Analysis

  • max time kernel
    315s
  • max time network
    888s
  • platform
    windows10-1703_x64
  • resource
    win10-20230703-en
  • resource tags

    arch:x64arch:x86image:win10-20230703-enlocale:en-usos:windows10-1703-x64system
  • submitted
    13/07/2023, 22:35

General

  • Target

    Browser_update.js

  • Size

    1.1MB

  • MD5

    c2d28d7c0d207d192595770e3af05063

  • SHA1

    d48e522b518af2816b73f6a5ca345cd43ad2ea62

  • SHA256

    1a011068e00ff24aaef338efc5d21f51abbf47cf1f1006b1b79c78bc84b1d3c6

  • SHA512

    8871c12eb7de197f354be78ddce3db0f9f70e73bcc02e75be7b10759df43944e7adcf37d35224400847e6701d6b735010921f0da4d54d841813460837e42ca86

  • SSDEEP

    24576:dUbU9UbU9UbU9UbU9UbU9UbU9UbU9UbU9UbU9UbUwUbU9UbU9UbUH:dUbU9UbU9UbU9UbU9UbU9UbU9UbU9Ub7

Score
8/10

Malware Config

Signatures

  • Blocklisted process makes network request 5 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Script User-Agent 1 IoCs

    Uses user-agent string associated with script host/environment.

  • Suspicious use of WriteProcessMemory 10 IoCs

Processes

  • C:\Windows\system32\wscript.exe
    wscript.exe C:\Users\Admin\AppData\Local\Temp\Browser_update.js
    1⤵
    • Blocklisted process makes network request
    • Suspicious use of WriteProcessMemory
    PID:4652
    • C:\Windows\System32\cmd.exe
      "C:\Windows\System32\cmd.exe" /c C://ProgramData//UZlBsgwKyDcmKyPUIdMweSXYzWtz.bat
      2⤵
      • Suspicious use of WriteProcessMemory
      PID:4808
      • C:\Windows\system32\cmd.exe
        cmd.exe /c C:\ProgramData\sett.bat"
        3⤵
          PID:4744
        • C:\Windows\system32\cmd.exe
          cmd.exe /c C:\ProgramData\7z.bat"
          3⤵
            PID:4400
          • C:\Windows\system32\cmd.exe
            cmd.exe /c C:\ProgramData\2.bat"
            3⤵
              PID:4884
            • C:\Windows\system32\cmd.exe
              cmd.exe /c C:\ProgramData\2.bat"
              3⤵
                PID:2244

          Network

          MITRE ATT&CK Enterprise v6

          Replay Monitor

          Loading Replay Monitor...

          Downloads

          • C:\ProgramData\2.bat

            Filesize

            232B

            MD5

            6011bc3aa00cc9eefa63bd07c9676678

            SHA1

            9c8fb9c006ab9787254bd6ade3194a90c24d66c9

            SHA256

            5a8a48a2be136200954f5f81de68363d5dd8c82489dacae5d6b717b598634079

            SHA512

            93869d542de437ce4514c745153284163305256f4673139a91ce9253ea329941b1fc273ccb3c0a2710e761ad41698a3f96ea0a5516ab3f436a5ead82572d36ba

          • C:\ProgramData\7z.bat

            Filesize

            239B

            MD5

            67404b0103100e3452532b69a46aa33f

            SHA1

            4bc62bfaecc1a4c5c95d906e2b64e161933f9965

            SHA256

            6f1624a63e0713b8c0f86a461e9ce955f0d7eef8d4d3cdacf0b79e3ae843f19c

            SHA512

            4c7f3e63746179413915f308dea04cf668f909a4111caa479b633587137483ff7af548e2aab7180617cc5a6363884151f546a58b0b40a7bdb7edc3024bb26989

          • C:\ProgramData\UZlBsgwKyDcmKyPUIdMweSXYzWtz.bat

            Filesize

            9KB

            MD5

            4b2794840b114be5011da81ad4c462d8

            SHA1

            66cf9461efa6fb1e55af037515121d2a856670ac

            SHA256

            60dbaed2358a02ed2102cc2158c05fce9bba87674d68f1114198423bd8460a93

            SHA512

            28d60ca188d99af1e6338d97cbcde497f5325c1a7da132b7d8f9c29a630d93570b488db40bc3ded89fa96c04153298b6a15128f641fcb1134cfa8d933d9e8b2c

          • C:\ProgramData\sett.bat

            Filesize

            248B

            MD5

            7d1c3743cb7af1f479ef8a94c1dc44da

            SHA1

            228abfe62f4f166bb0881e273c2bd6bffb3167d4

            SHA256

            434d977609d8c580895a2b3b74f0948e2670bdeef5d06a1325c4940264b95f6c

            SHA512

            e00f310e0c09b0e78ee98e8c1efdbb2caf6cac0e5fde51536123443f54f271c0232b4521c02de5083eb18cc03d350d37a0cb1ed2da58c6a0830b5462def34276