Resubmissions

07-09-2022 06:50

220907-hmcvyabca5 10

06-09-2022 14:09

220906-rgfjbaeah2 10

Analysis

  • max time kernel
    141s
  • max time network
    146s
  • platform
    windows7_x64
  • resource
    win7-20220901-en
  • resource tags

    arch:x64arch:x86image:win7-20220901-enlocale:en-usos:windows7-x64system
  • submitted
    06-09-2022 14:09

General

  • Target

    eb6aab9b4b304ddf044b46a574334ffc27299462dedcc46c0a43b6ca9367218e.js

  • Size

    483KB

  • MD5

    5dacd53dfa32f3d43a0ab38e860dda64

  • SHA1

    bd67a50a227e83c857a93bf4022ad5bda0e2e900

  • SHA256

    eb6aab9b4b304ddf044b46a574334ffc27299462dedcc46c0a43b6ca9367218e

  • SHA512

    31ebc81db6dd310844ddfe9d0db659a5d6d9d0f19f3860ae93a69a8ee5c0fa3af8d3d7fc77c753cdd7bb14ee2aeb56bf1b25839d530d1fc7c55a684e923e3c3c

  • SSDEEP

    6144:JQGXyx2ulaxl4IhEfDZxL7Wiagmd4iLAmWR61S9:s+hEfDZxWiagmd4iLAmWR6K

Score
10/10

Malware Config

Signatures

  • GootLoader

    JavaScript loader known for delivering other families such as Gootkit and Cobaltstrike.

  • Blocklisted process makes network request 4 IoCs
  • Modifies system certificate store 2 TTPs 4 IoCs
  • Script User-Agent 1 IoCs

    Uses user-agent string associated with script host/environment.

Processes

  • C:\Windows\system32\wscript.exe
    wscript.exe C:\Users\Admin\AppData\Local\Temp\eb6aab9b4b304ddf044b46a574334ffc27299462dedcc46c0a43b6ca9367218e.js
    1⤵
    • Blocklisted process makes network request
    • Modifies system certificate store
    PID:1200

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads