General
-
Target
code.vbs
-
Size
932B
-
Sample
241001-vjddhsthrh
-
MD5
b935eb34f52288a044156ae83bad70bc
-
SHA1
692b3649427cbab62b40fb17282201e1dd7bf432
-
SHA256
bca0be7848164b3ff7f863edd22fc5ee9f0a0841e2410bf9d735737436cf0e85
-
SHA512
0c88abb5f9192d77a80c3e3544c499fe3895ca924f4d89bf0970a0136adfcac1e0afd6a9734fafcc1824c2139f638b82d49065fcb1551d9adb20d7bda861b066
Static task
static1
Behavioral task
behavioral1
Sample
code.vbs
Resource
win7-20240903-en
Malware Config
Targets
-
-
Target
code.vbs
-
Size
932B
-
MD5
b935eb34f52288a044156ae83bad70bc
-
SHA1
692b3649427cbab62b40fb17282201e1dd7bf432
-
SHA256
bca0be7848164b3ff7f863edd22fc5ee9f0a0841e2410bf9d735737436cf0e85
-
SHA512
0c88abb5f9192d77a80c3e3544c499fe3895ca924f4d89bf0970a0136adfcac1e0afd6a9734fafcc1824c2139f638b82d49065fcb1551d9adb20d7bda861b066
-
Renames multiple (169) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
-
Possible privilege escalation attempt
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Credentials from Password Stores: Windows Credential Manager
Suspicious access to Credentials History.
-
Loads dropped DLL
-
Modifies file permissions
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
MITRE ATT&CK Enterprise v15
Credential Access
Credentials from Password Stores
2Credentials from Web Browsers
1Windows Credential Manager
1Unsecured Credentials
1Credentials In Files
1Discovery
Browser Information Discovery
1Network Share Discovery
1Peripheral Device Discovery
1Query Registry
2System Information Discovery
3System Location Discovery
1System Language Discovery
1System Network Configuration Discovery
1Internet Connection Discovery
1System Time Discovery
1