Analysis
-
max time kernel
146s -
max time network
151s -
platform
windows7_x64 -
resource
win7-20230220-en -
resource tags
arch:x64arch:x86image:win7-20230220-enlocale:en-usos:windows7-x64system -
submitted
15-06-2023 12:33
Static task
static1
Behavioral task
behavioral1
Sample
05260499.js
Resource
win7-20230220-en
4 signatures
150 seconds
General
-
Target
05260499.js
-
Size
346KB
-
MD5
1c50a0279d38af4da4d39a9287096ca6
-
SHA1
767180b03827b30622691670f0814f40f47ccfe8
-
SHA256
f0859092ba6f050b746556c0957dfc4d0faa35ffade29ad199d028cb6e14c9bc
-
SHA512
2d30a9f332f5a38bd2551986bd976d6cf9a75ed2600a76de48113e2c840ebf831624bcef801c74623c33429f56efbbdcf0b73528661ce82207f808cfb35e2eaa
-
SSDEEP
6144:eQfPBx5q0sQ1o7rsbHC01mDBpNW2mTMSbpuV860:eQ3B7qgpB
Malware Config
Signatures
-
Blocklisted process makes network request 16 IoCs
flow pid Process 4 1972 wscript.exe 5 1972 wscript.exe 6 1972 wscript.exe 9 1972 wscript.exe 10 1972 wscript.exe 11 1972 wscript.exe 13 1972 wscript.exe 14 1972 wscript.exe 15 1972 wscript.exe 17 1972 wscript.exe 18 1972 wscript.exe 19 1972 wscript.exe 21 1972 wscript.exe 22 1972 wscript.exe 23 1972 wscript.exe 25 1972 wscript.exe -
Drops startup file 2 IoCs
description ioc Process File created C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\05260499.js wscript.exe File opened for modification C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\05260499.js wscript.exe -
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).