Overview
overview
10Static
static
0c7b24793e...16c.js
windows10-1703-x64
101e9892e969...191.js
windows10-1703-x64
102a4516fba8...e80.js
windows10-1703-x64
103482b8e3b2...dff.js
windows10-1703-x64
10448be4416d...9b4.js
windows10-1703-x64
1048b4247e1a...7c9.js
windows10-1703-x64
105fc30d2cb4...460.js
windows10-1703-x64
8780451d05c...b6f.js
windows10-1703-x64
107816c4bdfc...c57.js
windows10-1703-x64
10bc00599c45...ffd.js
windows10-1703-x64
10Analysis
-
max time kernel
180s -
max time network
182s -
platform
windows10-1703_x64 -
resource
win10-20220812-en -
resource tags
arch:x64arch:x86image:win10-20220812-enlocale:en-usos:windows10-1703-x64system -
submitted
29-09-2022 10:29
Static task
static1
Behavioral task
behavioral1
Sample
0c7b24793eb977294b87af72948a38f7872744a6aeb142054d56a91646e4f16c.js
Resource
win10-20220812-en
Behavioral task
behavioral2
Sample
1e9892e96998cf1854d5778c8ef8d738c3b30ef9ed8f182df3b6e2a0329fa191.js
Resource
win10-20220812-en
Behavioral task
behavioral3
Sample
2a4516fba848b3ef6190f6c3235e21972c68228c943ea2e2b843d9237b690e80.js
Resource
win10-20220812-en
Behavioral task
behavioral4
Sample
3482b8e3b2eee3a0ea5f3905fa7902074332b4077e50d86ea89a2850f7657dff.js
Resource
win10-20220901-en
Behavioral task
behavioral5
Sample
448be4416d86334bb1d167ce8ae9f488fefe680e75d68955fbea1e36cd9309b4.js
Resource
win10-20220812-en
Behavioral task
behavioral6
Sample
48b4247e1a28c1159b8608588212f4cf49408039704c204b93f54abad56357c9.js
Resource
win10-20220812-en
Behavioral task
behavioral7
Sample
5fc30d2cb4ce3b291396c89bdb153c12eb3263c2e84744bb9323b2d9f4c8c460.js
Resource
win10-20220812-en
Behavioral task
behavioral8
Sample
780451d05ca663fbe10c0eba45205a7f1570ae8b00b74d8b04b7b2c10a628b6f.js
Resource
win10-20220901-en
Behavioral task
behavioral9
Sample
7816c4bdfcabb5448fe46631a91ddc0d98fb0513d7d943463ca2b1a6ca01bc57.js
Resource
win10-20220812-en
Behavioral task
behavioral10
Sample
bc00599c450caca3d02adf1c35c3c6882797870c917d79059edc971c0a9ffffd.js
Resource
win10-20220812-en
General
-
Target
7816c4bdfcabb5448fe46631a91ddc0d98fb0513d7d943463ca2b1a6ca01bc57.js
-
Size
483KB
-
MD5
c746d4689bc3110012e141d167a3da5d
-
SHA1
4aa455a5914df357ea0821b4b2b6cf6216746d95
-
SHA256
7816c4bdfcabb5448fe46631a91ddc0d98fb0513d7d943463ca2b1a6ca01bc57
-
SHA512
f321bd439db19c2639a66b3e881b61bfbb3090845f89e5b94dcee983b10290a66befc9a5d37f65f386c37d7129ef17aed2f3b3c449f98dc6a5ae03829082397c
-
SSDEEP
6144:ZQ2YXSTulaxl4khEfD1Dn7Giagmd4iLAmWR6b5F:fRhhEfD1Daiagmd4iLAmWR67
Malware Config
Signatures
-
GootLoader
JavaScript loader known for delivering other families such as Gootkit and Cobaltstrike.
-
Blocklisted process makes network request 3 IoCs
Processes:
wscript.exeflow pid process 6 2764 wscript.exe 8 2764 wscript.exe 10 2764 wscript.exe -
Script User-Agent 3 IoCs
Uses user-agent string associated with script host/environment.
Processes:
description flow ioc HTTP User-Agent header 6 Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5) HTTP User-Agent header 8 Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5) HTTP User-Agent header 10 Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)