General
-
Target
target.vbs
-
Size
951B
-
Sample
241001-vc161atflb
-
MD5
d79d61d67efbf4b83d7140d0a56fb249
-
SHA1
d2d3f5c4d0e1bc0bb64b9e40498f0782e3db2eff
-
SHA256
2236b1b6fb85a674e325b03addf75ad4af2295b880b766347cac0fdcc87932be
-
SHA512
2d412546640532eb6230098db36e662991df6f387c2d1ac9996f1d10f392ea432067d24989d02ee58b755e1bb3902966deba76d9b9d8e7b2d061a090e8b7dda3
Static task
static1
Behavioral task
behavioral1
Sample
target.vbs
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
target.vbs
Resource
win10v2004-20240802-en
Malware Config
Targets
-
-
Target
target.vbs
-
Size
951B
-
MD5
d79d61d67efbf4b83d7140d0a56fb249
-
SHA1
d2d3f5c4d0e1bc0bb64b9e40498f0782e3db2eff
-
SHA256
2236b1b6fb85a674e325b03addf75ad4af2295b880b766347cac0fdcc87932be
-
SHA512
2d412546640532eb6230098db36e662991df6f387c2d1ac9996f1d10f392ea432067d24989d02ee58b755e1bb3902966deba76d9b9d8e7b2d061a090e8b7dda3
-
Renames multiple (10340) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
-
Possible privilege escalation attempt
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Credentials from Password Stores: Windows Credential Manager
Suspicious access to Credentials History.
-
Modifies file permissions
-
MITRE ATT&CK Enterprise v15
Credential Access
Credentials from Password Stores
2Credentials from Web Browsers
1Windows Credential Manager
1Unsecured Credentials
1Credentials In Files
1