d417d2dfa0a7f411828e12e8f87150523846f7e34c5391546f2fc1139e7ec244

Analysis

max time kernel
92s
max time network
94s
platform
windows10-2004_x64
resource
win10v2004-20240730-en
resource tags

arch:x64arch:x86image:win10v2004-20240730-enlocale:en-usos:windows10-2004-x64system
submitted
02/08/2024, 01:18

Target

827bd11b6c3fd070c8408f761dbe6562_JaffaCakes118.vbs
Size

193KB
MD5

827bd11b6c3fd070c8408f761dbe6562
SHA1

c8772175141655cb067a8cf0089503467391028f
SHA256

d417d2dfa0a7f411828e12e8f87150523846f7e34c5391546f2fc1139e7ec244
SHA512

9b679ed5e53ed6b43c83d7d1f9dee60c95fc723a528f55c8860e6d8d83f8233ef0e2259ddd74190fb8c5b91dadcb7d4613fd5314eb69859b890aafa0b65683ae
SSDEEP

1536:KWI44sPWjR1EbMsea4IfGP6QSxYP8TwgEsE7RIx7EJVxy5x8JvZa8FG5Ugx05rsG:bt4ssrhaTxa8co46MDvZk55B8

Score

5^/10

Drops file in System32 directory 2 IoCs

description	ioc	Process
File created	C:\Windows\System32\abds.jpg	WScript.exe
File opened for modification	C:\Windows\System32\abds.jpg	WScript.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\827bd11b6c3fd070c8408f761dbe6562_JaffaCakes118.vbs"
1⤵
- Drops file in System32 directory
PID:4164

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact