Analysis
-
max time kernel
134s -
max time network
103s -
platform
windows10-2004_x64 -
resource
win10v2004-20240802-en -
resource tags
arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system -
submitted
25/08/2024, 09:17
Static task
static1
Behavioral task
behavioral1
Sample
Accelya NDC SPRK Platform.vbs
Resource
win7-20240704-en
Behavioral task
behavioral2
Sample
Accelya NDC SPRK Platform.vbs
Resource
win10v2004-20240802-en
General
-
Target
Accelya NDC SPRK Platform.vbs
-
Size
2.2MB
-
MD5
1fb5432583a1e8c36b9cec2020fff30b
-
SHA1
02262b1241e01214530773f37cea0d91492fcc88
-
SHA256
4a929263e46f217558b7085c3b62527408a58dbfa94f53405eb10c2546bf93dd
-
SHA512
afb373f2fdecb1e0c0144b01db229dad910d8af63391b4061fac4fe5e152cc9941b5a74377103546c7f0c186112556f547064b607ba297b3a3b684243c4bea72
-
SSDEEP
24576:zvvVTbDQjG+xjhxmG88vshdnSxmKrmJhMTu9i9CbkmvV6wImsUoS+oVYtZVLwg2S:zvJunstR6wIB2WtLaDP5O
Malware Config
Signatures
-
Process spawned unexpected child process 1 IoCs
This typically indicates the parent process was compromised via an exploit or macro.
description pid pid_target Process procid_target Parent C:\Windows\system32\wbem\wmiprvse.exe is not expected to spawn this process 4684 3632 cmd.exe 84 -
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
Processes
-
C:\Windows\System32\WScript.exe"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Accelya NDC SPRK Platform.vbs"1⤵PID:4036
-
C:\Windows\system32\cmd.execmd /c copy "C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe" "C:\Users\Admin\AppData\Local\Temp\Accelya NDC SPRK Platform.vbs.exe" /Y1⤵
- Process spawned unexpected child process
PID:4684
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
423KB
MD5c32ca4acfcc635ec1ea6ed8a34df5fac
SHA1f5ee89bb1e4a0b1c3c7f1e8d05d0677f2b2b5919
SHA25673a3c4aef5de385875339fc2eb7e58a9e8a47b6161bdc6436bf78a763537be70
SHA5126e43dca1b92faace0c910cbf9308cf082a38dd39da32375fad72d6517dea93e944b5e5464cf3c69a61eabf47b2a3e5aa014d6f24efa1a379d4c81c32fa39ddbc