General
-
Target
code.vbs
-
Size
932B
-
Sample
241002-chkr4a1hmq
-
MD5
b935eb34f52288a044156ae83bad70bc
-
SHA1
692b3649427cbab62b40fb17282201e1dd7bf432
-
SHA256
bca0be7848164b3ff7f863edd22fc5ee9f0a0841e2410bf9d735737436cf0e85
-
SHA512
0c88abb5f9192d77a80c3e3544c499fe3895ca924f4d89bf0970a0136adfcac1e0afd6a9734fafcc1824c2139f638b82d49065fcb1551d9adb20d7bda861b066
Static task
static1
Behavioral task
behavioral1
Sample
code.vbs
Resource
win7-20240708-en
Malware Config
Targets
-
-
Target
code.vbs
-
Size
932B
-
MD5
b935eb34f52288a044156ae83bad70bc
-
SHA1
692b3649427cbab62b40fb17282201e1dd7bf432
-
SHA256
bca0be7848164b3ff7f863edd22fc5ee9f0a0841e2410bf9d735737436cf0e85
-
SHA512
0c88abb5f9192d77a80c3e3544c499fe3895ca924f4d89bf0970a0136adfcac1e0afd6a9734fafcc1824c2139f638b82d49065fcb1551d9adb20d7bda861b066
-
Renames multiple (174) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
-
Possible privilege escalation attempt
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Credentials from Password Stores: Windows Credential Manager
Suspicious access to Credentials History.
-
Modifies file permissions
-
MITRE ATT&CK Enterprise v15
Credential Access
Credentials from Password Stores
2Credentials from Web Browsers
1Windows Credential Manager
1Unsecured Credentials
1Credentials In Files
1