Analysis

  • max time kernel
    99s
  • max time network
    141s
  • platform
    windows10-ltsc 2021_x64
  • resource
    win10ltsc2021-20241023-en
  • resource tags

    arch:x64arch:x86image:win10ltsc2021-20241023-enlocale:en-usos:windows10-ltsc 2021-x64system
  • submitted
    06/11/2024, 01:33

General

  • Target

    beyonce.vbs

  • Size

    4KB

  • MD5

    32266bde0618e4ad40ead7106186dfe2

  • SHA1

    afba2df4d46861c5853d06fbcb16c50f2d974cc6

  • SHA256

    c1704a350997740dc308167a2a639137daa4a817b8c9b6336993ca0bb50bb77e

  • SHA512

    1756b06fd8b376bb9f337b504f3473a2b890c4c299301f01377b9edfa53fbc2149ba15b0690f97b204b04feba780986ac86ec83f45fe5072c60306f3f6894d9e

  • SSDEEP

    96:i3hIZ1dmCFIQkjtWoGzxlpJRF0Lw/aODsPQLw/LP5Lw/ELw/J:dZu07ClGzjp6Lw/aOD8QLw/L5Lw/ELwR

Score
7/10

Malware Config

Signatures

  • Checks computer location settings 2 TTPs 1 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Sets desktop wallpaper using registry 2 TTPs 1 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies Control Panel 2 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Windows\System32\WScript.exe
    "C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\beyonce.vbs"
    1⤵
    • Checks computer location settings
    • Sets desktop wallpaper using registry
    • Modifies Control Panel
    • Suspicious use of WriteProcessMemory
    PID:3092
    • C:\Windows\System32\rundll32.exe
      "C:\Windows\System32\rundll32.exe" user32.dll,UpdatePerUserSystemParameters
      2⤵
        PID:2304
      • C:\Windows\System32\rundll32.exe
        "C:\Windows\System32\rundll32.exe" user32.dll,UpdatePerUserSystemParameters
        2⤵
          PID:4108

      Network

            MITRE ATT&CK Enterprise v15

            Replay Monitor

            Loading Replay Monitor...

            Downloads