Overview

overview

9

Static

static

9

f65e79bb74...18.exe

windows7-x64

7

f65e79bb74...18.exe

windows10-2004-x64

7

$PLUGINSDI...ll.dll

windows7-x64

3

$PLUGINSDI...ll.dll

windows10-2004-x64

3

$PLUGINSDI...dl.dll

windows7-x64

3

$PLUGINSDI...dl.dll

windows10-2004-x64

3

$PLUGINSDI...nu.dll

windows7-x64

3

$PLUGINSDI...nu.dll

windows10-2004-x64

3

$PLUGINSDI...em.dll

windows7-x64

3

$PLUGINSDI...em.dll

windows10-2004-x64

3

$PLUGINSDI...gs.dll

windows7-x64

3

$PLUGINSDI...gs.dll

windows10-2004-x64

3

$PLUGINSDI...ec.dll

windows7-x64

3

$PLUGINSDI...ec.dll

windows10-2004-x64

3

$PLUGINSDI...om.dll

windows7-x64

5

$PLUGINSDI...om.dll

windows10-2004-x64

5

$PLUGINSDI...ry.dll

windows7-x64

3

$PLUGINSDI...ry.dll

windows10-2004-x64

3

$TEMP/v.vbs

windows7-x64

3

$TEMP/v.vbs

windows10-2004-x64

3

$TEMP/xcmd.exe

windows7-x64

9

$TEMP/xcmd.exe

windows10-2004-x64

9

$_48_/$APP...md.exe

windows7-x64

9

$_48_/$APP...md.exe

windows10-2004-x64

9

$_48_/1.html

windows7-x64

3

$_48_/1.html

windows10-2004-x64

3

$_48_/3.bat

windows7-x64

1

$_48_/3.bat

windows10-2004-x64

1

$_48_/3.vbs

windows7-x64

4

$_48_/3.vbs

windows10-2004-x64

7

$_48_/qq.vbs

windows7-x64

3

$_48_/qq.vbs

windows10-2004-x64

7

Analysis

  • max time kernel
    13s
  • max time network
    19s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    25-09-2024 16:05

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    $_48_/qq.vbs

  • Size

    970B

  • MD5

    0673e7a45f4bdc9049e06bb53632a80e

  • SHA1

    d810656800a1984dd70f2a3a05d1fefdd715e260

  • SHA256

    9e3c211ae37ec943ff467437c4ccbf431cd1d2989b8da216346d5634d5b3373d

  • SHA512

    642b4c38583b28556e519673baec6a7546ef4e74ff2a922f72b034c388aaa34b19cd20baeb4a93a94705463961e6aeea665fe6e8e6db2c0775dcaef8c0fbd0e1

Score
3/10

Malware Config

Signatures

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious use of WriteProcessMemory 12 IoCs
  • Views/modifies file attributes 1 TTPs 1 IoCs
    evasion

Processes

  • C:\Windows\System32\WScript.exe
    "C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\$_48_\qq.vbs"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2352
    • C:\Windows\System32\attrib.exe
      "C:\Windows\System32\attrib.exe" "C:\Program Files\NetMeeting\ie.html" +R
      2⤵
      • Views/modifies file attributes
      PID:2216
    • C:\Windows\System32\cmd.exe
      "C:\Windows\System32\cmd.exe" /c echo Y| cacls "C:\Program Files\NetMeeting\ie.html" /P Everyone:R
      2⤵
      • Suspicious use of WriteProcessMemory
      PID:2104
      • C:\Windows\system32\cmd.exe
        C:\Windows\system32\cmd.exe /S /D /c" echo Y"
        3⤵
          PID:2400
        • C:\Windows\system32\cacls.exe
          cacls "C:\Program Files\NetMeeting\ie.html" /P Everyone:R
          3⤵
            PID:2068

      Network

      MITRE ATT&CK Enterprise v15

      Replay Monitor

      Loading Replay Monitor...

      Downloads