Analysis

  • max time kernel
    123s
  • max time network
    126s
  • platform
    windows7_x64
  • resource
    win7-20220812-en
  • resource tags

    arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
  • submitted
    07-09-2022 16:20

General

  • Target

    Land_contract_rules (pl).js

  • Size

    483KB

  • MD5

    f40a099012b88b19f5475cb6057ac16a

  • SHA1

    622cd78c89e2a39eb2779abb5caf37bc257a8880

  • SHA256

    f8a444ef623dce3be44ddaf18cd1d892cf2dc02ab3dacf6db581e58842778160

  • SHA512

    1e61932a0df7477667c0405c364478f7b44ebd66209e72eda57f2274c3e07905700b877b67b739e1d1a9eb9d6b08fc2c821bd063a4a41a4ed311e4bec70534a8

  • SSDEEP

    6144:s1QitLTulaxl4JhEfDkFA7niagmd4iLAmWR6vSF:sfkhEfDkFaiagmd4iLAmWR6s

Score
10/10

Malware Config

Signatures

  • GootLoader

    JavaScript loader known for delivering other families such as Gootkit and Cobaltstrike.

  • Blocklisted process makes network request 6 IoCs
  • Modifies system certificate store 2 TTPs 4 IoCs
  • Script User-Agent 1 IoCs

    Uses user-agent string associated with script host/environment.

Processes

  • C:\Windows\system32\wscript.exe
    wscript.exe "C:\Users\Admin\AppData\Local\Temp\Land_contract_rules (pl).js"
    1⤵
    • Blocklisted process makes network request
    • Modifies system certificate store
    PID:1948

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads