Overview

overview

8

Static

static

1

Fattura 35...934.js

windows7-x64

8

Fattura 35...934.js

windows10-2004-x64

8

Analysis

  • max time kernel
    91s
  • max time network
    107s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20230220-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system
  • submitted
    23/03/2023, 13:30 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Fattura 3567 2023-400934.js

  • Size

    6KB

  • MD5

    548feb99e9ac3da410fc8ee0e7cff461

  • SHA1

    09064face8d5a7449eedcf62f95ffe2551c4eae8

  • SHA256

    78668f256b67a4e48db0cca31862f0eca33012348f017c421c00887a9b8e5ff2

  • SHA512

    6dd33fa52a99e71382aef8e18b0d3d27634da16764ad975af7f6b6da7281ea8897b530ef21540ded2cd84c4001f29d323f07a028bff801c5b16903bf81a0bbde

  • SSDEEP

    192:M/fnUwLR8EzDM9a9gJ3txMtiN7fPLrFaLc:dY4Mi5n/

Score
8/10

Malware Config

Signatures

  • Blocklisted process makes network request 1 IoCs
  • Script User-Agent 1 IoCs

    Uses user-agent string associated with script host/environment.

Processes

  • C:\Windows\system32\wscript.exe
    wscript.exe "C:\Users\Admin\AppData\Local\Temp\Fattura 3567 2023-400934.js"
    1⤵
    • Blocklisted process makes network request
    PID:3152

Network

  • flag-us
    DNS
    centarial.com
    wscript.exe
    Remote address:
    8.8.8.8:53
    Request
    centarial.com
    IN A
    Response
    centarial.com
    IN A
    91.213.50.60
  • flag-ru
    GET
    http://centarial.com/documento.php
    wscript.exe
    Remote address:
    91.213.50.60:80
    Request
    GET /documento.php HTTP/1.1
    Connection: Keep-Alive
    Accept: */*
    User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)
    Host: centarial.com
    Response
    HTTP/1.1 403 Forbidden
    Server: nginx
    Date: Thu, 23 Mar 2023 13:30:11 GMT
    Content-Type: text/html; charset=iso-8859-1
    Content-Length: 215
    Connection: keep-alive
    Keep-Alive: timeout=60
  • flag-us
    DNS
    60.50.213.91.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    60.50.213.91.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    104.219.191.52.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    104.219.191.52.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    126.131.255.8.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    126.131.255.8.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    20.160.190.20.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    20.160.190.20.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    76.38.195.152.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    76.38.195.152.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    149.220.183.52.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    149.220.183.52.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    176.122.125.40.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    176.122.125.40.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    97.97.242.52.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    97.97.242.52.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    0.205.248.87.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    0.205.248.87.in-addr.arpa
    IN PTR
    Response
    0.205.248.87.in-addr.arpa
    IN PTR
    https-87-248-205-0lgwllnwnet
  • flag-us
    DNS
    203.151.224.20.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    203.151.224.20.in-addr.arpa
    IN PTR
    Response
  • 91.213.50.60:80
    http://centarial.com/documento.php
    http
    wscript.exe
    344 B
     539 B
     4
    3

    HTTP Request

    GET http://centarial.com/documento.php

    HTTP Response

    403
  • 20.189.173.9:443
    322 B
     7
  • 8.8.8.8:53
    centarial.com
    dns
    wscript.exe
    59 B
     75 B
     1
    1

    DNS Request

    centarial.com

    DNS Response

    91.213.50.60

  • 8.8.8.8:53
    60.50.213.91.in-addr.arpa
    dns
    71 B
     131 B
     1
    1

    DNS Request

    60.50.213.91.in-addr.arpa

  • 8.8.8.8:53
    104.219.191.52.in-addr.arpa
    dns
    73 B
     147 B
     1
    1

    DNS Request

    104.219.191.52.in-addr.arpa

  • 8.8.8.8:53
    126.131.255.8.in-addr.arpa
    dns
    72 B
     126 B
     1
    1

    DNS Request

    126.131.255.8.in-addr.arpa

  • 8.8.8.8:53
    76.38.195.152.in-addr.arpa
    dns
    72 B
     143 B
     1
    1

    DNS Request

    76.38.195.152.in-addr.arpa

  • 8.8.8.8:53
    20.160.190.20.in-addr.arpa
    dns
    72 B
     158 B
     1
    1

    DNS Request

    20.160.190.20.in-addr.arpa

  • 8.8.8.8:53
    149.220.183.52.in-addr.arpa
    dns
    73 B
     147 B
     1
    1

    DNS Request

    149.220.183.52.in-addr.arpa

  • 8.8.8.8:53
    176.122.125.40.in-addr.arpa
    dns
    73 B
     159 B
     1
    1

    DNS Request

    176.122.125.40.in-addr.arpa

  • 8.8.8.8:53
    97.97.242.52.in-addr.arpa
    dns
    71 B
     145 B
     1
    1

    DNS Request

    97.97.242.52.in-addr.arpa

  • 8.8.8.8:53
    0.205.248.87.in-addr.arpa
    dns
    71 B
     116 B
     1
    1

    DNS Request

    0.205.248.87.in-addr.arpa

  • 8.8.8.8:53
    203.151.224.20.in-addr.arpa
    dns
    73 B
     159 B
     1
    1

    DNS Request

    203.151.224.20.in-addr.arpa

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.