dad9b44c48d3ac1c59c5932e5dab027ed3490837b17fcd309cf8cf88b9e6177b | Triage

Analysis

max time kernel
134s
max time network
149s
platform
windows10_x64
resource
win10v20201028
submitted
14-01-2021 06:57

Sharing

Report Analysis Logs

General

Target

PO_1.js
Size

27KB
MD5

753cadffd688f70359f5d31016003168
SHA1

afe08bf2b6a2d5e74719d843c9ebc710da380536
SHA256

dad9b44c48d3ac1c59c5932e5dab027ed3490837b17fcd309cf8cf88b9e6177b
SHA512

86ddf57de4b48e37c9c0b8adcd654a00a92340e549a9a1996327d087275b57dbcadec22edcac8b01ff66b93ee50650ef49fdd582d768cbdf4df8083ffd514600

Score

8^/10

Malware Config

Signatures

Blocklisted process makes network request 4 IoCs

Processes:

wscript.exe

flow pid process

6 2432 wscript.exe
9 2432 wscript.exe
11 2432 wscript.exe
14 2432 wscript.exe

Drops startup file 2 IoCs

Processes:

wscript.exe

description	ioc	process
File created	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\PO_1.js	wscript.exe
File opened for modification	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\PO_1.js	wscript.exe

C:\Windows\system32\wscript.exe
wscript.exe C:\Users\Admin\AppData\Local\Temp\PO_1.js
1⤵
- Blocklisted process makes network request
- Drops startup file
PID:2432

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2432-2-0x000001BBB6EB0000-0x000001BBB6EB4000-memory.dmp

Filesize
16KB

Download