Overview

overview

8

Static

static

Sprawls.cmd

windows7-x64

1

Sprawls.cmd

windows10-2004-x64

8

Unpreposse...re.wsf

windows7-x64

8

Unpreposse...re.wsf

windows10-2004-x64

8

Unpreposse...ty.jpg

windows7-x64

3

Unpreposse...ty.jpg

windows10-2004-x64

3

semihonorS...ng.cmd

windows7-x64

1

semihonorS...ng.cmd

windows10-2004-x64

8

semihonorS...th.jpg

windows7-x64

3

semihonorS...th.jpg

windows10-2004-x64

3

semihonorS...ck.jpg

windows7-x64

3

semihonorS...ck.jpg

windows10-2004-x64

3

Analysis

  • max time kernel
    31s
  • max time network
    33s
  • platform
    windows7_x64
  • resource
    win7-20221111-en
  • resource tags

    arch:x64arch:x86image:win7-20221111-enlocale:en-usos:windows7-x64system
  • submitted
    22-12-2022 16:15

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    UnprepossessedRockeries/Outscout/OvervehemenceSeparatrices/CoffeaReaspire.wsf

  • Size

    26KB

  • MD5

    1284537ec66f1bab477c9056a93246a5

  • SHA1

    f2063fcc7dafa9792ed89a896b456360cd7d2f86

  • SHA256

    7d1ddf96998fcdbed9df8de4e9c3241bfecdfa60f32d3f85513d9ead0a360d69

  • SHA512

    c3d27ea9d52ff540359ada8621a7adb3d14fb780defce7f754b8ffacb768525fa3e10354582e8bfcb4c0016eeb9c753408bcc747738d3eb741e6996f3549b25c

  • SSDEEP

    384:jH7uE5WXlZVpBWHeCpCmLd3+vGiXsTR3Pb+CX826Pwc+dYVhor7vm:jKjlc8vGiYf826Pwc+d8W7vm

Score
8/10

Malware Config

Signatures

  • Blocklisted process makes network request 4 IoCs

Processes

  • C:\Windows\System32\WScript.exe
    "C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\UnprepossessedRockeries\Outscout\OvervehemenceSeparatrices\CoffeaReaspire.wsf"
    1⤵
    • Blocklisted process makes network request
    PID:1700

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/1700-54-0x000007FEFB6F1000-0x000007FEFB6F3000-memory.dmp

    Filesize

    8KB

    Download