0d7dc074be83f1096f39ba95bfc4e1a17c411dbed0e5eeeb48e88a12d79b541c | Triage

Analysis

max time kernel
117s
max time network
122s
platform
windows7_x64
resource
win7
submitted
07/07/2020, 18:18

Sharing

Report Analysis Logs

General

Target

media.js
Size

11KB
MD5

2b33321ead1744461759d9c092b3c7d4
SHA1

00f9f9aa1c82a76619489d8930e6edaf1da0a9a4
SHA256

0d7dc074be83f1096f39ba95bfc4e1a17c411dbed0e5eeeb48e88a12d79b541c
SHA512

e5fcf2d8124f168623389d2107cd806abcc8cb8b2c6d7ebce0167f01f086fda53e1c6d68a5dab9fb207e709a7ba9b7f975ca60a793bc8521c037c60aacaa60cd

Score

7^/10

Malware Config

Signatures

Deletes itself 1 IoCs

pid	Process
1492	wscript.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1492 wrote to memory of 788	1492	wscript.exe	24
PID 1492 wrote to memory of 788	1492	wscript.exe	24
PID 1492 wrote to memory of 788	1492	wscript.exe	24

C:\Windows\system32\wscript.exe
wscript.exe C:\Users\Admin\AppData\Local\Temp\media.js
1⤵
- Deletes itself
- Suspicious use of WriteProcessMemory
PID:1492
- C:\Windows\System32\cscript.exe
  "C:\Windows\System32\cscript.exe" "C:\Users\Admin\AppData\Local\Microsoft\Credentials\MediaPlayer\VideoManager\media.js"
  2⤵
  PID:788

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/788-3-0x00000000025C0000-0x00000000025C4000-memory.dmp

Filesize
16KB

Download
memory/1492-1-0x0000000002380000-0x0000000002384000-memory.dmp

Filesize
16KB

Download