Analysis
-
max time kernel
105s -
max time network
108s -
platform
windows10-2004_x64 -
resource
win10v2004-20230621-en -
resource tags
arch:x64arch:x86image:win10v2004-20230621-enlocale:en-usos:windows10-2004-x64system -
submitted
23-06-2023 17:21
Static task
static1
Behavioral task
behavioral1
Sample
BSN-40367275.js
Resource
win7-20230621-en
windows7-x64
8 signatures
150 seconds
Behavioral task
behavioral2
Sample
BSN-40367275.js
Resource
win10v2004-20230621-en
windows10-2004-x64
3 signatures
150 seconds
General
-
Target
BSN-40367275.js
-
Size
342KB
-
MD5
826bef7cc89f65b8c9422d3bc8b88980
-
SHA1
34f366649a2daa6dee83dc972890f03dfec8b9b6
-
SHA256
e5a4d28b196efa6e4c971985f28f9468ffe167a963358a46498992fbf529e5a9
-
SHA512
78500e2bcf9035d9b61ca3042d7ba0d9c10f22f69dcd0bfff5ef0cce45582b2d2ac450d4eda4bb2f380154540efc81deefbcc54989b45b304b1c8f12c2aa1941
-
SSDEEP
6144:bcFYID3OLgu44c/3F1amoAk5MuXvCG8YtnZ593e:fIS1xb6
Score
7/10
Malware Config
Signatures
-
Checks computer location settings 2 TTPs 1 IoCs
Looks up country code configured in the registry, likely geofence.
Processes:
wscript.exedescription ioc process Key value queried \REGISTRY\USER\S-1-5-21-2178924671-3779044592-2825503497-1000\Control Panel\International\Geo\Nation wscript.exe -
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Suspicious use of WriteProcessMemory 2 IoCs
Processes:
wscript.exedescription pid process target process PID 3816 wrote to memory of 4188 3816 wscript.exe cmd.exe PID 3816 wrote to memory of 4188 3816 wscript.exe cmd.exe