General
-
Target
run.vbs
-
Size
3KB
-
Sample
240815-1xt63s1hpm
-
MD5
79fe68e50f2d014440bb6b7859720877
-
SHA1
5532a3680caa3327b2cbe04d5c4a0a4036ccffec
-
SHA256
be3b880f963273b3669f0a46d504965736bfdda77bca8821afc605563a965d1b
-
SHA512
85f4de149962425e2976fe717c62671383120daf6284e7fc437b766eb79a8f24dd52cde7edfe816ceea4129dcd8a086a5bb39e736e454058c0133189bc13c192
Static task
static1
Behavioral task
behavioral1
Sample
run.wsf
Resource
win10v2004-20240802-en
Behavioral task
behavioral2
Sample
run.wsf
Resource
win11-20240802-en
Malware Config
Targets
-
-
Target
run.vbs
-
Size
3KB
-
MD5
79fe68e50f2d014440bb6b7859720877
-
SHA1
5532a3680caa3327b2cbe04d5c4a0a4036ccffec
-
SHA256
be3b880f963273b3669f0a46d504965736bfdda77bca8821afc605563a965d1b
-
SHA512
85f4de149962425e2976fe717c62671383120daf6284e7fc437b766eb79a8f24dd52cde7edfe816ceea4129dcd8a086a5bb39e736e454058c0133189bc13c192
-
Possible privilege escalation attempt
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Event Triggered Execution: Component Object Model Hijacking
Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.
-
Modifies file permissions
-
Modifies system executable filetype association
-