Analysis
-
max time kernel
209s -
max time network
212s -
platform
windows10-1703_x64 -
resource
win10-20220901-en -
resource tags
arch:x64arch:x86image:win10-20220901-enlocale:en-usos:windows10-1703-x64system -
submitted
12-09-2022 12:40
Static task
static1
Behavioral task
behavioral1
Sample
Right-of-use_asset_cash_flow_statement_example (hcw).js
Resource
win10-20220901-en
General
-
Target
Right-of-use_asset_cash_flow_statement_example (hcw).js
-
Size
483KB
-
MD5
3906cbd546dd2cf8b4816605a077d19e
-
SHA1
47e96ced2c7e621f56d1154e51bb7c3b8419d802
-
SHA256
c195a2f51738d78172f8dc8308d44062336831761fbc70d12fb1e3eb305dce05
-
SHA512
dceb46839c8fdf31c930b491dac370f84702a3242949de15ecc99d99b64918363803546a8ffb07ae9239b2f26d1b4bd313d5e266cc7a2baece4fbf33b0d03636
-
SSDEEP
6144:TQvgSGulaxl4khEfDuDk7Wiagmd4iLAmWR6C2F:EahEfDuDTiagmd4iLAmWR6v
Malware Config
Signatures
-
GootLoader
JavaScript loader known for delivering other families such as Gootkit and Cobaltstrike.
-
Blocklisted process makes network request 3 IoCs
Processes:
wscript.exeflow pid process 5 3868 wscript.exe 7 3868 wscript.exe 9 3868 wscript.exe -
Script User-Agent 3 IoCs
Uses user-agent string associated with script host/environment.
Processes:
description flow ioc HTTP User-Agent header 5 Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5) HTTP User-Agent header 7 Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5) HTTP User-Agent header 9 Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)