Analysis
-
max time kernel
240s -
max time network
243s -
platform
windows10-1703_x64 -
resource
win10-20220812-en -
resource tags
arch:x64arch:x86image:win10-20220812-enlocale:en-usos:windows10-1703-x64system -
submitted
15-09-2022 10:02
Static task
static1
Behavioral task
behavioral1
Sample
Penetration_testing_agreement_sample (ei).js
Resource
win10-20220812-en
3 signatures
300 seconds
General
-
Target
Penetration_testing_agreement_sample (ei).js
-
Size
483KB
-
MD5
9fed4cdbb7eb659411081b724af1d526
-
SHA1
5fc431d3a90e8356a4ca2f0b04ff5eaab21f58b2
-
SHA256
d5f002f72d7727b2f4f862f7c1c110c40e83fb6d955b57d538b2a9c792f3db43
-
SHA512
63717d2fa15c30cb1fcc927ab526b1e2e552bf50024c5b6560ff8391b79c7bbe12e01c0abb230f4d6427474557a2628b2cdd1078c8ac983c96637cdec4554118
-
SSDEEP
6144:GQZmSuulaxl4khEfD3xA7Wiagmd4iLAmW46jSF:XChEfD3xviagmd4iLAmW46w
Score
10/10
Malware Config
Signatures
-
GootLoader
JavaScript loader known for delivering other families such as Gootkit and Cobaltstrike.
-
Blocklisted process makes network request 3 IoCs
Processes:
wscript.exeflow pid process 5 2028 wscript.exe 7 2028 wscript.exe 9 2028 wscript.exe -
Script User-Agent 3 IoCs
Uses user-agent string associated with script host/environment.
Processes:
description flow ioc HTTP User-Agent header 5 Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5) HTTP User-Agent header 7 Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5) HTTP User-Agent header 9 Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)