Overview

overview

8

Static

static

1

Inv_Scan_06_15(72).js

windows7-x64

8

Inv_Scan_06_15(72).js

windows10-2004-x64

8

Analysis

  • max time kernel
    135s
  • max time network
    145s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20230220-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system
  • submitted
    15-06-2023 23:47

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Inv_Scan_06_15(72).js

  • Size

    797KB

  • MD5

    5f67a2c149401addd1224a4f1c191d07

  • SHA1

    d0a229b6d14fd3c32c8f696b97717b86644c1b6b

  • SHA256

    92506fe773db7472e7782dbb5403548323e65a9eb2e4c15f9ac65ee6c4bd908b

  • SHA512

    7a68e3057abdbe9892b6217ed1ed9a39fd63811446e16ab5e3056ac6c0ce08a15b9052c1288dc6f0af72939112fdf02cf2999749d665a91ec4ecf1aeae8ac21f

  • SSDEEP

    24576:Gpt/GAh0WbGhCxS2f1Tyj53rpeMnaEEfutJAFMMGDhRvu4nMJUTe1ka6MdF2lXSh:Aw7WbGhCxS2f1Tyj53rpeMnaE6utJAFF

Score
8/10

Malware Config

Signatures

  • Blocklisted process makes network request 4 IoCs
  • Downloads MZ/PE file
  • Checks computer location settings 2 TTPs 1 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Loads dropped DLL 2 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious behavior: EnumeratesProcesses 4 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Windows\system32\wscript.exe
    wscript.exe C:\Users\Admin\AppData\Local\Temp\Inv_Scan_06_15(72).js
    1⤵
    • Blocklisted process makes network request
    • Checks computer location settings
    • Suspicious use of WriteProcessMemory
    PID:1872
    • C:\Windows\System32\rundll32.exe
      "C:\Windows\System32\rundll32.exe" C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Templates\145665.dat,vcab /k snickers328
      2⤵
      • Loads dropped DLL
      • Suspicious behavior: EnumeratesProcesses
      PID:3392
    • C:\Windows\System32\rundll32.exe
      "C:\Windows\System32\rundll32.exe" C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Templates\983813.dat,vcab /k snickers328
      2⤵
      • Loads dropped DLL
      • Suspicious behavior: EnumeratesProcesses
      PID:4904

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Templates\145665.dat
    Filesize

    314KB

    MD5

    9b71e0314206a22824afff1c4ccf42fd

    SHA1

    e7188f764c5e0f6986375332382a707fdb426247

    SHA256

    22913d02c0c67bc3f3185b8424680216df36ecd76fd16c242cc55ee80cd8d90b

    SHA512

    1795f3a5a37bae9a87d072fa1613ed90edf54a80c02c176e1c52f06e0dd9625943853cd1c2e7b219cfb60e37c89cbe38671a147b6876c4b6ed1f8574f6fc8f83

    Download Submit

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Templates\145665.dat
    Filesize

    314KB

    MD5

    9b71e0314206a22824afff1c4ccf42fd

    SHA1

    e7188f764c5e0f6986375332382a707fdb426247

    SHA256

    22913d02c0c67bc3f3185b8424680216df36ecd76fd16c242cc55ee80cd8d90b

    SHA512

    1795f3a5a37bae9a87d072fa1613ed90edf54a80c02c176e1c52f06e0dd9625943853cd1c2e7b219cfb60e37c89cbe38671a147b6876c4b6ed1f8574f6fc8f83

    Download Submit

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Templates\983813.dat
    Filesize

    314KB

    MD5

    951270cf894d77cd3673b3a57b045c92

    SHA1

    889ad6be587ed3ad7df97599a170f59f095a1e98

    SHA256

    647c82b4abec0bf581e391d1c6f59ececd224079414b8366b6e6a7bff682d4b0

    SHA512

    adf27637d4ef4883a1e5627f9ef6af04e56c6f74404bbea8be07b8e0b16290ac9b45ab117dc2f848b62888c7eb73e4d985e31aaa2d921c582ba7630afd4738a7

    Download Submit

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Templates\983813.dat
    Filesize

    314KB

    MD5

    951270cf894d77cd3673b3a57b045c92

    SHA1

    889ad6be587ed3ad7df97599a170f59f095a1e98

    SHA256

    647c82b4abec0bf581e391d1c6f59ececd224079414b8366b6e6a7bff682d4b0

    SHA512

    adf27637d4ef4883a1e5627f9ef6af04e56c6f74404bbea8be07b8e0b16290ac9b45ab117dc2f848b62888c7eb73e4d985e31aaa2d921c582ba7630afd4738a7

    Download Submit

  • memory/3392-147-0x000001B32B910000-0x000001B32B914000-memory.dmp

    Filesize

    16KB

    Download