General
-
Target
script.vbs
-
Size
1019B
-
Sample
241011-s419zazdpb
-
MD5
8ae0e65f9d9144c1488523278ad89cba
-
SHA1
8ae2f0a6df8cd00025722a7d9886987527b7db58
-
SHA256
a87d04d8757e41482bc19cd0ead2948fd7a5f40aac33f1834f5972579578d79a
-
SHA512
59b645105175d23c0be34e02a5f77eddbdf09268caf94f5dae5e9e0d876d3bad46ed035254850973243388c384d8a2fee49e873258d9fe9725b1de1843ae9917
Static task
static1
Behavioral task
behavioral1
Sample
script.vbs
Resource
win7-20240708-en
Behavioral task
behavioral2
Sample
script.vbs
Resource
win10v2004-20241007-en
Malware Config
Targets
-
-
Target
script.vbs
-
Size
1019B
-
MD5
8ae0e65f9d9144c1488523278ad89cba
-
SHA1
8ae2f0a6df8cd00025722a7d9886987527b7db58
-
SHA256
a87d04d8757e41482bc19cd0ead2948fd7a5f40aac33f1834f5972579578d79a
-
SHA512
59b645105175d23c0be34e02a5f77eddbdf09268caf94f5dae5e9e0d876d3bad46ed035254850973243388c384d8a2fee49e873258d9fe9725b1de1843ae9917
Score8/10-
Drops file in Drivers directory
-
Manipulates Digital Signatures
Attackers can apply techniques such as modifying certain DLL exports to make their binary seem valid.
-
Possible privilege escalation attempt
-
Boot or Logon Autostart Execution: Print Processors
Adversaries may abuse print processors to run malicious DLLs during system boot for persistence and/or privilege escalation.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Indicator Removal: Clear Windows Event Logs
Clear Windows Event Logs to hide the activity of an intrusion.
-
Modifies file permissions
-
Drops file in System32 directory
-
Modifies termsrv.dll
Commonly used to allow simultaneous RDP sessions.
-