696f01d0e7c0fcb5a3818b1f2c131ed4b076bc21e3fb932eacf2b3ed92c77667

Analysis

max time kernel
94s
max time network
106s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
30/09/2024, 08:07

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

mal.vbs
Size

191KB
MD5

ddd5fea50603668bfe9e1d36d6d65bdb
SHA1

52b7879828e1836ef6a866f435f3766df109c944
SHA256

696f01d0e7c0fcb5a3818b1f2c131ed4b076bc21e3fb932eacf2b3ed92c77667
SHA512

ecffb82bed0463b54ccb7eabb26c3322a76b0522818d6462eedb5a354af40253c64c16f7eec8d4a66bc9a80ace3e9f29bbb0e3c95956983dc8687393893be9ec
SSDEEP

3072:UEJvmz1R5amz/bnPppoVqAbuVf8wLjIO3ObEBMR4EcZWvkziAWF7m1+e:UEBmzL5amzjnP7oVqAb0nLUO3ObEBMRG

Score

7^/10

Malware Config

Signatures

Uses the VBS compiler for execution 1 TTPs

Command and Scripting Interpreter
T1059

Suspicious use of SetThreadContext 1 IoCs

description	pid	Process
PID 1856 set thread context of 0	1856	WScript.exe

Suspicious use of WriteProcessMemory 12 IoCs

description	pid	Process	procid_target
PID 1856 wrote to memory of 552	1856	WScript.exe	82
PID 1856 wrote to memory of 552	1856	WScript.exe	82
PID 1856 wrote to memory of 552	1856	WScript.exe	82
PID 1856 wrote to memory of 552	1856	WScript.exe	82
PID 1856 wrote to memory of 552	1856	WScript.exe	82
PID 1856 wrote to memory of 552	1856	WScript.exe	82
PID 1856 wrote to memory of 552	1856	WScript.exe	82
PID 1856 wrote to memory of 552	1856	WScript.exe	82
PID 1856 wrote to memory of 552	1856	WScript.exe	82
PID 1856 wrote to memory of 552	1856	WScript.exe	82
PID 1856 wrote to memory of 552	1856	WScript.exe	82
PID 1856 wrote to memory of 552	1856	WScript.exe	82

C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\mal.vbs"
1⤵
- Suspicious use of SetThreadContext
- Suspicious use of WriteProcessMemory
PID:1856
- C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe
  C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe
  2⤵
  PID:552

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

T1059

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1856-0-0x00007FFCB1363000-0x00007FFCB1365000-memory.dmp

Filesize
8KB

Download
memory/1856-1-0x0000020959A90000-0x0000020959AB2000-memory.dmp

Filesize
136KB

Download
memory/1856-3-0x00007FFCB1360000-0x00007FFCB1E21000-memory.dmp

Filesize
10.8MB

Download
memory/1856-4-0x00007FFCB1360000-0x00007FFCB1E21000-memory.dmp

Filesize
10.8MB

Download