General
-
Target
script.vbs
-
Size
938B
-
Sample
241001-vb858ateqf
-
MD5
3e9abc13d2f8e273f58f009d14084057
-
SHA1
7abc22693a2a566d00f853ef3cd9073ac975ed7e
-
SHA256
34609ffd4821ae46f4afb1735992bd34a33fd5c7a7b6a9dd9c00226ec8f72b8c
-
SHA512
12d91f87c10365f4bef248d20aab80d66ded11f8b52d65a13819792a6b15ebadbe46ac14a7992f3b68be152a095917f9250655ae4946bff37d5df868e3b912ae
Static task
static1
Behavioral task
behavioral1
Sample
script.vbs
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
script.vbs
Resource
win10v2004-20240802-en
Malware Config
Targets
-
-
Target
script.vbs
-
Size
938B
-
MD5
3e9abc13d2f8e273f58f009d14084057
-
SHA1
7abc22693a2a566d00f853ef3cd9073ac975ed7e
-
SHA256
34609ffd4821ae46f4afb1735992bd34a33fd5c7a7b6a9dd9c00226ec8f72b8c
-
SHA512
12d91f87c10365f4bef248d20aab80d66ded11f8b52d65a13819792a6b15ebadbe46ac14a7992f3b68be152a095917f9250655ae4946bff37d5df868e3b912ae
-
Renames multiple (10065) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
-
Possible privilege escalation attempt
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Credentials from Password Stores: Windows Credential Manager
Suspicious access to Credentials History.
-
Loads dropped DLL
-
Modifies file permissions
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
MITRE ATT&CK Enterprise v15
Credential Access
Credentials from Password Stores
2Credentials from Web Browsers
1Windows Credential Manager
1Unsecured Credentials
1Credentials In Files
1Discovery
Browser Information Discovery
1Network Share Discovery
1Peripheral Device Discovery
1Query Registry
2System Information Discovery
3System Location Discovery
1System Language Discovery
1System Network Configuration Discovery
1Internet Connection Discovery
1System Time Discovery
1