e306c4231b9dadf2a7a331a2b116c4be2e37d0f5bf81058af1ce817b27b85ab7 | Triage

Submit
Reports

Overview

overview

9

Static

static

1

script.vbs

windows7-x64

9

script.vbs

windows10-2004-x64

9

Sharing

Copy URL Twitter E-mail

General

Target

script.vbs
Size

3KB
Sample

240726-rkca3awerb
MD5

b4a4d52b1434de5f395855770d57964d
SHA1

dea23f14fbb3b6e72faa43c44101478051381c29
SHA256

e306c4231b9dadf2a7a331a2b116c4be2e37d0f5bf81058af1ce817b27b85ab7
SHA512

fddd4c9a3727ff894446d9a7178ebededd7570b9cc2f724019e8ae733c4cf27fb0bf17e3c361b14eabaa60e0fa96d4271db7d89a84ad6b75f8b8a8bf1d915aaf

Score

9^/10

discovery evasion exploit ransomware

Static task

static1

Behavioral task

behavioral1

Sample

script.vbs

Resource

win7-20240705-en

windows7-x64

1 signatures

150 seconds

Behavioral task

behavioral2

Sample

script.vbs

Resource

win10v2004-20240709-en

discovery evasion exploit ransomware

windows10-2004-x64

10 signatures

150 seconds

Malware Config

Targets

- Target
  
  script.vbs
- Size
  
  3KB
- MD5
  
  b4a4d52b1434de5f395855770d57964d
- SHA1
  
  dea23f14fbb3b6e72faa43c44101478051381c29
- SHA256
  
  e306c4231b9dadf2a7a331a2b116c4be2e37d0f5bf81058af1ce817b27b85ab7
- SHA512
  
  fddd4c9a3727ff894446d9a7178ebededd7570b9cc2f724019e8ae733c4cf27fb0bf17e3c361b14eabaa60e0fa96d4271db7d89a84ad6b75f8b8a8bf1d915aaf
Score

9^/10

ransomware discovery evasion exploit
- Renames multiple (134) files with added filename extension
  This suggests ransomware activity of encrypting all the files on the system.
  ransomware
- Disables RegEdit via registry modification
  evasion
- Disables Task Manager via registry modification
  evasion
- Possible privilege escalation attempt
  exploit
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Modifies file permissions
  discovery
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

File and Directory Permissions Modification

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

discoveryevasionexploitransomware

© 2018-2025

Terms | Privacy