General
-
Target
trigger.vbs
-
Size
2KB
-
Sample
240815-1mn73s1cnk
-
MD5
9bb9f585f3bf5350429098d6afa62bbb
-
SHA1
681dfa1ddebdd1e6918bf3c7c954b53320950e3f
-
SHA256
ca58403c597e504a8b9100c7bffaf2b42f2be21a925eb5dc3f93bb7638d6e15e
-
SHA512
ece0f5bd08de3990bdc1b778cb70e992bb6aefc343e69705a293d49874ec52ee7a4541c687b40b9424b0c4562eda18237762f48bbd55d4b0956c164189422101
Static task
static1
Behavioral task
behavioral1
Sample
trigger.wsf
Resource
win7-20240705-en
Behavioral task
behavioral2
Sample
trigger.wsf
Resource
win10v2004-20240802-en
Malware Config
Targets
-
-
Target
trigger.vbs
-
Size
2KB
-
MD5
9bb9f585f3bf5350429098d6afa62bbb
-
SHA1
681dfa1ddebdd1e6918bf3c7c954b53320950e3f
-
SHA256
ca58403c597e504a8b9100c7bffaf2b42f2be21a925eb5dc3f93bb7638d6e15e
-
SHA512
ece0f5bd08de3990bdc1b778cb70e992bb6aefc343e69705a293d49874ec52ee7a4541c687b40b9424b0c4562eda18237762f48bbd55d4b0956c164189422101
-
Possible privilege escalation attempt
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Event Triggered Execution: Component Object Model Hijacking
Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.
-
Modifies file permissions
-
Modifies system executable filetype association
-