Analysis
-
max time kernel
70s -
max time network
47s -
platform
windows7_x64 -
resource
win7-20230621-en -
resource tags
arch:x64arch:x86image:win7-20230621-enlocale:en-usos:windows7-x64system -
submitted
21-06-2023 13:31
Static task
static1
Behavioral task
behavioral1
Sample
05734699.js
Resource
win7-20230621-en
Behavioral task
behavioral2
Sample
05734699.js
Resource
win10v2004-20230621-en
General
-
Target
05734699.js
-
Size
352KB
-
MD5
b662081c24306347fe96b0461cac1c76
-
SHA1
cf8a471dba51c21fd65cd5a0794654952a7559d1
-
SHA256
989ce4d82fd24dbd20f261ec89891f90756b404e98364108517d897113dfd302
-
SHA512
8c2bac8ef44d597e611018da40f8417d4114d0001061a278844177048356794f1a8a9e1cf8720aefca00e4f4d792f6357baa54d3c7e6b519e3570c31e04cf8d2
-
SSDEEP
6144:NJrV1fMvYNeDXN+2nQZw8eCBKBSB6G9tJsD5rPTb4hYWKv16SK4jfQ7577:NJx1fMvHuZHeCogYD5OYWEwX
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 3 IoCs
Processes:
wscript.exedescription pid Process procid_target PID 2012 wrote to memory of 1936 2012 wscript.exe 28 PID 2012 wrote to memory of 1936 2012 wscript.exe 28 PID 2012 wrote to memory of 1936 2012 wscript.exe 28
Processes
-
C:\Windows\system32\wscript.exewscript.exe C:\Users\Admin\AppData\Local\Temp\05734699.js1⤵
- Suspicious use of WriteProcessMemory
PID:2012 -
C:\Program Files\Java\jre7\bin\javaw.exe"C:\Program Files\Java\jre7\bin\javaw.exe" -jar "C:\Users\Admin\AppData\Roaming\gyhrjtqqd.txt"2⤵PID:1936
-
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
164KB
MD5e42e41dca87067441bf95942122244ef
SHA1b322424df5aec8e114bf9fcf179884db9722eeda
SHA2563aaca9e3fafd07c13175168d00a2d3fc4c7837990da32d5d80eb14303d53b132
SHA5122f40e875a916b56b6acd099192824fd52d3cb4b2aac785d7c6e80c45b98971e7fed7790f4ada946b0520180d2dd0819867ab326324bae50c04ba514c8d9aca5e