Analysis

  • max time kernel
    70s
  • max time network
    47s
  • platform
    windows7_x64
  • resource
    win7-20230621-en
  • resource tags

    arch:x64arch:x86image:win7-20230621-enlocale:en-usos:windows7-x64system
  • submitted
    21-06-2023 13:31

General

  • Target

    05734699.js

  • Size

    352KB

  • MD5

    b662081c24306347fe96b0461cac1c76

  • SHA1

    cf8a471dba51c21fd65cd5a0794654952a7559d1

  • SHA256

    989ce4d82fd24dbd20f261ec89891f90756b404e98364108517d897113dfd302

  • SHA512

    8c2bac8ef44d597e611018da40f8417d4114d0001061a278844177048356794f1a8a9e1cf8720aefca00e4f4d792f6357baa54d3c7e6b519e3570c31e04cf8d2

  • SSDEEP

    6144:NJrV1fMvYNeDXN+2nQZw8eCBKBSB6G9tJsD5rPTb4hYWKv16SK4jfQ7577:NJx1fMvHuZHeCogYD5OYWEwX

Score
1/10

Malware Config

Signatures

  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Windows\system32\wscript.exe
    wscript.exe C:\Users\Admin\AppData\Local\Temp\05734699.js
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2012
    • C:\Program Files\Java\jre7\bin\javaw.exe
      "C:\Program Files\Java\jre7\bin\javaw.exe" -jar "C:\Users\Admin\AppData\Roaming\gyhrjtqqd.txt"
      2⤵
        PID:1936

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\Roaming\gyhrjtqqd.txt

      Filesize

      164KB

      MD5

      e42e41dca87067441bf95942122244ef

      SHA1

      b322424df5aec8e114bf9fcf179884db9722eeda

      SHA256

      3aaca9e3fafd07c13175168d00a2d3fc4c7837990da32d5d80eb14303d53b132

      SHA512

      2f40e875a916b56b6acd099192824fd52d3cb4b2aac785d7c6e80c45b98971e7fed7790f4ada946b0520180d2dd0819867ab326324bae50c04ba514c8d9aca5e

    • memory/1936-65-0x0000000000110000-0x0000000000111000-memory.dmp

      Filesize

      4KB

    • memory/1936-66-0x0000000000110000-0x0000000000111000-memory.dmp

      Filesize

      4KB