Analysis
-
max time kernel
203s -
max time network
207s -
platform
windows7_x64 -
resource
win7-20220812-en -
resource tags
arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system -
submitted
08-09-2022 12:37
Static task
static1
Behavioral task
behavioral1
Sample
2426d4b21e5f3804a7bdd97d6d2eaa5d80874a32cbc8ccce846eaaf34ca033dc.js
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
2426d4b21e5f3804a7bdd97d6d2eaa5d80874a32cbc8ccce846eaaf34ca033dc.js
Resource
win10v2004-20220812-en
Behavioral task
behavioral3
Sample
75d8102c0b4ebfd0bce76198c2292ac5bf806772426c93039427a5102b8c188c.js
Resource
win7-20220812-en
Behavioral task
behavioral4
Sample
75d8102c0b4ebfd0bce76198c2292ac5bf806772426c93039427a5102b8c188c.js
Resource
win10v2004-20220812-en
Behavioral task
behavioral5
Sample
How_to_calculate_partnership_capital_account (zoe).js
Resource
win7-20220812-en
Behavioral task
behavioral6
Sample
How_to_calculate_partnership_capital_account (zoe).js
Resource
win10v2004-20220901-en
General
-
Target
75d8102c0b4ebfd0bce76198c2292ac5bf806772426c93039427a5102b8c188c.js
-
Size
483KB
-
MD5
b72014373bdd29f244376d013f037825
-
SHA1
cbc73d375b915b07328dc7e30b44a9a5662bfd77
-
SHA256
75d8102c0b4ebfd0bce76198c2292ac5bf806772426c93039427a5102b8c188c
-
SHA512
391cf4285580e4da0bacce9919e7c0fd9b4a0a0ec3eb21c09424b1d2229a05c14ea169bdc62a52c30cd1bafce1ba7ffe48e033e00a38c841fbeee311ac861050
-
SSDEEP
6144:ZDQlXSnulaxl40hEfDHxU7Wiagmd4iLAmWR6JAF:HthEfDHxjiagmd4iLAmWR6s
Malware Config
Signatures
-
GootLoader
JavaScript loader known for delivering other families such as Gootkit and Cobaltstrike.
-
Blocklisted process makes network request 3 IoCs
Processes:
wscript.exeflow pid process 3 1900 wscript.exe 5 1900 wscript.exe 7 1900 wscript.exe -
Processes:
wscript.exedescription ioc process Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\92A862854CBECB94F51CD71F036C165CBF654343 wscript.exe Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\92A862854CBECB94F51CD71F036C165CBF654343\Blob = 0f00000001000000200000000a043e59706f30e9f239884aaf50ab06211f0613bb9e0bac5886fd92654fae0103000000010000001400000092a862854cbecb94f51cd71f036c165cbf6543432000000001000000f9020000308202f5308201dda003020102021003640d8154647d4bbd57bafeb03febd0300d06092a864886f70d01010b050030133111300f06035504031308436c6f75644e6574301e170d3232303832333135303030305a170d3237303832323135303030305a30133111300f06035504031308436c6f75644e657430820122300d06092a864886f70d01010105000382010f003082010a0282010100cd712faf2021aa79a38e90a222d140b84a8b84755762d5c04902f18e27cb243fb60fb0eb11188bf7848b950c4d1e9bfe0264d67d7a3f2bbb6d11fc6c2b981feb4d523f965953261ad93e573205b33a6e032e3e73fa85f5104d44c787cf98575d8bde2fc83801727e17f7b0f94d81befa73fb36ceebdc5fc087eeabcf6f95a88a021bbaef83fa759f4b7e789d0f6ac0268025d6079b3e1b50993de3ad42eb85ce2d94f31328c27dfd1b29e9fb141c3cb6c5c8614d79f1c884eea47a6b26e221052142990f8b44ec224bb1f2f56b9815a967dfb798987f54f8a87931ff207520041f05b219fae3dfff9c12ed5eba0d77d082cdf0ceb1a22ea91a5bb9d0923fabd10203010001a3453043300e0603551d0f0101ff04040302010630120603551d130101ff040830060101ff020101301d0603551d0e04160414384a5d2bed2b886a7d2286dacc403efb1efce901300d06092a864886f70d01010b050003820101002942a3355d3813094d4e4f1bb85f1f95cec9dad805ce011b618ae170c0cde717754f05e24cf931bcb008caccb857ad05db7d23f23931fe8e3ea223a18a6ca72ff33285112751fc432b7a07458feb9f1a6dc6422d84c443ab7bef51f8411d49023cdbf96b699b33bed8397c12bb2c5f424818f31b5ae84fbda9435a52f71b6fe73294af50452c005d5db788e8ad7ee144a4675a3a0d8468699fad17ebffffb4be8fa6f6e15ab18da2d644cedffcb7d210645ff6fcfb9c1bd348ae5d3f452c2e73e11e47f13779f5ea68ef8376b35c8d814f965a3f53c9592b36ca9ea4bccf6acbf5ca6f2e6b97403a441db1aa2e26b5b46c033997dc84116faab4c9d8faac9e07 wscript.exe Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\92A862854CBECB94F51CD71F036C165CBF654343\Blob = 140000000100000014000000384a5d2bed2b886a7d2286dacc403efb1efce90103000000010000001400000092a862854cbecb94f51cd71f036c165cbf6543430f00000001000000200000000a043e59706f30e9f239884aaf50ab06211f0613bb9e0bac5886fd92654fae012000000001000000f9020000308202f5308201dda003020102021003640d8154647d4bbd57bafeb03febd0300d06092a864886f70d01010b050030133111300f06035504031308436c6f75644e6574301e170d3232303832333135303030305a170d3237303832323135303030305a30133111300f06035504031308436c6f75644e657430820122300d06092a864886f70d01010105000382010f003082010a0282010100cd712faf2021aa79a38e90a222d140b84a8b84755762d5c04902f18e27cb243fb60fb0eb11188bf7848b950c4d1e9bfe0264d67d7a3f2bbb6d11fc6c2b981feb4d523f965953261ad93e573205b33a6e032e3e73fa85f5104d44c787cf98575d8bde2fc83801727e17f7b0f94d81befa73fb36ceebdc5fc087eeabcf6f95a88a021bbaef83fa759f4b7e789d0f6ac0268025d6079b3e1b50993de3ad42eb85ce2d94f31328c27dfd1b29e9fb141c3cb6c5c8614d79f1c884eea47a6b26e221052142990f8b44ec224bb1f2f56b9815a967dfb798987f54f8a87931ff207520041f05b219fae3dfff9c12ed5eba0d77d082cdf0ceb1a22ea91a5bb9d0923fabd10203010001a3453043300e0603551d0f0101ff04040302010630120603551d130101ff040830060101ff020101301d0603551d0e04160414384a5d2bed2b886a7d2286dacc403efb1efce901300d06092a864886f70d01010b050003820101002942a3355d3813094d4e4f1bb85f1f95cec9dad805ce011b618ae170c0cde717754f05e24cf931bcb008caccb857ad05db7d23f23931fe8e3ea223a18a6ca72ff33285112751fc432b7a07458feb9f1a6dc6422d84c443ab7bef51f8411d49023cdbf96b699b33bed8397c12bb2c5f424818f31b5ae84fbda9435a52f71b6fe73294af50452c005d5db788e8ad7ee144a4675a3a0d8468699fad17ebffffb4be8fa6f6e15ab18da2d644cedffcb7d210645ff6fcfb9c1bd348ae5d3f452c2e73e11e47f13779f5ea68ef8376b35c8d814f965a3f53c9592b36ca9ea4bccf6acbf5ca6f2e6b97403a441db1aa2e26b5b46c033997dc84116faab4c9d8faac9e07 wscript.exe Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\92A862854CBECB94F51CD71F036C165CBF654343\Blob = 0400000001000000100000005f7da9b3873a205c74c7aeab20190eec0f00000001000000200000000a043e59706f30e9f239884aaf50ab06211f0613bb9e0bac5886fd92654fae0103000000010000001400000092a862854cbecb94f51cd71f036c165cbf654343140000000100000014000000384a5d2bed2b886a7d2286dacc403efb1efce9012000000001000000f9020000308202f5308201dda003020102021003640d8154647d4bbd57bafeb03febd0300d06092a864886f70d01010b050030133111300f06035504031308436c6f75644e6574301e170d3232303832333135303030305a170d3237303832323135303030305a30133111300f06035504031308436c6f75644e657430820122300d06092a864886f70d01010105000382010f003082010a0282010100cd712faf2021aa79a38e90a222d140b84a8b84755762d5c04902f18e27cb243fb60fb0eb11188bf7848b950c4d1e9bfe0264d67d7a3f2bbb6d11fc6c2b981feb4d523f965953261ad93e573205b33a6e032e3e73fa85f5104d44c787cf98575d8bde2fc83801727e17f7b0f94d81befa73fb36ceebdc5fc087eeabcf6f95a88a021bbaef83fa759f4b7e789d0f6ac0268025d6079b3e1b50993de3ad42eb85ce2d94f31328c27dfd1b29e9fb141c3cb6c5c8614d79f1c884eea47a6b26e221052142990f8b44ec224bb1f2f56b9815a967dfb798987f54f8a87931ff207520041f05b219fae3dfff9c12ed5eba0d77d082cdf0ceb1a22ea91a5bb9d0923fabd10203010001a3453043300e0603551d0f0101ff04040302010630120603551d130101ff040830060101ff020101301d0603551d0e04160414384a5d2bed2b886a7d2286dacc403efb1efce901300d06092a864886f70d01010b050003820101002942a3355d3813094d4e4f1bb85f1f95cec9dad805ce011b618ae170c0cde717754f05e24cf931bcb008caccb857ad05db7d23f23931fe8e3ea223a18a6ca72ff33285112751fc432b7a07458feb9f1a6dc6422d84c443ab7bef51f8411d49023cdbf96b699b33bed8397c12bb2c5f424818f31b5ae84fbda9435a52f71b6fe73294af50452c005d5db788e8ad7ee144a4675a3a0d8468699fad17ebffffb4be8fa6f6e15ab18da2d644cedffcb7d210645ff6fcfb9c1bd348ae5d3f452c2e73e11e47f13779f5ea68ef8376b35c8d814f965a3f53c9592b36ca9ea4bccf6acbf5ca6f2e6b97403a441db1aa2e26b5b46c033997dc84116faab4c9d8faac9e07 wscript.exe Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\92A862854CBECB94F51CD71F036C165CBF654343\Blob = 19000000010000001000000062ad758a7a5d9f2dff6b04551cc4efa2140000000100000014000000384a5d2bed2b886a7d2286dacc403efb1efce90103000000010000001400000092a862854cbecb94f51cd71f036c165cbf6543430f00000001000000200000000a043e59706f30e9f239884aaf50ab06211f0613bb9e0bac5886fd92654fae010400000001000000100000005f7da9b3873a205c74c7aeab20190eec2000000001000000f9020000308202f5308201dda003020102021003640d8154647d4bbd57bafeb03febd0300d06092a864886f70d01010b050030133111300f06035504031308436c6f75644e6574301e170d3232303832333135303030305a170d3237303832323135303030305a30133111300f06035504031308436c6f75644e657430820122300d06092a864886f70d01010105000382010f003082010a0282010100cd712faf2021aa79a38e90a222d140b84a8b84755762d5c04902f18e27cb243fb60fb0eb11188bf7848b950c4d1e9bfe0264d67d7a3f2bbb6d11fc6c2b981feb4d523f965953261ad93e573205b33a6e032e3e73fa85f5104d44c787cf98575d8bde2fc83801727e17f7b0f94d81befa73fb36ceebdc5fc087eeabcf6f95a88a021bbaef83fa759f4b7e789d0f6ac0268025d6079b3e1b50993de3ad42eb85ce2d94f31328c27dfd1b29e9fb141c3cb6c5c8614d79f1c884eea47a6b26e221052142990f8b44ec224bb1f2f56b9815a967dfb798987f54f8a87931ff207520041f05b219fae3dfff9c12ed5eba0d77d082cdf0ceb1a22ea91a5bb9d0923fabd10203010001a3453043300e0603551d0f0101ff04040302010630120603551d130101ff040830060101ff020101301d0603551d0e04160414384a5d2bed2b886a7d2286dacc403efb1efce901300d06092a864886f70d01010b050003820101002942a3355d3813094d4e4f1bb85f1f95cec9dad805ce011b618ae170c0cde717754f05e24cf931bcb008caccb857ad05db7d23f23931fe8e3ea223a18a6ca72ff33285112751fc432b7a07458feb9f1a6dc6422d84c443ab7bef51f8411d49023cdbf96b699b33bed8397c12bb2c5f424818f31b5ae84fbda9435a52f71b6fe73294af50452c005d5db788e8ad7ee144a4675a3a0d8468699fad17ebffffb4be8fa6f6e15ab18da2d644cedffcb7d210645ff6fcfb9c1bd348ae5d3f452c2e73e11e47f13779f5ea68ef8376b35c8d814f965a3f53c9592b36ca9ea4bccf6acbf5ca6f2e6b97403a441db1aa2e26b5b46c033997dc84116faab4c9d8faac9e07 wscript.exe -
Script User-Agent 3 IoCs
Uses user-agent string associated with script host/environment.
Processes:
description flow ioc HTTP User-Agent header 5 Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5) HTTP User-Agent header 7 Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5) HTTP User-Agent header 3 Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)