Overview

overview

10

Static

static

1

doc_C604_May_31.js

windows7-x64

1

doc_C604_May_31.js

windows10-2004-x64

10

Analysis

  • max time kernel
    365s
  • max time network
    401s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20230221-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20230221-enlocale:en-usos:windows10-2004-x64system
  • submitted
    31-05-2023 16:01

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    doc_C604_May_31.js

  • Size

    4KB

  • MD5

    69bb6dccea92cd67d4d00ede99cbe684

  • SHA1

    3e6c99720de035fb52b889b6942386fecf3d2627

  • SHA256

    c32a4139aa0371e89f88db1a78e7ba8c4c32428bd8f228bf02fb55b61e13f601

  • SHA512

    1a5ca09a282a85b58eb7f0e751aa341c8202ace3664503b0fe243f45e1d8c9a0243a3dbe0fc4431ab81171bef835d5e62d5a156d563a008240b50815d9515d5a

  • SSDEEP

    48:s5H94NqzqFFNo2UkkVwRb46mfZmfnmf79Rkc3iKdHeSxFKV34ZjAifofof67KLmO:K4NqzqFFNx9bFMBlFmUAAVSFSsW

Score
10/10

Malware Config

Signatures

  • Process spawned unexpected child process 1 IoCs

    This typically indicates the parent process was compromised via an exploit or macro.

  • Blocklisted process makes network request 1 IoCs
  • Suspicious use of WriteProcessMemory 6 IoCs

Processes

  • C:\Windows\system32\wscript.exe
    wscript.exe C:\Users\Admin\AppData\Local\Temp\doc_C604_May_31.js
    1⤵
    • Blocklisted process makes network request
    PID:4716
  • C:\Windows\system32\conhost.exe
    conhost.exe conhost.exe conhost.exe rundll32.exe C:\Users\Public\hews.dat,next
    1⤵
    • Process spawned unexpected child process
    • Suspicious use of WriteProcessMemory
    PID:3640
    • C:\Windows\system32\conhost.exe
      conhost.exe conhost.exe rundll32.exe C:\Users\Public\hews.dat,next
      2⤵
      • Suspicious use of WriteProcessMemory
      PID:3756
      • C:\Windows\system32\conhost.exe
        conhost.exe rundll32.exe C:\Users\Public\hews.dat,next
        3⤵
        • Suspicious use of WriteProcessMemory
        PID:2532
        • C:\Windows\system32\rundll32.exe
          rundll32.exe C:\Users\Public\hews.dat,next
          4⤵
            PID:1144

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads