Extracted

Extracted

• • Target

    c50d459ee28fb9d7dfaa8067855e984f19828028f56aefe8187dcd622d9c2d09.vbs

  • Size

    689KB

  • MD5

    87f27580d805863d210331653ca944a7

  • SHA1

    d861804f8fa941e95f8f779a295ffb0812ba2d4e

  • SHA256

    c50d459ee28fb9d7dfaa8067855e984f19828028f56aefe8187dcd622d9c2d09

  • SHA512

    eb895266a5774eefbc9ac6b30612a42a0d331fac221875fd9c59a67110880716ba7c7c890eb969f531dcfcff4a2c71cfdcab1c35116ec4d56de8cbf7e1a25d64

  • SSDEEP

    1536:VPPPPPPPPPPPPPPPPPPPPPPPE777777777777777777777777777777777777772:uK

  Score

  10^/10

  execution

  • Blocklisted process makes network request

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Drops startup file

  • Command and Scripting Interpreter: PowerShell

    Using powershell.exe command.

    execution
  behavioral1behavioral2