Analysis
-
max time kernel
446s -
max time network
881s -
platform
windows10-1703_x64 -
resource
win10-20220812-en -
resource tags
arch:x64arch:x86image:win10-20220812-enlocale:en-usos:windows10-1703-x64system -
submitted
07-09-2022 02:42
Static task
static1
Behavioral task
behavioral1
Sample
Bws agreement 2020 (52386).zip
Resource
win10-20220812-en
Behavioral task
behavioral2
Sample
Bws_agreement_2020 (cff).js
Resource
win10-20220812-en
General
-
Target
Bws_agreement_2020 (cff).js
-
Size
483KB
-
MD5
1eb0afac12c4bae3a3fd238dd38feddc
-
SHA1
135b3e89fd114fc590655df6a575800416afe379
-
SHA256
5f6a9c6f3d8e243fce0af61ba82d82ce081020906b9b07490ea4988e1a0d7a8b
-
SHA512
c6958530bdc1d74516bcd1a78688cc9ff358178f0a625e783dcb9dfaeb7a5c216c0255c2a18227a75eb00a9d906fe5a4a7f6ee474732734bcf48b639d8b8275d
-
SSDEEP
6144:GQBXSEulaxl4khEfD3NA7Wiagmd4iLAmWh6CSF:kwhEfD3Nviagmd4iLAmWh6f
Malware Config
Signatures
-
GootLoader
JavaScript loader known for delivering other families such as Gootkit and Cobaltstrike.
-
Blocklisted process makes network request 2 IoCs
Processes:
wscript.exeflow pid process 6 2692 wscript.exe 8 2692 wscript.exe -
Script User-Agent 1 IoCs
Uses user-agent string associated with script host/environment.
Processes:
description flow ioc HTTP User-Agent header 6 Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)