General
-
Target
script.vbs
-
Size
1012B
-
Sample
241001-vfn1vatgpe
-
MD5
5cc8785cf3be739d25c71218c74a8195
-
SHA1
314adada442d0b49d4af631032ed5b763cbe51c9
-
SHA256
18959bdc6ccba9e863eb842c4c4852786c6f998615955fc6981e26690fbaf7ea
-
SHA512
fb571e84186a415636d2d156acafb1af2bac7601328beb9ebf20f49cd3788f017a5daa71dfdb899bad89e930c99a67bf7a5f81c65d1b0ce122a7ba6ec70143ab
Static task
static1
Behavioral task
behavioral1
Sample
script.vbs
Resource
win7-20240729-en
Behavioral task
behavioral2
Sample
script.vbs
Resource
win10v2004-20240802-en
Malware Config
Targets
-
-
Target
script.vbs
-
Size
1012B
-
MD5
5cc8785cf3be739d25c71218c74a8195
-
SHA1
314adada442d0b49d4af631032ed5b763cbe51c9
-
SHA256
18959bdc6ccba9e863eb842c4c4852786c6f998615955fc6981e26690fbaf7ea
-
SHA512
fb571e84186a415636d2d156acafb1af2bac7601328beb9ebf20f49cd3788f017a5daa71dfdb899bad89e930c99a67bf7a5f81c65d1b0ce122a7ba6ec70143ab
-
Renames multiple (9610) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
-
Possible privilege escalation attempt
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Credentials from Password Stores: Windows Credential Manager
Suspicious access to Credentials History.
-
Modifies file permissions
-
Drops desktop.ini file(s)
-
MITRE ATT&CK Enterprise v15
Credential Access
Credentials from Password Stores
2Credentials from Web Browsers
1Windows Credential Manager
1Unsecured Credentials
1Credentials In Files
1