Analysis
-
max time kernel
118s -
max time network
120s -
platform
windows7_x64 -
resource
win7-20240903-en -
resource tags
arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system -
submitted
06/11/2024, 01:43
Static task
static1
Behavioral task
behavioral1
Sample
beyonce.vbs
Resource
win7-20240903-en
4 signatures
150 seconds
Behavioral task
behavioral2
Sample
beyonce.vbs
Resource
win10v2004-20241007-en
5 signatures
150 seconds
General
-
Target
beyonce.vbs
-
Size
4KB
-
MD5
f0851ac478cedcd64a191cd2e349098b
-
SHA1
042f1afb5960823743d0fb3823830c8beed0238a
-
SHA256
72ad164331447ec764eb7e49e092b87bb32288b7bf8e9482cc273a056b1b33f5
-
SHA512
d507a9d9e205745e6ebf9bfc96508954d8c93a3c9119cccae3560ba8e052398f6361e87708a2006d094fb4cffc94506ad887806f50b87ea5baad1366656676b9
-
SSDEEP
96:i3hIZ1dmCFIQkjtWoGzxlpJRF06/kTAODsPQ6/6T5P56/kTm6/kTU:dZu07ClGzjp66/ksOD8Q6/6Z56/ki6/b
Score
5/10
Malware Config
Signatures
-
Sets desktop wallpaper using registry 2 TTPs 1 IoCs
description ioc Process Set value (str) \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Control Panel\Desktop\Wallpaper = "https://i.imgur.com/hqqJrDz.jpg" WScript.exe -
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Modifies Control Panel 2 IoCs
description ioc Process Set value (str) \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Control Panel\Desktop\WallpaperStyle = "2" WScript.exe Key created \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Control Panel\Desktop WScript.exe -
Suspicious use of WriteProcessMemory 6 IoCs
description pid Process procid_target PID 2124 wrote to memory of 588 2124 WScript.exe 31 PID 2124 wrote to memory of 588 2124 WScript.exe 31 PID 2124 wrote to memory of 588 2124 WScript.exe 31 PID 2124 wrote to memory of 572 2124 WScript.exe 32 PID 2124 wrote to memory of 572 2124 WScript.exe 32 PID 2124 wrote to memory of 572 2124 WScript.exe 32
Processes
-
C:\Windows\System32\WScript.exe"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\beyonce.vbs"1⤵
- Sets desktop wallpaper using registry
- Modifies Control Panel
- Suspicious use of WriteProcessMemory
PID:2124 -
C:\Windows\System32\rundll32.exe"C:\Windows\System32\rundll32.exe" user32.dll,UpdatePerUserSystemParameters2⤵PID:588
-
-
C:\Windows\System32\rundll32.exe"C:\Windows\System32\rundll32.exe" user32.dll,UpdatePerUserSystemParameters2⤵PID:572
-