75bca94a540a159f653cccb217db8d4eea2b13015c7dc6941843c6d736012f72e9b692067c768791960406b40

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          342B

          MD5

          abe0e3117b5627613d524839a0639434

          SHA1

          87c6a5f7cd217addb0599d15a0e4ee823342a964

          SHA256

          1d87294c8cb0b812594a982106f4007aeccd7d5265272bd25cda605bc1b05d37

          SHA512

          7dbf0e276926d0538048e18387cc081e3903e5a36a24fae442a6bfab63a8f508b7a1fa52adaa15678b7e632c36bd693d37c02291a724340fe8c230f3966d88c8

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          342B

          MD5

          ca7b352441d03d28d1dd9346ebffc1be

          SHA1

          6cda10f0518445d820b14b288ca6047dafbe90a1

          SHA256

          7e6c8ef6bf23a4168b8dc658d95edeb9d2cf2732d2568e9373925c47af252dd1

          SHA512

          d09036d9daef7257a8b52aa65b8f80abd6a78dd4fa2f8e6615cad5f414b097ed52e328f68e331782391de980df44c87fb138a022ebc29b9d2965fbe3828c1913

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          342B

          MD5

          ffffdd6d405f4db4d4eb60a47aaeb3cd

          SHA1

          e9f49c892f67e6b58b7aea9ce5789d68fba9b117

          SHA256

          636610b84bbec2aa2c60ad9de7c8aeeebbfbee7485f3cb83870843a622464a90

          SHA512

          4b86cdf6fdf35eac251e624bc2a40dd6a0fc32b0302b62498ee6f5f44f9689727d86dec82c2d2209a22531709433400f36181c3eb0011703159b7e96f4b75632

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          342B

          MD5

          7b748adb470c2f99aaa794344700eda9

          SHA1

          e98e99955bd2c5f1c405819ddc603e477148d159

          SHA256

          f4c590efd8da2fc7c33a8a6fd3e05a6e839b05cad30ed181be5fb6a69542e46b

          SHA512

          b90afe52dd689d39742b1c192e26d749c1f71c4b80c14a8080e7cb7ee6ab544f838c60c1178c1315c6fbb5aa7a74558fce22e6a6fb14745feddbf6653d314863

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          342B

          MD5

          5833fb64386cf086384c44869626e098

          SHA1

          54f906a26ba767cbb764c038af262276aa882102

          SHA256

          5c49e51b9ffa96811d0badea43cd6c0c07f046cb59eabd26821a8a89c40f4e28

          SHA512

          886f8487b883d53b47ef2a9ded12fdd1f526ede3c2493b1c668d95f5f412c979b683b630155d54d13accd9a4a3f7a4f6091bf43b06341ceb3dbf1e3bae4a8cef

          Download Submit

        • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\NFKLM2WY\www.google[1].xml
          Filesize

          98B

          MD5

          3f8880bb34a5ddad7a6058818f243292

          SHA1

          bead95864c63139c8e4d845b0a4fb7edd2fb377f

          SHA256

          38799b54162ea4910836f2d6bd4b38314a35c6ccfc209ae7e374b5615fa7b518

          SHA512

          118f428a4c2ced90e18d25e50c1359d95f985a175b9eff1b48ffc6319b0fd0a1af6f1a45156d3514ea56123aa8c1383e53cb6f4085ed0892b52b530ce2694771

          Download Submit

        • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\p6d9oj1\imagestore.dat
          Filesize

          5KB

          MD5

          5b66cecd90e5d3e5671cb4488b7124fc

          SHA1

          7215d7677b026e4e0f3386407e10362ae893b0d8

          SHA256

          dbc47961da2a76f43a4c43c3f8f10958b24f11bee0bfe7c97b2b3c816b4855e3

          SHA512

          c074eb7c352a51880888e1c08a4ab735d50caa280059a6cfb4e98c31ed7f3d2906bec705a669962da5b30b3e75e5dd7e6e7bb8330385c69854345133d37117ac

          Download Submit

        • C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JQ7VMQEC\favicon[1].ico
          Filesize

          5KB

          MD5

          f3418a443e7d841097c714d69ec4bcb8

          SHA1

          49263695f6b0cdd72f45cf1b775e660fdc36c606

          SHA256

          6da5620880159634213e197fafca1dde0272153be3e4590818533fab8d040770

          SHA512

          82d017c4b7ec8e0c46e8b75da0ca6a52fd8bce7fcf4e556cbdf16b49fc81be9953fe7e25a05f63ecd41c7272e8bb0a9fd9aedf0ac06cb6032330b096b3702563

          Download Submit

        • C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SPRIFH8L\styles__ltr[1].css
          Filesize

          55KB

          MD5

          4adccf70587477c74e2fcd636e4ec895

          SHA1

          af63034901c98e2d93faa7737f9c8f52e302d88b

          SHA256

          0e04cd9eec042868e190cbdabf2f8f0c7172dcc54ab87eb616eca14258307b4d

          SHA512

          d3f071c0a0aa7f2d3b8e584c67d4a1adf1a9a99595cffc204bf43b99f5b19c4b98cec8b31e65a46c01509fc7af8787bd7839299a683d028e388fdc4ded678cb3

          Download Submit

        • C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\WK27LCMU\recaptcha__en[1].js
          Filesize

          533KB

          MD5

          93e3f7248853ea26232278a54613f93c

          SHA1

          16100c397972a415bfcfce1a470acad68c173375

          SHA256

          0ec782544506a0aea967ea044659c633e1ee735b79e5172cb263797cc5cefe3a

          SHA512

          26aca30de753823a247916a9418aa8bce24059d80ec35af6e1a08a6e931dcf3119e326ec7239a1f8f83439979f39460b1f74c1a6d448e2f0702e91f5ad081df9

          Download Submit

        • C:\Users\Admin\AppData\Local\Temp\Cab3362.tmp
          Filesize

          70KB

          MD5

          49aebf8cbd62d92ac215b2923fb1b9f5

          SHA1

          1723be06719828dda65ad804298d0431f6aff976

          SHA256

          b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

          SHA512

          bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

          Download Submit

        • C:\Users\Admin\AppData\Local\Temp\Tar3363.tmp
          Filesize

          181KB

          MD5

          4ea6026cf93ec6338144661bf1202cd1

          SHA1

          a1dec9044f750ad887935a01430bf49322fbdcb7

          SHA256

          8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

          SHA512

          6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

          Download Submit

        • C:\Users\Admin\AppData\Roaming\(Ã}Ä]â)[¬D‘‚Ä„Ã{¤msg.vbs
          Filesize

          56B

          MD5

          0bec28064c3b8810360c0b668e191e9f

          SHA1

          6ab93add9eea32bce33c2e21675865a469b64188

          SHA256

          c4fcdc8575506020d7cdb8ffb0aa4dfd5d0564530acedba5ba8fef1ddccc2267

          SHA512

          ff8a24b8d4daf300b7819148a7935a293cd3e3668aa13da723366d0f120603f547edf346593556db08a1463975ec3d7418be4c3dd0545d52a9f1d8ef06c20abc

          Download Submit

        • C:\Users\Admin\AppData\Roaming\D(‚Ã}]„¬)âÃĤ‘Ä[{msg.vbs
          Filesize

          56B

          MD5

          b020de895d7a48c18aab000f736135ee

          SHA1

          1a26efd2b433e92b8c738d58c7c885948debc54c

          SHA256

          41714d5097c13691ad5e9419afa31ba0f05b657b674bcd7a644f480932044625

          SHA512

          6b4794b1662bcafa5d41e67d56235906d9c939288c9853c6e882ee0cc7352d9efb6e356bd0f2402a373fc4bf2bf4834b0c106b51a339acd74cdaad0fca835859

          Download Submit

        • C:\Users\Admin\AppData\Roaming\‚¬Ä(‘)[â{¤Ã„ÄDÃ}]msg.vbs
          Filesize

          56B

          MD5

          9aba0ee28ba7513c5a36bc80e6770809

          SHA1

          d0b1e759ccf36e3f74f43e9573337576a1c48ab9

          SHA256

          0624ce3de49d2cb4df56521ba397e0b1b6f7a4f1b74a8ec514b60876abb9df28

          SHA512

          7508776d9308f9c6f07e0c4403dc7c1910981a94f419e87fb9a36270fd2b9c9fd12b5fc83d693dfcaf36d69cad1984d97878d2a9936611e60b5f5945d6644445

          Download Submit