769019924ac4593ddb11d952ea5151251f38af03725e6bf355cd5be96476b379 | Triage

Analysis

max time kernel
90s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20220414-en
submitted
05-07-2022 15:00

Sharing

Report Analysis Logs

General

Target

769019924ac4593ddb11d952ea5151251f38af03725e6bf355cd5be96476b379.js
Size

16KB
MD5

2d75516340d8c06d9ba82d0b2e7774d5
SHA1

060f1e52a2493d7c5d26a397f0b3d4c311c1a897
SHA256

769019924ac4593ddb11d952ea5151251f38af03725e6bf355cd5be96476b379
SHA512

0fbed75c03e40ddc9d918b1415249b93271d6eaaede914853742c342736f4b844413c9ed7f57e802cefcc0b486b0dbc9bccee5a7af404f5a7028294681536862

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 4 IoCs

Processes:

wscript.exe

description	pid	process	target process
PID 3988 wrote to memory of 4672	3988	wscript.exe	rundll32.exe
PID 3988 wrote to memory of 4672	3988	wscript.exe	rundll32.exe
PID 3988 wrote to memory of 4672	3988	wscript.exe	rundll32.exe
PID 3988 wrote to memory of 4672	3988	wscript.exe	rundll32.exe

C:\Windows\system32\wscript.exe
wscript.exe C:\Users\Admin\AppData\Local\Temp\769019924ac4593ddb11d952ea5151251f38af03725e6bf355cd5be96476b379.js
1⤵
- Suspicious use of WriteProcessMemory
PID:3988

C:\Windows\SysWOW64\rundll32.exe
"C:\Windows\SysWOW64\rundll32.exe"
2⤵
PID:4672

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...