Analysis

  • max time kernel
    209s
  • max time network
    212s
  • platform
    windows10-1703_x64
  • resource
    win10-20220901-en
  • resource tags

    arch:x64arch:x86image:win10-20220901-enlocale:en-usos:windows10-1703-x64system
  • submitted
    12-09-2022 12:40

General

  • Target

    Right-of-use_asset_cash_flow_statement_example (hcw).js

  • Size

    483KB

  • MD5

    3906cbd546dd2cf8b4816605a077d19e

  • SHA1

    47e96ced2c7e621f56d1154e51bb7c3b8419d802

  • SHA256

    c195a2f51738d78172f8dc8308d44062336831761fbc70d12fb1e3eb305dce05

  • SHA512

    dceb46839c8fdf31c930b491dac370f84702a3242949de15ecc99d99b64918363803546a8ffb07ae9239b2f26d1b4bd313d5e266cc7a2baece4fbf33b0d03636

  • SSDEEP

    6144:TQvgSGulaxl4khEfDuDk7Wiagmd4iLAmWR6C2F:EahEfDuDTiagmd4iLAmWR6v

Score
10/10

Malware Config

Signatures

  • GootLoader

    JavaScript loader known for delivering other families such as Gootkit and Cobaltstrike.

  • Blocklisted process makes network request 3 IoCs
  • Script User-Agent 3 IoCs

    Uses user-agent string associated with script host/environment.

Processes

  • C:\Windows\system32\wscript.exe
    wscript.exe "C:\Users\Admin\AppData\Local\Temp\Right-of-use_asset_cash_flow_statement_example (hcw).js"
    1⤵
    • Blocklisted process makes network request
    PID:3868

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads