Overview

overview

10

Static

static

3

f684fced30...18.exe

windows7-x64

10

f684fced30...18.exe

windows10-2004-x64

10

$PLUGINSDI...em.dll

windows7-x64

3

$PLUGINSDI...em.dll

windows10-2004-x64

3

$PLUGINSDIR/UAC.dll

windows7-x64

3

$PLUGINSDIR/UAC.dll

windows10-2004-x64

3

$PLUGINSDI...fo.dll

windows7-x64

3

$PLUGINSDI...fo.dll

windows10-2004-x64

3

$PLUGINSDI...gs.dll

windows7-x64

3

$PLUGINSDI...gs.dll

windows10-2004-x64

3

$PLUGINSDI...ec.dll

windows7-x64

3

$PLUGINSDI...ec.dll

windows10-2004-x64

3

$PROGRAMFI...ap.bat

windows7-x64

3

$PROGRAMFI...ap.bat

windows10-2004-x64

3

$PROGRAMFI...ll.bat

windows7-x64

3

$PROGRAMFI...ll.bat

windows10-2004-x64

3

$PROGRAMFI...on.exe

windows7-x64

1

$PROGRAMFI...on.exe

windows10-2004-x64

1

$PROGRAMFI...ll.exe

windows7-x64

3

$PROGRAMFI...ll.exe

windows10-2004-x64

3

$PROGRAMFI...01.sys

windows7-x64

1

$PROGRAMFI...01.sys

windows10-2004-x64

1

Setup.exe

windows7-x64

10

Setup.exe

windows10-2004-x64

10

Setupres.exe

windows7-x64

9

Setupres.exe

windows10-2004-x64

9

ipras.vbs

windows7-x64

8

ipras.vbs

windows10-2004-x64

8

ssleay32.dll

windows7-x64

3

ssleay32.dll

windows10-2004-x64

3

Analysis

  • max time kernel
    122s
  • max time network
    124s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    25-09-2024 17:36

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    ipras.vbs

  • Size

    126B

  • MD5

    b802ff9244875f69db2fae0f78e92b10

  • SHA1

    49385a89cd575894a29fbda969b99cc1f5cf8076

  • SHA256

    a1b0cb16fb2ecd66fccf156024404801ad694056e8a596326c1b27b57d8eabe8

  • SHA512

    609856415a7ae2b3e260f945f1c8a8d2a28884c202d37181bea948708918f24b42ae03f17dba1520fddc91b2f7a182b0b8f885f33ea6f81bb3ee4c72e4e9350e

Score
8/10

Malware Config

Signatures

  • Blocklisted process makes network request 2 IoCs
  • Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs

Processes

  • C:\Windows\System32\WScript.exe
    "C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\ipras.vbs"
    1⤵
    • Blocklisted process makes network request
    PID:2668

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads