Analysis

  • max time kernel
    240s
  • max time network
    243s
  • platform
    windows10-1703_x64
  • resource
    win10-20220812-en
  • resource tags

    arch:x64arch:x86image:win10-20220812-enlocale:en-usos:windows10-1703-x64system
  • submitted
    15-09-2022 10:02

General

  • Target

    Penetration_testing_agreement_sample (ei).js

  • Size

    483KB

  • MD5

    9fed4cdbb7eb659411081b724af1d526

  • SHA1

    5fc431d3a90e8356a4ca2f0b04ff5eaab21f58b2

  • SHA256

    d5f002f72d7727b2f4f862f7c1c110c40e83fb6d955b57d538b2a9c792f3db43

  • SHA512

    63717d2fa15c30cb1fcc927ab526b1e2e552bf50024c5b6560ff8391b79c7bbe12e01c0abb230f4d6427474557a2628b2cdd1078c8ac983c96637cdec4554118

  • SSDEEP

    6144:GQZmSuulaxl4khEfD3xA7Wiagmd4iLAmW46jSF:XChEfD3xviagmd4iLAmW46w

Score
10/10

Malware Config

Signatures

  • GootLoader

    JavaScript loader known for delivering other families such as Gootkit and Cobaltstrike.

  • Blocklisted process makes network request 3 IoCs
  • Script User-Agent 3 IoCs

    Uses user-agent string associated with script host/environment.

Processes

  • C:\Windows\system32\wscript.exe
    wscript.exe "C:\Users\Admin\AppData\Local\Temp\Penetration_testing_agreement_sample (ei).js"
    1⤵
    • Blocklisted process makes network request
    PID:2028

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads