Analysis Overview
score
10/10
SHA256
d79747853972fde1d445a9c6facab65abef36cfd1a0db6b3b47b78cd0f7f675e
Threat Level: Known bad
The file California_surplus_lines_due_diligence_form (mxvsw).js was found to be: Known bad.
Malicious Activity Summary
GootLoader
Blocklisted process makes network request
Script User-Agent
MITRE ATT&CK
N/A
Analysis: static1
Detonation Overview
Reported
2022-09-07 09:57
Signatures
N/A
Analysis: behavioral1
Detonation Overview
Submitted
2022-09-07 09:57
Reported
2022-09-07 10:03
Platform
win10-20220812-en
Max time kernel
240s
Max time network
242s
Command Line
wscript.exe "C:\Users\Admin\AppData\Local\Temp\California_surplus_lines_due_diligence_form (mxvsw).js"
Signatures
GootLoader
Blocklisted process makes network request
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\wscript.exe | N/A |
| N/A | N/A | C:\Windows\system32\wscript.exe | N/A |
| N/A | N/A | C:\Windows\system32\wscript.exe | N/A |
Script User-Agent
| Description | Indicator | Process | Target |
| HTTP User-Agent header | Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5) | N/A | N/A |
| HTTP User-Agent header | Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5) | N/A | N/A |
| HTTP User-Agent header | Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5) | N/A | N/A |
Processes
C:\Windows\system32\wscript.exe
wscript.exe "C:\Users\Admin\AppData\Local\Temp\California_surplus_lines_due_diligence_form (mxvsw).js"
Network
| Country | Destination | Domain | Proto |
| NL | 52.178.17.3:443 | tcp | |
| US | 13.107.4.50:80 | tcp | |
| US | 8.8.8.8:53 | www.macromixenlinea.com | udp |
| N/A | 100.92.24.102:443 | www.macromixenlinea.com | tcp |
| US | 8.8.8.8:53 | www.lovlr.com | udp |
| N/A | 100.119.13.235:443 | www.lovlr.com | tcp |
| US | 8.8.8.8:53 | www.lukeamiller.net | udp |
| N/A | 100.101.3.137:443 | www.lukeamiller.net | tcp |
Files
N/A