Malware Analysis Report

2024-11-16 15:45

Sample ID 241109-alx6gstamn
Target xyz.vbs
SHA256 92a8cc4e385f170db300de8d423686eeeec72a32475a9356d967bee9e3453138
Tags
discovery
score
8/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
8/10

SHA256

92a8cc4e385f170db300de8d423686eeeec72a32475a9356d967bee9e3453138

Threat Level: Likely malicious

The file xyz.vbs was found to be: Likely malicious.

Malicious Activity Summary

discovery

Blocklisted process makes network request

System Location Discovery: System Language Discovery

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-11-09 00:18

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-11-09 00:18

Reported

2024-11-09 00:55

Platform

win11-20241007-en

Max time kernel

600s

Max time network

434s

Command Line

C:\Windows\SysWOW64\mshta.exe "C:\Users\Admin\AppData\Local\Temp\xyz.hta" {1E460BD7-F1C3-4B2E-88BF-4E770A288AF5}{1E460BD7-F1C3-4B2E-88BF-4E770A288AF5}

Signatures

Blocklisted process makes network request

Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\mshta.exe N/A
N/A N/A C:\Windows\SysWOW64\mshta.exe N/A
N/A N/A C:\Windows\SysWOW64\mshta.exe N/A
N/A N/A C:\Windows\SysWOW64\mshta.exe N/A
N/A N/A C:\Windows\SysWOW64\mshta.exe N/A

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\mshta.exe N/A

Processes

C:\Windows\SysWOW64\mshta.exe

C:\Windows\SysWOW64\mshta.exe "C:\Users\Admin\AppData\Local\Temp\xyz.hta" {1E460BD7-F1C3-4B2E-88BF-4E770A288AF5}{1E460BD7-F1C3-4B2E-88BF-4E770A288AF5}

Network

Country Destination Domain Proto
US 8.8.8.8:53 support.google.com udp
GB 172.217.169.14:443 support.google.com tcp
GB 142.250.187.227:80 o.pki.goog tcp
GB 142.250.187.227:80 o.pki.goog tcp
GB 142.250.187.227:80 o.pki.goog tcp
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 227.187.250.142.in-addr.arpa udp

Files

N/A