Malware Analysis Report

2024-11-30 20:55

Sample ID 220818-qvyrdaabb6
Target 18-Aug-7892746132.zip
SHA256 3900b9213c574231b117b06b5a7cf3426d5c4458d75fa65a2baae7ff60ca6bdf
Tags
score
8/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral4

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral3

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
8/10

SHA256

3900b9213c574231b117b06b5a7cf3426d5c4458d75fa65a2baae7ff60ca6bdf

Threat Level: Likely malicious

The file 18-Aug-7892746132.zip was found to be: Likely malicious.

Malicious Activity Summary


Blocklisted process makes network request

MITRE ATT&CK

N/A

Analysis: static1

Detonation Overview

Reported

2022-08-18 13:35

Signatures

N/A

Analysis: behavioral4

Detonation Overview

Submitted

2022-08-18 13:35

Reported

2022-08-18 13:38

Platform

win7-20220812-en

Max time kernel

117s

Max time network

130s

Command Line

wscript.exe C:\Users\Admin\AppData\Local\Temp\ef5918cad072c9ef777a7fe004dadec8dd9af3fcd5036f9161cd8ff97f04c623.js

Signatures

Blocklisted process makes network request

Description Indicator Process Target
N/A N/A C:\Windows\system32\wscript.exe N/A

Processes

C:\Windows\system32\wscript.exe

wscript.exe C:\Users\Admin\AppData\Local\Temp\ef5918cad072c9ef777a7fe004dadec8dd9af3fcd5036f9161cd8ff97f04c623.js

Network

Country Destination Domain Proto
US 8.8.8.8:53 www.lukeamiller.net udp
US 69.163.163.127:443 www.lukeamiller.net tcp

Files

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2022-08-18 13:35

Reported

2022-08-18 13:38

Platform

win7-20220812-en

Max time kernel

45s

Max time network

48s

Command Line

wscript.exe "C:\Users\Admin\AppData\Local\Temp\Sample_referral_agreement_contract (eje).js"

Signatures

N/A

Processes

C:\Windows\system32\wscript.exe

wscript.exe "C:\Users\Admin\AppData\Local\Temp\Sample_referral_agreement_contract (eje).js"

Network

N/A

Files

N/A

Analysis: behavioral2

Detonation Overview

Submitted

2022-08-18 13:35

Reported

2022-08-18 13:38

Platform

win7-20220812-en

Max time kernel

115s

Max time network

128s

Command Line

wscript.exe C:\Users\Admin\AppData\Local\Temp\3388d4b4242b1c842cf37a0642566e2eb5ddd8aaac575269082023fc26ac32fa.js

Signatures

Blocklisted process makes network request

Description Indicator Process Target
N/A N/A C:\Windows\system32\wscript.exe N/A

Processes

C:\Windows\system32\wscript.exe

wscript.exe C:\Users\Admin\AppData\Local\Temp\3388d4b4242b1c842cf37a0642566e2eb5ddd8aaac575269082023fc26ac32fa.js

Network

Country Destination Domain Proto
US 8.8.8.8:53 www.lukeamiller.net udp
US 69.163.163.127:443 www.lukeamiller.net tcp

Files

N/A

Analysis: behavioral3

Detonation Overview

Submitted

2022-08-18 13:35

Reported

2022-08-18 13:38

Platform

win7-20220812-en

Max time kernel

96s

Max time network

109s

Command Line

wscript.exe "C:\Users\Admin\AppData\Local\Temp\Tenant_snow_removal_agreement_ontario (mgrrf).js"

Signatures

Blocklisted process makes network request

Description Indicator Process Target
N/A N/A C:\Windows\system32\wscript.exe N/A

Processes

C:\Windows\system32\wscript.exe

wscript.exe "C:\Users\Admin\AppData\Local\Temp\Tenant_snow_removal_agreement_ontario (mgrrf).js"

Network

Country Destination Domain Proto
US 8.8.8.8:53 www.lukeamiller.net udp
US 69.163.163.127:443 www.lukeamiller.net tcp

Files

N/A