Analysis
-
max time kernel
41s -
max time network
44s -
platform
windows7_x64 -
resource
win7-20220414-en -
submitted
05-07-2022 15:00
Static task
static1
Behavioral task
behavioral1
Sample
769019924ac4593ddb11d952ea5151251f38af03725e6bf355cd5be96476b379.js
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
769019924ac4593ddb11d952ea5151251f38af03725e6bf355cd5be96476b379.js
Resource
win10v2004-20220414-en
General
-
Target
769019924ac4593ddb11d952ea5151251f38af03725e6bf355cd5be96476b379.js
-
Size
16KB
-
MD5
2d75516340d8c06d9ba82d0b2e7774d5
-
SHA1
060f1e52a2493d7c5d26a397f0b3d4c311c1a897
-
SHA256
769019924ac4593ddb11d952ea5151251f38af03725e6bf355cd5be96476b379
-
SHA512
0fbed75c03e40ddc9d918b1415249b93271d6eaaede914853742c342736f4b844413c9ed7f57e802cefcc0b486b0dbc9bccee5a7af404f5a7028294681536862
Malware Config
Extracted
metasploit
windows/download_exec
http://43.132.121.67:443/H7wf
Signatures
-
MetaSploit
Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.
-
Suspicious use of WriteProcessMemory 8 IoCs
Processes:
wscript.exedescription pid process target process PID 948 wrote to memory of 912 948 wscript.exe rundll32.exe PID 948 wrote to memory of 912 948 wscript.exe rundll32.exe PID 948 wrote to memory of 912 948 wscript.exe rundll32.exe PID 948 wrote to memory of 912 948 wscript.exe rundll32.exe PID 948 wrote to memory of 912 948 wscript.exe rundll32.exe PID 948 wrote to memory of 912 948 wscript.exe rundll32.exe PID 948 wrote to memory of 912 948 wscript.exe rundll32.exe PID 948 wrote to memory of 912 948 wscript.exe rundll32.exe