15a06ed5f3fc9efb44cea8c22819b3350ca0a3bf6d81476c5eab5276fa6f1fa9 | Triage

Submit
Reports

Overview

overview

8

Static

static

1

code.vbs

windows7-x64

8

code.vbs

windows10-2004-x64

8

Sharing

General

Target

code.vbs
Size

271B
Sample

240705-nhtwjsxdlr
MD5

e0f806947d5250e613d90a08aabf53dd
SHA1

8aed8a7c0e7cee223a2c1aa926154ade74c23316
SHA256

15a06ed5f3fc9efb44cea8c22819b3350ca0a3bf6d81476c5eab5276fa6f1fa9
SHA512

71af5e2c1afe5085a69a546ff7893df6c284cc85559220d61da7cb2ea7380138081e327ffe3dfc0f56ff9366e5ec0c96ec5b06e8ef3ff9c92b6135159457f44a

Score

8^/10

discovery exploit

Static task

static1

Behavioral task

behavioral1

Sample

code.vbs

Resource

win7-20240419-en

discovery exploit

windows7-x64

4 signatures

150 seconds

Behavioral task

behavioral2

Sample

code.vbs

Resource

win10v2004-20240704-en

discovery exploit

windows10-2004-x64

5 signatures

150 seconds

Malware Config

Targets

- Target
  
  code.vbs
- Size
  
  271B
- MD5
  
  e0f806947d5250e613d90a08aabf53dd
- SHA1
  
  8aed8a7c0e7cee223a2c1aa926154ade74c23316
- SHA256
  
  15a06ed5f3fc9efb44cea8c22819b3350ca0a3bf6d81476c5eab5276fa6f1fa9
- SHA512
  
  71af5e2c1afe5085a69a546ff7893df6c284cc85559220d61da7cb2ea7380138081e327ffe3dfc0f56ff9366e5ec0c96ec5b06e8ef3ff9c92b6135159457f44a
Score

8^/10

discovery exploit
- Possible privilege escalation attempt
  exploit
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Modifies file permissions
  discovery
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

File and Directory Permissions Modification

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

discoveryexploit

behavioral2

discoveryexploit

© 2018-2024

Terms | Privacy