da339343b6578b3dac71c6936cb6ab35b22ad3bc3bee03b82e8a07f7b615834a

Analysis

max time kernel
122s
max time network
123s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
02/10/2024, 00:42

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

xxx.vbs
Size

1KB
MD5

1e8a915679747d307aad101cfe59e04b
SHA1

b11c1d5838b1ed170cf27a5c70fd8034b3a75e9e
SHA256

5eef4b9d49eda768ffce6d5613c115c9087c4000821473e0ca18089c863a1d20
SHA512

609e5b00cfc297fcd2d5132d98046da0065c39c2d806e8f87ce58eb696709aabc2ffda6c3f5ebdf2ec1a8483a562b9887b46ee2806621e7973cae576de255673

Score

7^/10

Malware Config

Signatures

Deletes itself 1 IoCs

pid	Process
2156	WScript.exe

Drops autorun.inf file 1 TTPs 23 IoCs

Malware can abuse Windows Autorun to spread further via attached volumes.

Replication Through Removable Media

T1091

description	ioc	Process
File created	C:\MSOCache.exe\Autorun.inf	WScript.exe
File created	C:\PerfLogs.exe\Autorun.inf	WScript.exe
File created	C:\Program Files.exe\Autorun.inf	WScript.exe
File created	C:\Recovery.exe\Autorun.inf	WScript.exe
File created	F:\$RECYCLE.BIN.exe\Autorun.inf	WScript.exe
File opened for modification	C:\MSOCache.exe\Autorun.inf	WScript.exe
File opened for modification	C:\PerfLogs.exe\Autorun.inf	WScript.exe
File created	C:\$Recycle.Bin.exe\Autorun.inf	WScript.exe
File opened for modification	C:\Program Files (x86).exe\Autorun.inf	WScript.exe
File opened for modification	C:\Windows.exe\Autorun.inf	WScript.exe
File opened for modification	C:\Program Files.exe\Autorun.inf	WScript.exe
File opened for modification	C:\Recovery.exe\Autorun.inf	WScript.exe
File opened for modification	C:\System Volume Information.exe\Autorun.inf	WScript.exe
File created	C:\Program Files (x86).exe\Autorun.inf	WScript.exe
File created	C:\ProgramData.exe\Autorun.inf	WScript.exe
File created	C:\Windows.exe\Autorun.inf	WScript.exe
File opened for modification	C:\ProgramData.exe\Autorun.inf	WScript.exe
File created	C:\Documents and Settings.exe\Autorun.inf	WScript.exe
File created	C:\Users.exe\Autorun.inf	WScript.exe
File opened for modification	C:\$Recycle.Bin.exe\Autorun.inf	WScript.exe
File opened for modification	C:\Documents and Settings.exe\Autorun.inf	WScript.exe
File opened for modification	C:\Users.exe\Autorun.inf	WScript.exe
File created	C:\System Volume Information.exe\Autorun.inf	WScript.exe

Drops file in System32 directory 1 IoCs

description	ioc	Process
File opened for modification	C:\WINDOWS\system32\tskill.exe	WScript.exe

C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\xxx.vbs"
1⤵
- Deletes itself
- Drops autorun.inf file
- Drops file in System32 directory
PID:2156

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Replication Through Removable Media

T1091

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Lateral Movement

Replication Through Removable Media

T1091

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files.exe\Autorun.inf

Filesize
29B

MD5
7afeb1e32761c36a8b84b9eac7250254

SHA1
80387155baa45a7232f33bc4b8320fa54949f340

SHA256
b5ee2e4c64401b030f662651eef7ad35f2e5553e73532afdd2c497e4e94197e1

SHA512
5bb416d9b4af6bfc54d87de30e8ce21001c00bc4026db6eaa20e6e21613bd854eebbe34bff0ae4562c0d99332507c7f4762abe082d75a71094ed9a01d8093126

Download Submit
C:\Program Files.exe\fun.xls.exe

Filesize
23KB

MD5
8dd050afac250837df42514def72b2e2

SHA1
32b63dfe517d5c871c9516ec3e20d7de6c85f813

SHA256
db234fbe892ff24cb318467925c8c0b267b19e3e58e84392c833f301c9904621

SHA512
99818e609c41025a63d2b8d1f23ad013c3e08bc4f81b6da407adc553b407e5f82a0a51c892c571db9194ef145ee403852ac000b2aa82135d57dc590d2cda42ad

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads