9a4236eb1c2299636ddaa2da63f2aa9a10dc27f7aadd93fec141f5be199ca9cd | Triage

Submit
Reports

Overview

overview

Static

static

WinRing0x64.sys

windows7-x64

1

WinRing0x64.sys

windows10-2004-x64

1

go.exe

windows7-x64

9

go.exe

windows10-2004-x64

9

mozilla.vbs

windows7-x64

8

mozilla.vbs

windows10-2004-x64

8

mservice.exe

windows7-x64

1

mservice.exe

windows10-2004-x64

1

mservice.vbs

windows7-x64

3

mservice.vbs

windows10-2004-x64

3

ps.exe

windows7-x64

7

ps.exe

windows10-2004-x64

7

sarmat.vbs

windows7-x64

1

sarmat.vbs

windows10-2004-x64

1

Analysis

max time kernel
140s
max time network
139s
platform
windows10-2004_x64
resource
win10v2004-20250313-en
resource tags

arch:x64arch:x86image:win10v2004-20250313-enlocale:en-usos:windows10-2004-x64system
submitted
28/03/2025, 15:12

Sharing

Static task

static1

upx miner xmrig

6 signatures

Behavioral task

behavioral1

Sample

WinRing0x64.sys

Resource

win7-20240903-en

windows7-x64

0 signatures

150 seconds

Behavioral task

behavioral2

Sample

WinRing0x64.sys

Resource

win10v2004-20250314-en

windows10-2004-x64

0 signatures

150 seconds

Behavioral task

behavioral3

Sample

go.exe

Resource

win7-20241010-en

discovery spyware stealer upx

windows7-x64

5 signatures

150 seconds

Behavioral task

behavioral4

Sample

go.exe

Resource

win10v2004-20250314-en

discovery spyware stealer upx

windows10-2004-x64

5 signatures

150 seconds

Behavioral task

behavioral5

Sample

mozilla.vbs

Resource

win7-20240903-en

spyware stealer

windows7-x64

6 signatures

150 seconds

Behavioral task

behavioral6

Sample

mozilla.vbs

Resource

win10v2004-20250313-en

spyware stealer

windows10-2004-x64

7 signatures

150 seconds

Behavioral task

behavioral7

Sample

mservice.exe

Resource

win7-20250207-en

windows7-x64

0 signatures

150 seconds

Behavioral task

behavioral8

Sample

mservice.exe

Resource

win10v2004-20250314-en

windows10-2004-x64

0 signatures

150 seconds

Behavioral task

behavioral9

Sample

mservice.vbs

Resource

win7-20241010-en

windows7-x64

1 signatures

150 seconds

Behavioral task

behavioral10

Sample

mservice.vbs

Resource

win10v2004-20250314-en

windows10-2004-x64

1 signatures

150 seconds

Behavioral task

behavioral11

Sample

ps.exe

Resource

win7-20240903-en

discovery spyware stealer

windows7-x64

4 signatures

150 seconds

Behavioral task

behavioral12

Sample

ps.exe

Resource

win10v2004-20250314-en

discovery spyware stealer

windows10-2004-x64

4 signatures

150 seconds

Behavioral task

behavioral13

Sample

sarmat.vbs

Resource

win7-20240903-en

windows7-x64

0 signatures

150 seconds

Behavioral task

behavioral14

Sample

sarmat.vbs

Resource

win10v2004-20250313-en

windows10-2004-x64

0 signatures

150 seconds

Report Analysis Logs

General

Target

sarmat.vbs
Size

2KB
MD5

08ad7921ec11078118f3aeb89e177c3f
SHA1

633197ee0570ba80cfe2358bbc483b64d84e838b
SHA256

e66da8042513b237ce1be98a5291c61ade2a8ebdb87b6aeb4eb9e200b38afc53
SHA512

009fe96d10fbcd751c41b7738d7e7c2748df0f0f4c6a206c973e19d93116de5d4906568236ec904b74302d12467126b383f3980e3351dccd6f0232b211abd061

Score

1^/10

Malware Config

Signatures

Processes

C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\sarmat.vbs"
1⤵
PID:3516

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

© 2018-2025

Terms | Privacy