General
-
Target
file.vbs
-
Size
1012B
-
Sample
241001-vdsw1szfjr
-
MD5
f6bea0736a729346a2536a55cb2b7bb0
-
SHA1
69e72cbb025c5b41a9fd3159c3999d924e30b3d6
-
SHA256
2973c7f6a3fb1b01c55d1581837cb5f19e3427950f406a35fe32bf944a45e314
-
SHA512
91804e4f3ac28e5be2b6b12c43e906611522a14bb1e4a042e396184e22afb316ba631ff9212456872185b6f3b716fe10d5106846774a4db4ee800ab10e6f1e5d
Static task
static1
Behavioral task
behavioral1
Sample
file.vbs
Resource
win7-20240708-en
Behavioral task
behavioral2
Sample
file.vbs
Resource
win10v2004-20240802-en
Malware Config
Targets
-
-
Target
file.vbs
-
Size
1012B
-
MD5
f6bea0736a729346a2536a55cb2b7bb0
-
SHA1
69e72cbb025c5b41a9fd3159c3999d924e30b3d6
-
SHA256
2973c7f6a3fb1b01c55d1581837cb5f19e3427950f406a35fe32bf944a45e314
-
SHA512
91804e4f3ac28e5be2b6b12c43e906611522a14bb1e4a042e396184e22afb316ba631ff9212456872185b6f3b716fe10d5106846774a4db4ee800ab10e6f1e5d
Score9/10-
Renames multiple (7920) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
-
Possible privilege escalation attempt
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Modifies file permissions
-