70118cb601728b6d25a321a9534a285da32caea03c68f98336a75afd73a78df4 | Triage

Analysis

max time kernel
145s
max time network
144s
platform
windows10-2004_x64
resource
win10v2004-20230621-en
resource tags

arch:x64arch:x86image:win10v2004-20230621-enlocale:en-usos:windows10-2004-x64system
submitted
03/07/2023, 01:04

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

rich_editor2.js
Size

37KB
MD5

9720549ab5b438f2c3657dd71a12514b
SHA1

893ac959722e07b76280e55ad25ea6aae61c4d5e
SHA256

d3040ee10ab3b319f128b979881d28426af648a8195c884c3da582158975b44c
SHA512

e3ccfa302ae69b3fe6b7d831a1bb67ed0d66e0e0409b5cb54076c4a7de0ecb2eb2aab5c578f352ad43d50abc11a515e53297ea51999ee7e810a10653bc774bdb
SSDEEP

768:wMQwXob9I2ronfI051+rArCArNzs3szC0Q:w5ugAfI051+w3NW70Q

Score

5^/10

Malware Config

Signatures

Drops file in System32 directory 8 IoCs

description	ioc	Process
File created	C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\InstallService\{7230646E-0BF0-4C51-9146-7AB53200EC4F}.catalogItem	svchost.exe
File created	C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\InstallService\{F8CFAA87-9D8F-40F4-8BF5-B0330DB30647}.catalogItem	svchost.exe
File created	C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\InstallService\{E79EA4C5-DA1F-4E20-8D16-B1C9F49C933B}.catalogItem	svchost.exe
File created	C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\InstallService\{F7DAF002-B3C2-4479-A25B-1B50D93497AF}.catalogItem	svchost.exe
File created	C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\InstallService\{F2F96AF3-21E6-4D5A-BAC7-1C046F5B494C}.catalogItem	svchost.exe
File created	C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\InstallService\{EBF4DF80-94D7-4C10-8DCB-F922B7A62930}.catalogItem	svchost.exe
File created	C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\InstallService\{58EE964C-7A2C-438A-A67D-400580766F81}.catalogItem	svchost.exe
File created	C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\InstallService\{29A1E36C-CD7F-4C26-B96A-C76879F6096E}.catalogItem	svchost.exe

C:\Windows\system32\wscript.exe
wscript.exe C:\Users\Admin\AppData\Local\Temp\rich_editor2.js
1⤵
PID:816

C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe -k netsvcs -p
1⤵
- Drops file in System32 directory
PID:1632

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads