7013cd71275ccdc3bbd9c21a043111507f17db8173d9723d332d1e11803feb5b

Analysis

max time kernel
146s
max time network
42s
platform
windows7_x64
resource
win7-20230220-en
resource tags

arch:x64arch:x86image:win7-20230220-enlocale:en-usos:windows7-x64system
submitted
16/05/2023, 10:27

Target

PO.161015-AGS_510160523.js
Size

353KB
MD5

f8c4a9e4b862da35ef71561b554074d9
SHA1

1ae85604c744b89b876454e8a315e5a366d56813
SHA256

7013cd71275ccdc3bbd9c21a043111507f17db8173d9723d332d1e11803feb5b
SHA512

3a62d1c85759a09b149ea6e7faeb7a65a11b1ea013b170204df2711511df71bdb4c99ea0bd74c715e1ef4f4c2588a5cc83a0bd258d780b5cf47f67ab0867b8da
SSDEEP

6144:9xG6v+R0VRo9HC8PUYDvD9otmMmSopMauXpYb538jXCEzz+cgwt0+oaODwA6ycDq:Xvah9HtPqtBm53ijXCCMwWZiGqyv

Score

3^/10

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1680 wrote to memory of 316	1680	wscript.exe	28
PID 1680 wrote to memory of 316	1680	wscript.exe	28
PID 1680 wrote to memory of 316	1680	wscript.exe	28

C:\Windows\system32\wscript.exe
wscript.exe C:\Users\Admin\AppData\Local\Temp\PO.161015-AGS_510160523.js
1⤵
- Suspicious use of WriteProcessMemory
PID:1680
- C:\Program Files\Java\jre7\bin\javaw.exe
  "C:\Program Files\Java\jre7\bin\javaw.exe" -jar "C:\Users\Admin\AppData\Roaming\psfdlpoq.txt"
  2⤵
  PID:316

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

C:\Users\Admin\AppData\Roaming\psfdlpoq.txt

Filesize
164KB

MD5
d12213e0d90b8da434b471226a23b466

SHA1
00217f8e6e4281ae7bc640fe9a50a064536e223b

SHA256
6286eaa1a554462042ec633f47e9f46c6d85529bff031531d269a1b03ff72c93

SHA512
af4b92e9e9ac9b5c1a3b9732428ead2bd8f5ab3499208d17200382af5b671de7a60e142aa357ebb03bbb3dec2f57a06c777ef19dea5ee835e08a1ee07c73da21

Download Submit
memory/316-65-0x0000000000210000-0x0000000000211000-memory.dmp

Filesize
4KB

Download
memory/316-72-0x0000000000210000-0x0000000000211000-memory.dmp

Filesize
4KB

Download
memory/316-73-0x0000000000210000-0x0000000000211000-memory.dmp

Filesize
4KB

Download
memory/316-75-0x0000000000210000-0x0000000000211000-memory.dmp

Filesize
4KB

Download
memory/316-76-0x0000000000210000-0x0000000000211000-memory.dmp

Filesize
4KB

Download
memory/316-79-0x0000000000210000-0x0000000000211000-memory.dmp

Filesize
4KB

Download
memory/316-81-0x0000000000210000-0x0000000000211000-memory.dmp

Filesize
4KB

Download
memory/316-86-0x0000000000210000-0x0000000000211000-memory.dmp

Filesize
4KB

Download
memory/316-91-0x0000000000210000-0x0000000000211000-memory.dmp

Filesize
4KB

Download