Analysis
-
max time kernel
150s -
max time network
152s -
platform
windows10-1703_x64 -
resource
win10-20220812-en -
resource tags
arch:x64arch:x86image:win10-20220812-enlocale:en-usos:windows10-1703-x64system -
submitted
11-09-2022 13:08
Static task
static1
Behavioral task
behavioral1
Sample
Offer_to_purchase_and_contract_form_2g (laj).js
Resource
win10-20220812-en
3 signatures
300 seconds
General
-
Target
Offer_to_purchase_and_contract_form_2g (laj).js
-
Size
483KB
-
MD5
1ecac36d6a286e090ecd1586be6e883c
-
SHA1
70b8ff30083417785c4ecdd38410afdb80d55dc9
-
SHA256
a5760c44000a01657ff773182f5403ec576b075859e4447048435f273cc1ead1
-
SHA512
0f58ecd5010884d7ec7d9e0569c8732f7ff53ab67fbdd52efc99861d161068dafd80b7ff507252d4192ee5cd18c0d3f83e912caae254f0f1ae40a44f00e7e51f
-
SSDEEP
6144:cQH2aTulaxl4qhEfDpVT7Wiagmd4iLAmWH6FSF:fNhEfDpV+iagmd4iLAmWH6C
Score
10/10
Malware Config
Signatures
-
GootLoader
JavaScript loader known for delivering other families such as Gootkit and Cobaltstrike.
-
Blocklisted process makes network request 3 IoCs
Processes:
wscript.exeflow pid process 6 3784 wscript.exe 8 3784 wscript.exe 10 3784 wscript.exe -
Script User-Agent 3 IoCs
Uses user-agent string associated with script host/environment.
Processes:
description flow ioc HTTP User-Agent header 10 Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5) HTTP User-Agent header 6 Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5) HTTP User-Agent header 8 Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)