cffd407a2d61f8a7f65cc06ec4fdcd7ef4e9f8ddeb464f1b8bd0a58d90a377bc

Analysis

max time kernel
148s
max time network
39s
platform
windows7_x64
resource
win7-20230220-en
resource tags

arch:x64arch:x86image:win7-20230220-enlocale:en-usos:windows7-x64system
submitted
01/04/2023, 01:13

Target

0df05fb645c21efe2ca3d955b82e24369238355bcd54f593ba8643b639a543af.js
Size

213KB
MD5

311ef1f6a6172d92cc3e25ef956da75b
SHA1

6dc2284e6668d462a3122e924b88fc1cdf28b07d
SHA256

0df05fb645c21efe2ca3d955b82e24369238355bcd54f593ba8643b639a543af
SHA512

c05343a9a33b834facb96a5119424a46f5e41d13cb30e148056cd47ab29b24f624eba3c16724f148ebbd543a7f5c81fe07148dd46b4d3c3df0eefe23815bec75
SSDEEP

3072:GQyejZErck/3o6u5KyLpR7OaaEZERx4Rzt2OeMHuK3xM3pqBw/4wohXG0RFA:GQyTrC5K2pR7OaHZyxGXIy0k2uA

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1932 wrote to memory of 864	1932	wscript.exe	28
PID 1932 wrote to memory of 864	1932	wscript.exe	28
PID 1932 wrote to memory of 864	1932	wscript.exe	28

C:\Windows\system32\wscript.exe
wscript.exe C:\Users\Admin\AppData\Local\Temp\0df05fb645c21efe2ca3d955b82e24369238355bcd54f593ba8643b639a543af.js
1⤵
- Suspicious use of WriteProcessMemory
PID:1932
- C:\Program Files\Java\jre7\bin\javaw.exe
  "C:\Program Files\Java\jre7\bin\javaw.exe" -jar "C:\Users\Admin\AppData\Roaming\vsfgrsadkn.txt"
  2⤵
  PID:864

C:\Users\Admin\AppData\Roaming\vsfgrsadkn.txt

Filesize
92KB

MD5
391907cc91179ada8c93dfb70cf2fa56

SHA1
da55acbf6aafe2f376bf4ebd3ff8fbf99cf4966d

SHA256
20ad6197b8d0b6b2764f90ef38bace3e230cb2878db9a30778db0e4ef042a039

SHA512
931c419c6fff67cc0973eaa67c771aafa573ad5875b1db93ed4ec52e1f20f7e567a0f7c44d916de1d8e77407fe83eb2418fc9c0ba457bd05ef1f742bc4ed0afc

Download Submit
memory/864-65-0x0000000000310000-0x0000000000311000-memory.dmp

Filesize
4KB

Download
memory/864-66-0x0000000000310000-0x0000000000311000-memory.dmp

Filesize
4KB

Download
memory/864-88-0x0000000000310000-0x0000000000311000-memory.dmp

Filesize
4KB

Download