Analysis Overview
score
10/10
SHA256
30b03ea83d198418654cc98d6cb0eb207c08d26ba93b1397f4938db5c0123d2f
Threat Level: Known bad
The file 7827676144.zip was found to be: Known bad.
Malicious Activity Summary
GootLoader
Blocklisted process makes network request
Script User-Agent
MITRE ATT&CK
N/A
Analysis: static1
Detonation Overview
Reported
2022-08-11 14:45
Signatures
N/A
Analysis: behavioral1
Detonation Overview
Submitted
2022-08-11 14:45
Reported
2022-08-11 14:51
Platform
win10-20220414-en
Max time kernel
198s
Max time network
202s
Command Line
wscript.exe C:\Users\Admin\AppData\Local\Temp\c56f28cfa52beba254f1063b7354ab24a2122912721734a5f4ac16ce16e236c7.js
Signatures
GootLoader
Blocklisted process makes network request
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\wscript.exe | N/A |
| N/A | N/A | C:\Windows\system32\wscript.exe | N/A |
| N/A | N/A | C:\Windows\system32\wscript.exe | N/A |
Script User-Agent
| Description | Indicator | Process | Target |
| HTTP User-Agent header | Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5) | N/A | N/A |
| HTTP User-Agent header | Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5) | N/A | N/A |
| HTTP User-Agent header | Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5) | N/A | N/A |
Processes
C:\Windows\system32\wscript.exe
wscript.exe C:\Users\Admin\AppData\Local\Temp\c56f28cfa52beba254f1063b7354ab24a2122912721734a5f4ac16ce16e236c7.js
Network
| Country | Destination | Domain | Proto |
| GB | 51.132.193.105:443 | tcp | |
| US | 8.8.8.8:53 | www.ludovicmarque.fr | udp |
| N/A | 100.89.3.95:443 | www.ludovicmarque.fr | tcp |
| US | 8.8.8.8:53 | www.lucianofranz.it | udp |
| N/A | 100.96.27.131:443 | www.lucianofranz.it | tcp |
| US | 8.8.8.8:53 | www.leichtathletik-igersheim.de | udp |
| N/A | 100.119.84.155:443 | www.leichtathletik-igersheim.de | tcp |
Files
N/A
Analysis: behavioral2
Detonation Overview
Reported
0001-01-01 00:00
Command Line
N/A
Signatures
N/A
Processes
N/A
Network
N/A
Files
N/A