585579c2296b699417e664002e5f47bca19cb719ee00f3236618a517765fbce3

Analysis

max time kernel
119s
max time network
120s
platform
windows7_x64
resource
win7-20240704-en
resource tags

arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
submitted
22/08/2024, 01:46

Target

b5e158a7ab9d97514b921adb7cebe98e_JaffaCakes118.vbs
Size

169B
MD5

b5e158a7ab9d97514b921adb7cebe98e
SHA1

060f498d70c5b6e41894a5674eaadb717691b8c8
SHA256

585579c2296b699417e664002e5f47bca19cb719ee00f3236618a517765fbce3
SHA512

d89ba479e2fdf738f3bbd1499dce0dc05e75f4b0c14e2cc8cceeaf5ee556643ddfb124b3944ea4b8b1b2eed89038cd1d1e65dc58005a1cdd2ec0df24b6a1e049

Score

3^/10

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2816 wrote to memory of 2308	2816	WScript.exe	30
PID 2816 wrote to memory of 2308	2816	WScript.exe	30
PID 2816 wrote to memory of 2308	2816	WScript.exe	30

C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\b5e158a7ab9d97514b921adb7cebe98e_JaffaCakes118.vbs"
1⤵
- Suspicious use of WriteProcessMemory
PID:2816
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /C start iexplore.exe http://9281.net/?ie
  2⤵
  PID:2308

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact