General
-
Target
run.vbs
-
Size
272B
-
Sample
240703-kqej2syhjm
-
MD5
46c5d7837d0f3b90e0844cd3a236b31b
-
SHA1
ddd1c7011dc3d966ba75ede6bc1956d20f787ebd
-
SHA256
6eec9a6b40d0c5544d0525db2247d88f780751a5af6ca929bb6757e8ca28f25c
-
SHA512
f89be3de8d250e7a4626d0a55b82ff2e11e78e29f31746e04b67f8e7a073862d4febfab0771367d7c058b9726d078b9987faa890b8aec50e5b019f5ad71ad638
Static task
static1
Behavioral task
behavioral1
Sample
run.vbs
Resource
win7-20240508-en
Behavioral task
behavioral2
Sample
run.vbs
Resource
win10v2004-20240611-en
Malware Config
Targets
-
-
Target
run.vbs
-
Size
272B
-
MD5
46c5d7837d0f3b90e0844cd3a236b31b
-
SHA1
ddd1c7011dc3d966ba75ede6bc1956d20f787ebd
-
SHA256
6eec9a6b40d0c5544d0525db2247d88f780751a5af6ca929bb6757e8ca28f25c
-
SHA512
f89be3de8d250e7a4626d0a55b82ff2e11e78e29f31746e04b67f8e7a073862d4febfab0771367d7c058b9726d078b9987faa890b8aec50e5b019f5ad71ad638
Score8/10-
Drops file in Drivers directory
-
Manipulates Digital Signatures
Attackers can apply techniques such as modifying certain DLL exports to make their binary seem valid.
-
Possible privilege escalation attempt
-
Boot or Logon Autostart Execution: Print Processors
Adversaries may abuse print processors to run malicious DLLs during system boot for persistence and/or privilege escalation.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Modifies file permissions
-
Drops file in System32 directory
-
Modifies termsrv.dll
Commonly used to allow simultaneous RDP sessions.
-