da339343b6578b3dac71c6936cb6ab35b22ad3bc3bee03b82e8a07f7b615834a

Analysis

max time kernel
120s
max time network
98s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
02/10/2024, 00:42

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

xxx.vbs
Size

1KB
MD5

1e8a915679747d307aad101cfe59e04b
SHA1

b11c1d5838b1ed170cf27a5c70fd8034b3a75e9e
SHA256

5eef4b9d49eda768ffce6d5613c115c9087c4000821473e0ca18089c863a1d20
SHA512

609e5b00cfc297fcd2d5132d98046da0065c39c2d806e8f87ce58eb696709aabc2ffda6c3f5ebdf2ec1a8483a562b9887b46ee2806621e7973cae576de255673

Score

7^/10

Malware Config

Signatures

Deletes itself 1 IoCs

pid	Process
2552	WScript.exe

Drops autorun.inf file 1 TTPs 22 IoCs

Malware can abuse Windows Autorun to spread further via attached volumes.

Replication Through Removable Media

T1091

description	ioc	Process
File opened for modification	C:\Program Files (x86).exe\Autorun.inf	WScript.exe
File opened for modification	C:\ProgramData.exe\Autorun.inf	WScript.exe
File created	C:\PerfLogs.exe\Autorun.inf	WScript.exe
File created	C:\Program Files.exe\Autorun.inf	WScript.exe
File created	C:\Users.exe\Autorun.inf	WScript.exe
File created	F:\$RECYCLE.BIN.exe\Autorun.inf	WScript.exe
File opened for modification	C:\$Recycle.Bin.exe\Autorun.inf	WScript.exe
File opened for modification	C:\Program Files.exe\Autorun.inf	WScript.exe
File created	C:\$Recycle.Bin.exe\Autorun.inf	WScript.exe
File created	C:\Windows.exe\Autorun.inf	WScript.exe
File opened for modification	C:\Documents and Settings.exe\Autorun.inf	WScript.exe
File opened for modification	C:\PerfLogs.exe\Autorun.inf	WScript.exe
File opened for modification	C:\Recovery.exe\Autorun.inf	WScript.exe
File created	C:\ProgramData.exe\Autorun.inf	WScript.exe
File created	C:\Recovery.exe\Autorun.inf	WScript.exe
File created	C:\System Volume Information.exe\Autorun.inf	WScript.exe
File created	F:\System Volume Information\Autorun.inf	WScript.exe
File opened for modification	C:\Users.exe\Autorun.inf	WScript.exe
File opened for modification	C:\Windows.exe\Autorun.inf	WScript.exe
File created	C:\Documents and Settings.exe\Autorun.inf	WScript.exe
File created	C:\Program Files (x86).exe\Autorun.inf	WScript.exe
File opened for modification	C:\System Volume Information.exe\Autorun.inf	WScript.exe

Drops file in System32 directory 1 IoCs

description	ioc	Process
File opened for modification	C:\WINDOWS\system32\tskill.exe	WScript.exe

C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\xxx.vbs"
1⤵
- Deletes itself
- Drops autorun.inf file
- Drops file in System32 directory
PID:2552

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Replication Through Removable Media

T1091

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Lateral Movement

Replication Through Removable Media

T1091

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files (x86).exe\Autorun.inf

Filesize
29B

MD5
7afeb1e32761c36a8b84b9eac7250254

SHA1
80387155baa45a7232f33bc4b8320fa54949f340

SHA256
b5ee2e4c64401b030f662651eef7ad35f2e5553e73532afdd2c497e4e94197e1

SHA512
5bb416d9b4af6bfc54d87de30e8ce21001c00bc4026db6eaa20e6e21613bd854eebbe34bff0ae4562c0d99332507c7f4762abe082d75a71094ed9a01d8093126

Download Submit
C:\Program Files (x86).exe\fun.xls.exe

Filesize
24KB

MD5
2393d4f762fb671d92a59388109c24d4

SHA1
2e27346b7cff97619923c3e3199e68e7b91d142b

SHA256
8d9373ebd69f42153b0b47dbda2174811599db91630651ca01627ac1795f8d56

SHA512
9eaa9cd2813f8864244547fbc81ba6759f63e32f73ed2394dfa311ff60a9727e47dbdcf42d1aafb5e6c5a40a43a83ae32f5fa443083319f5b6b1e73457c59758

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads