Extracted

Extracted

• • Target

    #U6ce8#U6587#U4ed5#U69d8#U66f8.vbs

  • Size

    562KB

  • MD5

    29234d373b3118d99da44ae211f227a5

  • SHA1

    f084f4248be8e1e13e4c6ddf5388e7eafc4a6b4a

  • SHA256

    bbe996677004e41892ef43be26231157cda3f364730f1af522dbdca9816e03a3

  • SHA512

    d434084bf1b635b527ac6b715a8a22202387699a522c759265f6e7f01e369cefeec62c87b582a2ad29711c7524af15c5d66b45cd038732cad44df3ab3e97c1f7

  • SSDEEP

    1536:kmmmmmmmmmmmmmmmmmmyFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFl:pP

  Score

  10^/10

  executiondefense_evasion

  • Blocklisted process makes network request

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Drops startup file

  • Command and Scripting Interpreter: PowerShell

    Using powershell.exe command.

    execution

  • Indicator Removal: File Deletion

    Adversaries may delete files left behind by the actions of their intrusion activity.

    defense_evasion
  behavioral1behavioral2