General
-
Target
script.vbs
-
Size
927B
-
Sample
241001-vbgqzazekm
-
MD5
f01859341d1818f8a85204582a72416b
-
SHA1
8cbab8682263b91fa5326e946a46443f698fa3aa
-
SHA256
a8be666bcafd2381de467ec2bdecd0d050a9b316f6ac4dd31cbe2b758ff12365
-
SHA512
4d60b148d0df18c5e14c162dcf2eefc31655187b3e2fb0d23f834940178e555638e469cb316054bcaa8872d3286a4114cced5f33bb989cc6a0bf5426049671ed
Static task
static1
Behavioral task
behavioral1
Sample
script.vbs
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
script.vbs
Resource
win10v2004-20240802-en
Malware Config
Targets
-
-
Target
script.vbs
-
Size
927B
-
MD5
f01859341d1818f8a85204582a72416b
-
SHA1
8cbab8682263b91fa5326e946a46443f698fa3aa
-
SHA256
a8be666bcafd2381de467ec2bdecd0d050a9b316f6ac4dd31cbe2b758ff12365
-
SHA512
4d60b148d0df18c5e14c162dcf2eefc31655187b3e2fb0d23f834940178e555638e469cb316054bcaa8872d3286a4114cced5f33bb989cc6a0bf5426049671ed
-
Renames multiple (10028) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
-
Possible privilege escalation attempt
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Credentials from Password Stores: Windows Credential Manager
Suspicious access to Credentials History.
-
Modifies file permissions
-
Drops file in System32 directory
-
MITRE ATT&CK Enterprise v15
Credential Access
Credentials from Password Stores
2Credentials from Web Browsers
1Windows Credential Manager
1Unsecured Credentials
1Credentials In Files
1