Analysis Overview
score
10/10
SHA256
695bfd905f8fe2930abb9ce71ab443e61eed246a674e67e5744ee0c74f2dcfd5
Threat Level: Known bad
The file As collective agreement 2020 (84718).zip was found to be: Known bad.
Malicious Activity Summary
GootLoader
Blocklisted process makes network request
Script User-Agent
MITRE ATT&CK
N/A
Analysis: static1
Detonation Overview
Reported
2022-08-12 10:12
Signatures
N/A
Analysis: behavioral1
Detonation Overview
Submitted
2022-08-12 10:12
Reported
2022-08-12 10:18
Platform
win10v2004-20220721-en
Max time kernel
265s
Max time network
269s
Command Line
wscript.exe "C:\Users\Admin\AppData\Local\Temp\As_collective_agreement_2020 (ia).js"
Signatures
GootLoader
Blocklisted process makes network request
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\wscript.exe | N/A |
| N/A | N/A | C:\Windows\system32\wscript.exe | N/A |
| N/A | N/A | C:\Windows\system32\wscript.exe | N/A |
Script User-Agent
| Description | Indicator | Process | Target |
| HTTP User-Agent header | Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5) | N/A | N/A |
| HTTP User-Agent header | Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5) | N/A | N/A |
| HTTP User-Agent header | Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5) | N/A | N/A |
Processes
C:\Windows\system32\wscript.exe
wscript.exe "C:\Users\Admin\AppData\Local\Temp\As_collective_agreement_2020 (ia).js"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 181.236.124.100.in-addr.arpa | udp |
| JP | 13.78.111.198:443 | tcp | |
| US | 209.197.3.8:80 | tcp | |
| US | 209.197.3.8:80 | tcp | |
| US | 209.197.3.8:80 | tcp | |
| US | 8.8.8.8:53 | www.luftbild-chemnitz.de | udp |
| N/A | 100.68.138.152:443 | www.luftbild-chemnitz.de | tcp |
| US | 8.8.8.8:53 | www.ludovicmarque.fr | udp |
| N/A | 100.115.194.185:443 | www.ludovicmarque.fr | tcp |
| US | 8.8.8.8:53 | www.lucianofranz.it | udp |
| N/A | 100.112.61.172:443 | www.lucianofranz.it | tcp |
Files
N/A