Resubmissions

07-09-2022 12:07

220907-papsascad9 10

07-09-2022 11:55

220907-n3rlxshcbj 10

Analysis

  • max time kernel
    277s
  • max time network
    281s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20220901-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20220901-enlocale:en-usos:windows10-2004-x64system
  • submitted
    07-09-2022 12:07

General

  • Target

    710f2efbe32f719f6d3be0830b598aed5e5ce7aecd37bf1fda3ebe11e5737eba.js

  • Size

    483KB

  • MD5

    5cc9ce54aacd8cda0b335a3d7be52fe1

  • SHA1

    d510630848807220df5bfa54f8fdd329e596c1bd

  • SHA256

    710f2efbe32f719f6d3be0830b598aed5e5ce7aecd37bf1fda3ebe11e5737eba

  • SHA512

    07c29aed0c951dc0047f5283871b866fd2ff11ca76de19e8eee609ad877319e8d5bb88f32aa02abb537a62cc2cc6dc386c81c5fa39900e8167ae05f13213b6d2

  • SSDEEP

    6144:vQaySTulaxl4khEfD3xA72iagmd4iLAmWR6CSy:1hhEfD3xTiagmd4iLAmWR6c

Score
10/10

Malware Config

Signatures

  • GootLoader

    JavaScript loader known for delivering other families such as Gootkit and Cobaltstrike.

  • Blocklisted process makes network request 3 IoCs
  • Program crash 1 IoCs
  • Script User-Agent 3 IoCs

    Uses user-agent string associated with script host/environment.

Processes

  • C:\Windows\system32\wscript.exe
    wscript.exe C:\Users\Admin\AppData\Local\Temp\710f2efbe32f719f6d3be0830b598aed5e5ce7aecd37bf1fda3ebe11e5737eba.js
    1⤵
    • Blocklisted process makes network request
    PID:1088
  • C:\Windows\system32\WerFault.exe
    C:\Windows\system32\WerFault.exe -pss -s 444 -p 2956 -ip 2956
    1⤵
      PID:3572
    • C:\Windows\system32\WerFault.exe
      C:\Windows\system32\WerFault.exe -u -p 2956 -s 852
      1⤵
      • Program crash
      PID:3556

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads