Analysis
-
max time kernel
298s -
max time network
317s -
platform
windows10_x64 -
resource
win10v20201028 -
submitted
22-11-2020 06:28
Errors
Reason
Machine shutdown
General
-
Target
ch/retreaver.js
-
Size
15KB
-
MD5
68ec33788ed08f7c0fdd73cbd52c2050
-
SHA1
8e05b9eb9954164dd41b115dfe9f1d57a2860fc8
-
SHA256
71a861100e206eeee88876cd5313553e0fdc07046cce33a1a96b96d9485070e1
-
SHA512
2bfd61e5aa56d37f7778be5db6bbcec88dd3683cc364317b058fac3ae4c018ba156b16344a6fbe94b41933b42ce059d53afa82aa6656540574f45dff3e24e0a3
Score
8/10
Malware Config
Signatures
-
Modifies WinLogon to allow AutoLogon 2 TTPs 1 IoCs
Enables rebooting of the machine without requiring login credentials.
-
Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
-
Checks processor information in registry 2 TTPs 3 IoCs
Processor information is often read in order to detect sandboxing environments.
-
Modifies data under HKEY_USERS 15 IoCs
-
Suspicious use of SetWindowsHookEx 2 IoCs
-
Suspicious use of WriteProcessMemory 9 IoCs
Processes
-
C:\Windows\system32\wscript.exewscript.exe C:\Users\Admin\AppData\Local\Temp\ch\retreaver.js1⤵
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe"1⤵
- Suspicious use of WriteProcessMemory
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe"2⤵
- Checks processor information in registry
-
C:\Windows\system32\LogonUI.exe"LogonUI.exe" /flags:0x0 /state0:0xa3ad5055 /state1:0x41c64e6d1⤵
- Modifies WinLogon to allow AutoLogon
- Modifies data under HKEY_USERS
- Suspicious use of SetWindowsHookEx
Network
MITRE ATT&CK Matrix ATT&CK v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/1796-0-0x0000000000000000-mapping.dmp