6eec9a6b40d0c5544d0525db2247d88f780751a5af6ca929bb6757e8ca28f25c | Triage

Submit
Reports

Overview

overview

8

Static

static

1

run.vbs

windows7-x64

8

run.vbs

windows10-2004-x64

8

Sharing

General

Target

run.vbs
Size

272B
Sample

240703-kqej2syhjm
MD5

46c5d7837d0f3b90e0844cd3a236b31b
SHA1

ddd1c7011dc3d966ba75ede6bc1956d20f787ebd
SHA256

6eec9a6b40d0c5544d0525db2247d88f780751a5af6ca929bb6757e8ca28f25c
SHA512

f89be3de8d250e7a4626d0a55b82ff2e11e78e29f31746e04b67f8e7a073862d4febfab0771367d7c058b9726d078b9987faa890b8aec50e5b019f5ad71ad638

Score

8^/10

discovery exploit persistence

Static task

static1

Behavioral task

behavioral1

Sample

run.vbs

Resource

win7-20240508-en

discovery exploit persistence

windows7-x64

9 signatures

150 seconds

Behavioral task

behavioral2

Sample

run.vbs

Resource

win10v2004-20240611-en

discovery exploit persistence

windows10-2004-x64

10 signatures

150 seconds

Malware Config

Targets

- Target
  
  run.vbs
- Size
  
  272B
- MD5
  
  46c5d7837d0f3b90e0844cd3a236b31b
- SHA1
  
  ddd1c7011dc3d966ba75ede6bc1956d20f787ebd
- SHA256
  
  6eec9a6b40d0c5544d0525db2247d88f780751a5af6ca929bb6757e8ca28f25c
- SHA512
  
  f89be3de8d250e7a4626d0a55b82ff2e11e78e29f31746e04b67f8e7a073862d4febfab0771367d7c058b9726d078b9987faa890b8aec50e5b019f5ad71ad638
Score

8^/10

discovery exploit persistence
- Drops file in Drivers directory
- Manipulates Digital Signatures
  Attackers can apply techniques such as modifying certain DLL exports to make their binary seem valid.
- Possible privilege escalation attempt
  exploit
- Boot or Logon Autostart Execution: Print Processors
  Adversaries may abuse print processors to run malicious DLLs during system boot for persistence and/or privilege escalation.
  persistence
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Modifies file permissions
  discovery
- Drops file in System32 directory
- Modifies termsrv.dll
  Commonly used to allow simultaneous RDP sessions.
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Print Processors

Privilege Escalation

Boot or Logon Autostart Execution

Print Processors

Defense Evasion

File and Directory Permissions Modification

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Remote Services

Remote Desktop Protocol

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

discoveryexploitpersistence

behavioral2

discoveryexploitpersistence

© 2018-2024

Terms | Privacy