General
-
Target
script.vbs
-
Size
3KB
-
Sample
240815-1n9kea1dll
-
MD5
a0ef188a2faaef335d2265ea48c117fe
-
SHA1
7a285bed61409e29b4a0563adc5d8863cf150b33
-
SHA256
20138edb83cd75498cee9cd693504d2134ccd7002c466c5ee84dec16ec23a337
-
SHA512
ff0ba26e65fe730ea57e1405fb9c87b67833bbdb2dd71b74e2c6f5d719460174d31e275c11e6d21102370505761bde337b1b3c7c64106539422539a7168739a4
Static task
static1
Behavioral task
behavioral1
Sample
script.wsf
Resource
win7-20240708-en
Behavioral task
behavioral2
Sample
script.wsf
Resource
win10v2004-20240802-en
Malware Config
Targets
-
-
Target
script.vbs
-
Size
3KB
-
MD5
a0ef188a2faaef335d2265ea48c117fe
-
SHA1
7a285bed61409e29b4a0563adc5d8863cf150b33
-
SHA256
20138edb83cd75498cee9cd693504d2134ccd7002c466c5ee84dec16ec23a337
-
SHA512
ff0ba26e65fe730ea57e1405fb9c87b67833bbdb2dd71b74e2c6f5d719460174d31e275c11e6d21102370505761bde337b1b3c7c64106539422539a7168739a4
-
Boot or Logon Autostart Execution: Active Setup
Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.
-
Manipulates Digital Signatures
Attackers can apply techniques such as changing the registry keys of authenticode & Cryptography to obtain their binary as valid.
-
Possible privilege escalation attempt
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Event Triggered Execution: Component Object Model Hijacking
Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.
-
Modifies file permissions
-
Modifies system executable filetype association
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Active Setup
1Event Triggered Execution
3Change Default File Association
1Component Object Model Hijacking
1Netsh Helper DLL
1Privilege Escalation
Boot or Logon Autostart Execution
1Active Setup
1Event Triggered Execution
3Change Default File Association
1Component Object Model Hijacking
1Netsh Helper DLL
1