Overview

overview

8

Static

static

6

1.js

windows7_x64

8

1.js

windows10_x64

8

Analysis

  • max time kernel
    147s
  • max time network
    150s
  • platform
    windows10_x64
  • resource
    win10v20201028
  • submitted
    13-01-2021 06:48

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    1.js

  • Size

    664KB

  • MD5

    069e5d7ddc53d96d7320b821537781f7

  • SHA1

    af4116b7136d4cbf37a1a9351958c574348b23e0

  • SHA256

    84e1944968103d32993f8f4b66f8c64a0c11a830242dd79b11b11436945fbde1

  • SHA512

    ee35a4b22cd17363e27e60b5ba259971d1f4d0f5089a03017156a33f841d908e52e6974814d278b7987e46877c3ad4228a33a029445bc38906e2add22de9d3f8

Score
8/10
persistence

Malware Config

Signatures

  • Blocklisted process makes network request 21 IoCs
  • Drops startup file 2 IoCs
  • Adds Run key to start application 2 TTPs 8 IoCs
    persistence
  • JavaScript code in executable 2 IoCs
  • Looks up external IP address via web service 1 IoCs

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Suspicious use of WriteProcessMemory 2 IoCs

Processes

  • C:\Windows\system32\wscript.exe
    wscript.exe C:\Users\Admin\AppData\Local\Temp\1.js
    1⤵
    • Drops startup file
    • Adds Run key to start application
    • Suspicious use of WriteProcessMemory
    PID:4760
    • C:\Windows\System32\wscript.exe
      "C:\Windows\System32\wscript.exe" //B "C:\Users\Admin\AppData\Roaming\1.js"
      2⤵
      • Blocklisted process makes network request
      • Drops startup file
      • Adds Run key to start application
      PID:3480

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Roaming\1.js
    MD5

    069e5d7ddc53d96d7320b821537781f7

    SHA1

    af4116b7136d4cbf37a1a9351958c574348b23e0

    SHA256

    84e1944968103d32993f8f4b66f8c64a0c11a830242dd79b11b11436945fbde1

    SHA512

    ee35a4b22cd17363e27e60b5ba259971d1f4d0f5089a03017156a33f841d908e52e6974814d278b7987e46877c3ad4228a33a029445bc38906e2add22de9d3f8

    Download Submit
  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\1.js
    MD5

    069e5d7ddc53d96d7320b821537781f7

    SHA1

    af4116b7136d4cbf37a1a9351958c574348b23e0

    SHA256

    84e1944968103d32993f8f4b66f8c64a0c11a830242dd79b11b11436945fbde1

    SHA512

    ee35a4b22cd17363e27e60b5ba259971d1f4d0f5089a03017156a33f841d908e52e6974814d278b7987e46877c3ad4228a33a029445bc38906e2add22de9d3f8

    Download Submit
  • memory/3480-2-0x0000000000000000-mapping.dmp
    Download