Overview

overview

7

Static

static

1

run.vbs

windows7-x64

3

run.vbs

windows10-2004-x64

7

Analysis

  • max time kernel
    94s
  • max time network
    95s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240802-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
  • submitted
    06/09/2024, 19:04

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    run.vbs

  • Size

    147B

  • MD5

    46d2f72df718e4fc538f90030dbf0a31

  • SHA1

    4fa6f991ea8a03ea615f84f48e9d42e34870d728

  • SHA256

    7f51f785136f8124f3955a04cc931c192514ec1b4dabb45eebdc87027e677bb9

  • SHA512

    9d80f7ef7fa30b1c78ca92862a51ab1e3ecfdb915000043bb303b9610c31701ed7e6c2ec1e1e9a46a1ceae94cd969259973023bc5cdf010d22e6bdc023ea0ea6

Score
7/10

Malware Config

Signatures

  • Checks computer location settings 2 TTPs 1 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies registry class 1 IoCs
  • Opens file in notepad (likely ransom note) 1 IoCs
    ransomware
  • Suspicious use of WriteProcessMemory 2 IoCs

Processes

  • C:\Windows\System32\WScript.exe
    "C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\run.vbs"
    1⤵
    • Checks computer location settings
    • Modifies registry class
    • Suspicious use of WriteProcessMemory
    PID:2100
    • C:\Windows\system32\NOTEPAD.EXE
      "C:\Windows\system32\NOTEPAD.EXE" C:\note.txt
      2⤵
      • Opens file in notepad (likely ransom note)
      PID:3808

Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\note.txt
          Filesize

          16B

          MD5

          ae6e26c7174d68a02d78ec1e18894308

          SHA1

          3d5be58a90458344401a2960d11cd60006dfdf35

          SHA256

          7b429529190db2ad8b60e258dd88c69ea305d60457bdf9a18b49a7bb872f438f

          SHA512

          acef1d337ce4ac48a7f3facf478bdd1b3df0f646094538bffb09d2705d79137f7e544d19e3b3fc81f3a6a02a37d49c8edc04e5c0e6d278a6634202267285f11d

          Download Submit