Analysis Overview
SHA256
21933fcbd4c383e82fa9b32f31609e1c6685b763ed5d8258f19862cb2016fcf5
Threat Level: Known bad
The file invoice regulation documentation.JPG.js was found to be: Known bad.
Malicious Activity Summary
WSHRAT
Blocklisted process makes network request
Looks up external IP address via web service
Enumerates physical storage devices
Script User-Agent
MITRE ATT&CK
Enterprise Matrix V6
Analysis: static1
Detonation Overview
Reported
2022-11-24 07:50
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2022-11-24 07:50
Reported
2022-11-24 07:53
Platform
win7-20221111-en
Max time kernel
145s
Max time network
170s
Command Line
Signatures
WSHRAT
Blocklisted process makes network request
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\wscript.exe | N/A |
| N/A | N/A | C:\Windows\system32\wscript.exe | N/A |
| N/A | N/A | C:\Windows\system32\wscript.exe | N/A |
| N/A | N/A | C:\Windows\system32\wscript.exe | N/A |
| N/A | N/A | C:\Windows\system32\wscript.exe | N/A |
| N/A | N/A | C:\Windows\system32\wscript.exe | N/A |
| N/A | N/A | C:\Windows\system32\wscript.exe | N/A |
| N/A | N/A | C:\Windows\system32\wscript.exe | N/A |
| N/A | N/A | C:\Windows\system32\wscript.exe | N/A |
| N/A | N/A | C:\Windows\system32\wscript.exe | N/A |
Looks up external IP address via web service
| Description | Indicator | Process | Target |
| N/A | ip-api.com | N/A | N/A |
Enumerates physical storage devices
Script User-Agent
| Description | Indicator | Process | Target |
| HTTP User-Agent header | WSHRAT|409F1942|VZODHOJJ|Admin|Microsoft Windows 7 Ultimate |plus|nan-av|false - 24/11/2022|JavaScript-v3.4|NL:Netherlands | N/A | N/A |
Processes
C:\Windows\system32\wscript.exe
wscript.exe "C:\Users\Admin\AppData\Local\Temp\invoice regulation documentation.JPG.js"
Network
| Country | Destination | Domain | Proto |
| N/A | 8.8.8.8:53 | ip-api.com | udp |
| N/A | 208.95.112.1:80 | ip-api.com | tcp |
| N/A | 8.8.8.8:53 | goodies.dynamic-dns.net | udp |
| N/A | 85.208.136.19:1604 | goodies.dynamic-dns.net | tcp |
| N/A | 85.208.136.19:1604 | goodies.dynamic-dns.net | tcp |
| N/A | 85.208.136.19:1604 | goodies.dynamic-dns.net | tcp |
| N/A | 85.208.136.19:1604 | goodies.dynamic-dns.net | tcp |
| N/A | 85.208.136.19:1604 | goodies.dynamic-dns.net | tcp |
| N/A | 85.208.136.19:1604 | goodies.dynamic-dns.net | tcp |
| N/A | 85.208.136.19:1604 | goodies.dynamic-dns.net | tcp |
| N/A | 85.208.136.19:1604 | goodies.dynamic-dns.net | tcp |
| N/A | 85.208.136.19:1604 | goodies.dynamic-dns.net | tcp |
Files
Analysis: behavioral2
Detonation Overview
Submitted
2022-11-24 07:50
Reported
2022-11-24 07:51
Platform
win10v2004-20221111-en
Max time network
14s