Overview

overview

10

Static

static

1

document_D...n_1.js

windows7-x64

1

document_D...n_1.js

windows10-2004-x64

10

Analysis

  • max time kernel
    135s
  • max time network
    152s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20230220-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system
  • submitted
    01-06-2023 15:09

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    document_D031_Jun_1.js

  • Size

    4KB

  • MD5

    efd208fb9a84c84acdef2522efb1891a

  • SHA1

    8da8243836efb550151fcd4802bd4cd932ef8afc

  • SHA256

    7eb793c1efab64ad1d6941a96f32bb241f5980f8f4f57f8049c82dbcb609078e

  • SHA512

    af983ef936d16f0066d804b2e751bb50750c52bf3799dbd61072480f71f1fb3d40c4aceab380f5dfcc4db3d04f26e4677040082b19814585651434553a66a4ee

  • SSDEEP

    48:1EenqUi+lDuBxHbI+mfIpGC2mfDioNnC2mfDizaqNgj5b3V+KcdPkdFKVX4Hifoj:Wai+hEbppBuBj/chGFmYA3YRo+

Score
10/10

Malware Config

Signatures

  • Process spawned unexpected child process 1 IoCs

    This typically indicates the parent process was compromised via an exploit or macro.

  • Blocklisted process makes network request 1 IoCs
  • Suspicious use of WriteProcessMemory 6 IoCs

Processes

  • C:\Windows\system32\wscript.exe
    wscript.exe C:\Users\Admin\AppData\Local\Temp\document_D031_Jun_1.js
    1⤵
    • Blocklisted process makes network request
    PID:3832
  • C:\Windows\system32\conhost.exe
    conhost.exe conhost.exe conhost.exe rundll32.exe C:\Users\Public\unhandled.dat,next
    1⤵
    • Process spawned unexpected child process
    • Suspicious use of WriteProcessMemory
    PID:4968
    • C:\Windows\system32\conhost.exe
      conhost.exe conhost.exe rundll32.exe C:\Users\Public\unhandled.dat,next
      2⤵
      • Suspicious use of WriteProcessMemory
      PID:1012
      • C:\Windows\system32\conhost.exe
        conhost.exe rundll32.exe C:\Users\Public\unhandled.dat,next
        3⤵
        • Suspicious use of WriteProcessMemory
        PID:3668
        • C:\Windows\system32\rundll32.exe
          rundll32.exe C:\Users\Public\unhandled.dat,next
          4⤵
            PID:4264

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads