General
-
Target
script.vbs
-
Size
893B
-
Sample
241001-t983fazdnk
-
MD5
ec33cef3e775d7c6bec9f237c4fe9ea7
-
SHA1
cab989771371d11b0f9ab09d23060e3220a6fb3b
-
SHA256
ccd1df53fc4e3feeec5b55c4e7a2eb42d3fcaa47de94be1d07fd778c7c5dae91
-
SHA512
2b78042d8583680b4f94c59191a3114fae0014231de80c29d140ed1a74fc9e6ad2e41344f19cfc67d538faf5099483831aa5f547bffdb22dff2a16f2cb73a9a5
Static task
static1
Behavioral task
behavioral1
Sample
script.vbs
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
script.vbs
Resource
win10v2004-20240802-en
Malware Config
Targets
-
-
Target
script.vbs
-
Size
893B
-
MD5
ec33cef3e775d7c6bec9f237c4fe9ea7
-
SHA1
cab989771371d11b0f9ab09d23060e3220a6fb3b
-
SHA256
ccd1df53fc4e3feeec5b55c4e7a2eb42d3fcaa47de94be1d07fd778c7c5dae91
-
SHA512
2b78042d8583680b4f94c59191a3114fae0014231de80c29d140ed1a74fc9e6ad2e41344f19cfc67d538faf5099483831aa5f547bffdb22dff2a16f2cb73a9a5
-
Renames multiple (787) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
-
Possible privilege escalation attempt
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Credentials from Password Stores: Windows Credential Manager
Suspicious access to Credentials History.
-
Modifies file permissions
-
Password Policy Discovery
Attempt to access detailed information about the password policy used within an enterprise network.
-
MITRE ATT&CK Enterprise v15
Credential Access
Credentials from Password Stores
2Credentials from Web Browsers
1Windows Credential Manager
1Unsecured Credentials
1Credentials In Files
1