Analysis
-
max time kernel
28s -
max time network
30s -
platform
windows7_x64 -
resource
win7-20221111-en -
resource tags
arch:x64arch:x86image:win7-20221111-enlocale:en-usos:windows7-x64system -
submitted
21/12/2022, 20:41
Static task
static1
Behavioral task
behavioral1
Sample
Document_21_dec-3195514.js
Resource
win7-20221111-en
windows7-x64
2 signatures
150 seconds
Behavioral task
behavioral2
Sample
Document_21_dec-3195514.js
Resource
win10v2004-20220812-en
windows10-2004-x64
2 signatures
150 seconds
General
-
Target
Document_21_dec-3195514.js
-
Size
2KB
-
MD5
110182af5de5ca4bcce957d035050edb
-
SHA1
a2c11bb4cce51d332ab0638748efaf74c6b39a3a
-
SHA256
ff60690b611acd9b5386b5fba7da53f3e3b0a58760842e249c0ad2a0fbb46a03
-
SHA512
b7e6297c481d19a39113dc0306b7fb5319a9cb9e7035644f6517488d4fcf172f13396120a455dd3b16c17db5e686b70c923f1981c0fadc994a1e0ccd453524f7
Score
8/10
Malware Config
Signatures
-
Blocklisted process makes network request 2 IoCs
flow pid Process 4 1108 msiexec.exe 5 1108 msiexec.exe -
Suspicious use of AdjustPrivilegeToken 34 IoCs
description pid Process Token: SeShutdownPrivilege 1160 wscript.exe Token: SeIncreaseQuotaPrivilege 1160 wscript.exe Token: SeRestorePrivilege 1108 msiexec.exe Token: SeTakeOwnershipPrivilege 1108 msiexec.exe Token: SeSecurityPrivilege 1108 msiexec.exe Token: SeCreateTokenPrivilege 1160 wscript.exe Token: SeAssignPrimaryTokenPrivilege 1160 wscript.exe Token: SeLockMemoryPrivilege 1160 wscript.exe Token: SeIncreaseQuotaPrivilege 1160 wscript.exe Token: SeMachineAccountPrivilege 1160 wscript.exe Token: SeTcbPrivilege 1160 wscript.exe Token: SeSecurityPrivilege 1160 wscript.exe Token: SeTakeOwnershipPrivilege 1160 wscript.exe Token: SeLoadDriverPrivilege 1160 wscript.exe Token: SeSystemProfilePrivilege 1160 wscript.exe Token: SeSystemtimePrivilege 1160 wscript.exe Token: SeProfSingleProcessPrivilege 1160 wscript.exe Token: SeIncBasePriorityPrivilege 1160 wscript.exe Token: SeCreatePagefilePrivilege 1160 wscript.exe Token: SeCreatePermanentPrivilege 1160 wscript.exe Token: SeBackupPrivilege 1160 wscript.exe Token: SeRestorePrivilege 1160 wscript.exe Token: SeShutdownPrivilege 1160 wscript.exe Token: SeDebugPrivilege 1160 wscript.exe Token: SeAuditPrivilege 1160 wscript.exe Token: SeSystemEnvironmentPrivilege 1160 wscript.exe Token: SeChangeNotifyPrivilege 1160 wscript.exe Token: SeRemoteShutdownPrivilege 1160 wscript.exe Token: SeUndockPrivilege 1160 wscript.exe Token: SeSyncAgentPrivilege 1160 wscript.exe Token: SeEnableDelegationPrivilege 1160 wscript.exe Token: SeManageVolumePrivilege 1160 wscript.exe Token: SeImpersonatePrivilege 1160 wscript.exe Token: SeCreateGlobalPrivilege 1160 wscript.exe
Processes
-
C:\Windows\system32\wscript.exewscript.exe C:\Users\Admin\AppData\Local\Temp\Document_21_dec-3195514.js1⤵
- Suspicious use of AdjustPrivilegeToken
PID:1160
-
C:\Windows\system32\msiexec.exeC:\Windows\system32\msiexec.exe /V1⤵
- Blocklisted process makes network request
- Suspicious use of AdjustPrivilegeToken
PID:1108