Overview

overview

10

Static

static

1

document_A...n_2.js

windows7-x64

1

document_A...n_2.js

windows10-2004-x64

10

Resubmissions

02/06/2023, 13:35

230602-qvz97sbf23 10

02/06/2023, 13:33

230602-qtmygsbe97 10

Analysis

  • max time kernel
    81s
  • max time network
    93s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20230220-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system
  • submitted
    02/06/2023, 13:33

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    document_A614_Jun_2.js

  • Size

    4KB

  • MD5

    230443f8af047c8b4597903328500b43

  • SHA1

    ce7861a9fca90884c3e34ef99507a59fd636153f

  • SHA256

    c6aab235f1835b6a4ac64c0293f9814c0bac0f5b99e5ae345ad1c1dee5e5c408

  • SHA512

    ca3dec226aedd3fff58daefdc35fa49fd8639cdb9e5f9b8d097799b3a1e5d12230ef85b3d32e249e0066ee0a2345ed6a7019a7bffa8123fd8e0008a9d8d2273d

  • SSDEEP

    96:tt6seA96t3/y/H/CgWn2JUeSVKFmopZ4z2V9:tt6TA96t3/y/H/CB2IVkWz+

Score
10/10

Malware Config

Signatures

  • Process spawned unexpected child process 1 IoCs

    This typically indicates the parent process was compromised via an exploit or macro.

  • Blocklisted process makes network request 1 IoCs
  • Suspicious use of WriteProcessMemory 6 IoCs

Processes

  • C:\Windows\system32\wscript.exe
    wscript.exe C:\Users\Admin\AppData\Local\Temp\document_A614_Jun_2.js
    1⤵
    • Blocklisted process makes network request
    PID:2432
  • C:\Windows\system32\conhost.exe
    conhost.exe conhost.exe conhost.exe rundll32.exe C:\Users\Public\quiescence.dat,next
    1⤵
    • Process spawned unexpected child process
    • Suspicious use of WriteProcessMemory
    PID:3860
    • C:\Windows\system32\conhost.exe
      conhost.exe conhost.exe rundll32.exe C:\Users\Public\quiescence.dat,next
      2⤵
      • Suspicious use of WriteProcessMemory
      PID:4032
      • C:\Windows\system32\conhost.exe
        conhost.exe rundll32.exe C:\Users\Public\quiescence.dat,next
        3⤵
        • Suspicious use of WriteProcessMemory
        PID:468
        • C:\Windows\system32\rundll32.exe
          rundll32.exe C:\Users\Public\quiescence.dat,next
          4⤵
            PID:2648

    Network

          MITRE ATT&CK Matrix

          Replay Monitor

          Loading Replay Monitor...

          Downloads