Resubmissions

07-09-2022 02:42

220907-c685laahe3 10

07-09-2022 02:32

220907-c1fabsahd3 10

Analysis

  • max time kernel
    446s
  • max time network
    881s
  • platform
    windows10-1703_x64
  • resource
    win10-20220812-en
  • resource tags

    arch:x64arch:x86image:win10-20220812-enlocale:en-usos:windows10-1703-x64system
  • submitted
    07-09-2022 02:42

General

  • Target

    Bws_agreement_2020 (cff).js

  • Size

    483KB

  • MD5

    1eb0afac12c4bae3a3fd238dd38feddc

  • SHA1

    135b3e89fd114fc590655df6a575800416afe379

  • SHA256

    5f6a9c6f3d8e243fce0af61ba82d82ce081020906b9b07490ea4988e1a0d7a8b

  • SHA512

    c6958530bdc1d74516bcd1a78688cc9ff358178f0a625e783dcb9dfaeb7a5c216c0255c2a18227a75eb00a9d906fe5a4a7f6ee474732734bcf48b639d8b8275d

  • SSDEEP

    6144:GQBXSEulaxl4khEfD3NA7Wiagmd4iLAmWh6CSF:kwhEfD3Nviagmd4iLAmWh6f

Score
10/10

Malware Config

Signatures

  • GootLoader

    JavaScript loader known for delivering other families such as Gootkit and Cobaltstrike.

  • Blocklisted process makes network request 2 IoCs
  • Script User-Agent 1 IoCs

    Uses user-agent string associated with script host/environment.

Processes

  • C:\Windows\system32\wscript.exe
    wscript.exe "C:\Users\Admin\AppData\Local\Temp\Bws_agreement_2020 (cff).js"
    1⤵
    • Blocklisted process makes network request
    PID:2692

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads