General
-
Target
file.vbs
-
Size
998B
-
Sample
241001-vgfe4azgmk
-
MD5
7a8d1f9e5e485683c25f1a8170538d8f
-
SHA1
5623bb9d6d7f11f67d817e07c5ac75d3e14d03e9
-
SHA256
39c8ccd2419b202937765877092462839cbfd3d7193faaac9d463c0d8924e5ad
-
SHA512
5b96db20eeec22dbe6d5073fd79b6111f5635a45e2ff97776777156e41c99730f8efa11f6241bd1175658309343b354b5f66ab6a9f9d48df3ef3fc8cf3cb4a14
Static task
static1
Behavioral task
behavioral1
Sample
file.vbs
Resource
win7-20240729-en
Behavioral task
behavioral2
Sample
file.vbs
Resource
win10v2004-20240802-en
Malware Config
Targets
-
-
Target
file.vbs
-
Size
998B
-
MD5
7a8d1f9e5e485683c25f1a8170538d8f
-
SHA1
5623bb9d6d7f11f67d817e07c5ac75d3e14d03e9
-
SHA256
39c8ccd2419b202937765877092462839cbfd3d7193faaac9d463c0d8924e5ad
-
SHA512
5b96db20eeec22dbe6d5073fd79b6111f5635a45e2ff97776777156e41c99730f8efa11f6241bd1175658309343b354b5f66ab6a9f9d48df3ef3fc8cf3cb4a14
-
Renames multiple (9605) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
-
Possible privilege escalation attempt
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Credentials from Password Stores: Windows Credential Manager
Suspicious access to Credentials History.
-
Modifies file permissions
-
Drops desktop.ini file(s)
-
MITRE ATT&CK Enterprise v15
Credential Access
Credentials from Password Stores
2Credentials from Web Browsers
1Windows Credential Manager
1Unsecured Credentials
1Credentials In Files
1Discovery
Browser Information Discovery
1Network Share Discovery
1Query Registry
1System Information Discovery
2System Location Discovery
1System Language Discovery
1System Network Configuration Discovery
1Internet Connection Discovery
1System Time Discovery
1