Analysis

  • max time kernel
    173s
  • max time network
    175s
  • platform
    windows10-1703_x64
  • resource
    win10-20220812-en
  • resource tags

    arch:x64arch:x86image:win10-20220812-enlocale:en-usos:windows10-1703-x64system
  • submitted
    09-09-2022 11:38

General

  • Target

    3482b8e3b2eee3a0ea5f3905fa7902074332b4077e50d86ea89a2850f7657dff.js

  • Size

    483KB

  • MD5

    753c3799a9ac0f4fe4a7defc0e8b32f2

  • SHA1

    60568fb9692c6499f2705f63b9dc1180ca1610a1

  • SHA256

    3482b8e3b2eee3a0ea5f3905fa7902074332b4077e50d86ea89a2850f7657dff

  • SHA512

    29ce2a062f57a334f0e76be9c4a733d7fdc918c12d76e8268dddde91bd0103ce3633f66e33a36f8f8ca97a938c279276af1f2e9c0da99ee8e251a9a3c25c37e1

  • SSDEEP

    6144:/QaXAYulaxl4khEfD3xA7ziagmd4iLAmWR6ZSF:aUhEfD3xWiagmd4iLAmWR6G

Score
10/10

Malware Config

Signatures

  • GootLoader

    JavaScript loader known for delivering other families such as Gootkit and Cobaltstrike.

  • Blocklisted process makes network request 3 IoCs
  • Script User-Agent 3 IoCs

    Uses user-agent string associated with script host/environment.

Processes

  • C:\Windows\system32\wscript.exe
    wscript.exe C:\Users\Admin\AppData\Local\Temp\3482b8e3b2eee3a0ea5f3905fa7902074332b4077e50d86ea89a2850f7657dff.js
    1⤵
    • Blocklisted process makes network request
    PID:3840

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads