Analysis

  • max time kernel
    150s
  • max time network
    152s
  • platform
    windows10-1703_x64
  • resource
    win10-20220812-en
  • resource tags

    arch:x64arch:x86image:win10-20220812-enlocale:en-usos:windows10-1703-x64system
  • submitted
    11-09-2022 13:08

General

  • Target

    Offer_to_purchase_and_contract_form_2g (laj).js

  • Size

    483KB

  • MD5

    1ecac36d6a286e090ecd1586be6e883c

  • SHA1

    70b8ff30083417785c4ecdd38410afdb80d55dc9

  • SHA256

    a5760c44000a01657ff773182f5403ec576b075859e4447048435f273cc1ead1

  • SHA512

    0f58ecd5010884d7ec7d9e0569c8732f7ff53ab67fbdd52efc99861d161068dafd80b7ff507252d4192ee5cd18c0d3f83e912caae254f0f1ae40a44f00e7e51f

  • SSDEEP

    6144:cQH2aTulaxl4qhEfDpVT7Wiagmd4iLAmWH6FSF:fNhEfDpV+iagmd4iLAmWH6C

Score
10/10

Malware Config

Signatures

  • GootLoader

    JavaScript loader known for delivering other families such as Gootkit and Cobaltstrike.

  • Blocklisted process makes network request 3 IoCs
  • Script User-Agent 3 IoCs

    Uses user-agent string associated with script host/environment.

Processes

  • C:\Windows\system32\wscript.exe
    wscript.exe "C:\Users\Admin\AppData\Local\Temp\Offer_to_purchase_and_contract_form_2g (laj).js"
    1⤵
    • Blocklisted process makes network request
    PID:3784

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads