Analysis

  • max time kernel
    48s
  • max time network
    111s
  • platform
    windows7_x64
  • resource
    win7-20230220-en
  • resource tags

    arch:x64arch:x86image:win7-20230220-enlocale:en-usos:windows7-x64system
  • submitted
    15/06/2023, 15:24

General

  • Target

    document_DB798_Jun_15_3.js

  • Size

    5KB

  • MD5

    ccbcf7f0c1a6cf533bea8c541cec65c8

  • SHA1

    66508c03201f46e065e78e6cbe01e5715e4f764c

  • SHA256

    d892f064fd53f65d347124c052e58a7c6f317f759a52d4da23aa8a141cd55890

  • SHA512

    e0655d0b9b9b804adb81cf7a27b3f5cd74b6fb84d402a52ed9279cfe88f7ecbe560c0b2d01ed5a98ba87fa780b8c547e5785f3a47300ad42ed8ac4224bd60385

  • SSDEEP

    96:EVUHZFSYQYGZjTqH8v/2TuFxD78H8v/2TTxDe7MDsyEBD3MTQyeyZqg1WuTQyv3Q:WB/8o/8iB8ZG

Score
8/10

Malware Config

Signatures

  • Blocklisted process makes network request 2 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies system certificate store 2 TTPs 2 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Windows\system32\wscript.exe
    wscript.exe C:\Users\Admin\AppData\Local\Temp\document_DB798_Jun_15_3.js
    1⤵
    • Blocklisted process makes network request
    • Modifies system certificate store
    • Suspicious use of WriteProcessMemory
    PID:2032
    • C:\Windows\System32\conhost.exe
      "C:\Windows\System32\conhost.exe" rundll32.exe c:\users\public\tangier.tmp,must
      2⤵
        PID:1548

    Network

    MITRE ATT&CK Enterprise v6

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • memory/2032-67-0x00000000035C0000-0x00000000035C1000-memory.dmp

      Filesize

      4KB