Analysis

  • max time kernel
    117s
  • max time network
    123s
  • platform
    windows7_x64
  • resource
    win7-20230712-en
  • resource tags

    arch:x64arch:x86image:win7-20230712-enlocale:en-usos:windows7-x64system
  • submitted
    13/07/2023, 07:45

General

  • Target

    1d968b0e5f512876017c4590e8a7071b.js

  • Size

    630KB

  • MD5

    1d968b0e5f512876017c4590e8a7071b

  • SHA1

    37952c52b092c1d0319b8016913a9340dc2caad1

  • SHA256

    631ed08785e89b480ba6509fb6e465d69cf6595a3f4da869fbdf4a9c97fd80ad

  • SHA512

    54e08f66135eed6cc2821c02c847bc073139d44369104e9a76f2433d12d5ebf73ef4a500a2b417f8d4fba53af590961a740d6f9b87a9157aa5e159623448b7db

  • SSDEEP

    12288:z4rXYBFMCcYF+jCwPkxFz1Wwl8wl/wl/wl/wl/wlVOzAqgbIW:tBFMCcYLrlTlololololR

Score
8/10

Malware Config

Signatures

  • Blocklisted process makes network request 5 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies system certificate store 2 TTPs 6 IoCs
  • Suspicious use of WriteProcessMemory 15 IoCs

Processes

  • C:\Windows\system32\wscript.exe
    wscript.exe C:\Users\Admin\AppData\Local\Temp\1d968b0e5f512876017c4590e8a7071b.js
    1⤵
    • Blocklisted process makes network request
    • Modifies system certificate store
    • Suspicious use of WriteProcessMemory
    PID:2296
    • C:\Windows\System32\cmd.exe
      "C:\Windows\System32\cmd.exe" /c C://ProgramData//VjFeSeLhGMruZwwyqsIvUMXvstQqpgFfbYh.bat
      2⤵
      • Suspicious use of WriteProcessMemory
      PID:2884
      • C:\Windows\system32\cmd.exe
        cmd.exe /c C:\ProgramData\sett.bat"
        3⤵
          PID:2724
        • C:\Windows\system32\cmd.exe
          cmd.exe /c C:\ProgramData\7z.bat"
          3⤵
            PID:1424
          • C:\Windows\system32\cmd.exe
            cmd.exe /c C:\ProgramData\2.bat"
            3⤵
              PID:2756
            • C:\Windows\system32\cmd.exe
              cmd.exe /c C:\ProgramData\2.bat"
              3⤵
                PID:2792

          Network

          MITRE ATT&CK Enterprise v6

          Replay Monitor

          Loading Replay Monitor...

          Downloads

          • C:\ProgramData\2.bat

            Filesize

            232B

            MD5

            6011bc3aa00cc9eefa63bd07c9676678

            SHA1

            9c8fb9c006ab9787254bd6ade3194a90c24d66c9

            SHA256

            5a8a48a2be136200954f5f81de68363d5dd8c82489dacae5d6b717b598634079

            SHA512

            93869d542de437ce4514c745153284163305256f4673139a91ce9253ea329941b1fc273ccb3c0a2710e761ad41698a3f96ea0a5516ab3f436a5ead82572d36ba

          • C:\ProgramData\7z.bat

            Filesize

            239B

            MD5

            67404b0103100e3452532b69a46aa33f

            SHA1

            4bc62bfaecc1a4c5c95d906e2b64e161933f9965

            SHA256

            6f1624a63e0713b8c0f86a461e9ce955f0d7eef8d4d3cdacf0b79e3ae843f19c

            SHA512

            4c7f3e63746179413915f308dea04cf668f909a4111caa479b633587137483ff7af548e2aab7180617cc5a6363884151f546a58b0b40a7bdb7edc3024bb26989

          • C:\ProgramData\VjFeSeLhGMruZwwyqsIvUMXvstQqpgFfbYh.bat

            Filesize

            9KB

            MD5

            4b2794840b114be5011da81ad4c462d8

            SHA1

            66cf9461efa6fb1e55af037515121d2a856670ac

            SHA256

            60dbaed2358a02ed2102cc2158c05fce9bba87674d68f1114198423bd8460a93

            SHA512

            28d60ca188d99af1e6338d97cbcde497f5325c1a7da132b7d8f9c29a630d93570b488db40bc3ded89fa96c04153298b6a15128f641fcb1134cfa8d933d9e8b2c

          • C:\ProgramData\sett.bat

            Filesize

            248B

            MD5

            7d1c3743cb7af1f479ef8a94c1dc44da

            SHA1

            228abfe62f4f166bb0881e273c2bd6bffb3167d4

            SHA256

            434d977609d8c580895a2b3b74f0948e2670bdeef5d06a1325c4940264b95f6c

            SHA512

            e00f310e0c09b0e78ee98e8c1efdbb2caf6cac0e5fde51536123443f54f271c0232b4521c02de5083eb18cc03d350d37a0cb1ed2da58c6a0830b5462def34276

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

            Filesize

            344B

            MD5

            8597173fb06c0a127da5f3a348b9882c

            SHA1

            750cec3bb12469f292d889c6625bae3c13fa804a

            SHA256

            d333d865899aa17c389e4b3b227f15913d260d3dcae85b190770519dff568fd3

            SHA512

            f4ec7243c9ebccaa3aa628ff26191d7a0e0f1432a15d1d89613ad93ff8005169341319e9c8fa8da617a129d4d4da28fde1bbd4f2549e00383d5156aba7d3860d

          • C:\Users\Admin\AppData\Local\Temp\CabBCDB.tmp

            Filesize

            62KB

            MD5

            3ac860860707baaf32469fa7cc7c0192

            SHA1

            c33c2acdaba0e6fa41fd2f00f186804722477639

            SHA256

            d015145d551ecd14916270efad773bbc9fd57fad2228d2c24559f696c961d904

            SHA512

            d62ad2408c969a95550fb87efda50f988770ba5e39972041bf85924275baf156b8bec309ecc6409e5acdd37ec175dea40eff921ab58933b5b5b5d35a6147567c

          • C:\Users\Admin\AppData\Local\Temp\TarBD1D.tmp

            Filesize

            164KB

            MD5

            4ff65ad929cd9a367680e0e5b1c08166

            SHA1

            c0af0d4396bd1f15c45f39d3b849ba444233b3a2

            SHA256

            c8733c93cc5aaf5ca206d06af22ee8dbdec764fb5085019a6a9181feb9dfdee6

            SHA512

            f530dc0d024a5a3b8903ffaaa41b608a5ccdd6da4ba1949f2c2e55a9fca475fec5c8d2119b5763cabe7ef1c3788fb9dcac621869db51d65b1d83cfe404fb4c27