23f0e5dac6ec64d61a3658b8bd10485070ba36200baff19e5634de68482d0265

Analysis

max time kernel
150s
max time network
158s
platform
windows10-2004_x64
resource
win10v2004-20230703-en
resource tags

arch:x64arch:x86image:win10v2004-20230703-enlocale:en-usos:windows10-2004-x64system
submitted
20/07/2023, 08:45

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

tested.js
Size

756B
MD5

0ee0c04ad84b7b09c6ee24525d214a9d
SHA1

10278412b27ac68ee173ddaabf88e2c7406ffb78
SHA256

23f0e5dac6ec64d61a3658b8bd10485070ba36200baff19e5634de68482d0265
SHA512

16a11957ec44e0401bbe2bc1dd97d44ee8dcba116fbfd1f7658fffa3da01ca407d5ea57b7f3930d0d533745496db8c765eed135f5e4421883fecc7faffc5a9dd

Score

5^/10

Malware Config

Signatures

Drops file in System32 directory 3 IoCs

description	ioc	Process
File created	C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\InstallService\{B472D45D-EB7C-42CC-AA6D-AA7FCA568ADC}.catalogItem	svchost.exe
File created	C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\InstallAgent\Checkpoints\9NCBCSZSJRSB.dat	svchost.exe
File opened for modification	C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\InstallAgent\Checkpoints\9NCBCSZSJRSB.dat	svchost.exe

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Windows\system32\wscript.exe
wscript.exe C:\Users\Admin\AppData\Local\Temp\tested.js
1⤵
PID:2256

C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe -k netsvcs -p
1⤵
- Drops file in System32 directory
PID:4100

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\wsu7FA.tmp

Filesize
14KB

MD5
c01eaa0bdcd7c30a42bbb35a9acbf574

SHA1
0aee3e1b873e41d040f1991819d0027b6cc68f54

SHA256
32297224427103aa1834dba276bf5d49cd5dd6bda0291422e47ad0d0706c6d40

SHA512
d26ff775ad39425933cd3df92209faa53ec5b701e65bfbcccc64ce8dd3e79f619a9bad7cc975a98a95f2006ae89e50551877fc315a3050e48d5ab89e0802e2b7

Download Submit
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\InstallAgent\Checkpoints\9NCBCSZSJRSB.dat

Filesize
29KB

MD5
8b9169479df20e3db3e48bacfed7ff80

SHA1
232ea9da1c8b6be554ddb6887d7d95e46ec57f2b

SHA256
a3a504d7ce3fd4306f03da6ba7833f9e21dbf3932424bfe6d81993db72f74350

SHA512
e930c1d5c794a85a5d40244fd8df95e16f7e712feace6b3df5d695fdd3f9c8167a04ec81c6a610a6ced83aca8f8d50a9c75eeeb0d9a862f67d77d83f0dfb91d8

Download Submit
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\InstallAgent\Checkpoints\9NCBCSZSJRSB.dat

Filesize
29KB

MD5
a8bffe1e2c6d8e15c7e803c1ab0d2385

SHA1
8c20198b37708dae5f1de396664156be9236ea63

SHA256
486350b2745627872a77ab8cb1f54860464e54bd73e6c21824c903fdad96b594

SHA512
7aa6552b799759e889369989c2662e62ae11ba9814e61d5057aae35e27b5ee878d8d7a5be3215ee2ed325cf773050fdfb06a2e7a3d84593a1e035d1fe7118855

Download Submit
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\InstallAgent\Checkpoints\9NCBCSZSJRSB.dat

Filesize
29KB

MD5
70c6b5232bf3bf73ab7f88d9af062b45

SHA1
efe5e34fb3b187ef28450e90c0bbc9decc75ef70

SHA256
683dbe9bf91e0ffc7988dca7efe677c9ca4009626df2cfe0f18e85daaeda0c97

SHA512
82ba9cac26e1970e577320aab880771492e209549d19df673ea310861a9508e9b1dcfa9caad8496e91c554de6443b4171aa31d205050f55c59fe151b66bd042c

Download Submit
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\InstallAgent\Checkpoints\9NCBCSZSJRSB.dat

Filesize
29KB

MD5
d9689254140c4aaa293ecdeaa440e2f1

SHA1
41989b683641eee5f49cf1b2ca8127463db5b442

SHA256
e87119d32203ff5d29a7e1e1b58dcdafe208daee69018cff4df546aca55d18df

SHA512
c3626dc88d09c5660b7c2976497451bfe4df0e515099d22e5a18fede348dd3cb7cd60831ce29d35802808574d568adc3aa7abfcf11e32cec1d35c28400822957

Download Submit
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\InstallAgent\Checkpoints\9NCBCSZSJRSB.dat

Filesize
29KB

MD5
89eee8d14fbd6d88c7cf5d0b48b92656

SHA1
bde5f816f4298341bce9d9da34062dc2c7f7868a

SHA256
4c5936dedf7af7faadbe43467b3c39b65fceae0638d95ef739329c9dd8863cb7

SHA512
848dc548d68a1945b12e2cbe69c8ee18ad56ebad99e3ecd734f658bb5c9436acc506567dc39b2275b1df02a46b8e7c9731535976196a1be4337e449a48bc861d

Download Submit
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\InstallAgent\Checkpoints\9NCBCSZSJRSB.dat

Filesize
29KB

MD5
c09011ff72eaee9ae22a8f14db689fe0

SHA1
a175b04ed982d07783e6350af4c1411d65b47da1

SHA256
6aa7b192a18acc5e738f1ac1cc2d5274ef72139fff83f450dbe376e0a106ef48

SHA512
aa10b95e46ff0c72f5eeabc6d8a4d813df5db565b35b8e0c42a054277e4ae9a62d8512d6af0fe2169eb5c62a97c873fb39ce6e25ee2d89dca045e405b5f57a91

Download Submit
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\InstallAgent\Checkpoints\9NCBCSZSJRSB.dat

Filesize
29KB

MD5
fb12a1e1054b03bf74a20c1a08bc2d34

SHA1
a86fff2a9183fec7cf901a74ec2878079c4dffb0

SHA256
1cb4817b3e9ec226334870f1954065f510c719ac34ed88c40584896a7fb0eaac

SHA512
932bb3f8730f396d93de10b62894d33d6b31f1203b1ffe04b2ad281aa71e27be43c9fab0e24bdad893f3f9236152d9ce292ec952586593f970d77fd7657021c1

Download Submit
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\InstallAgent\Checkpoints\9NCBCSZSJRSB.dat

Filesize
29KB

MD5
9147695bbf6836b82b0c35adee9b4858

SHA1
b3f26a2983605e28bb9ee990b2b4282aa48257bb

SHA256
988504b68bb6c559f236b244c7e93a34b9d774c35668fcf559f07fbb7890c252

SHA512
365c8952299f5ad18960e637a7df01b0f988910bbe3a822cdcb069acb61082ef24563f96ea5a7d26de6d9237d4d96160ac9a86d114e114d18093a7928e1c5387

Download Submit
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\InstallAgent\Checkpoints\9NCBCSZSJRSB.dat

Filesize
29KB

MD5
30768eca09176d4f160c04497d6c1d24

SHA1
6d16418a50fa1424fb67ba94ec9c210400b8402e

SHA256
88fb4680b5d234be0b2e995a89530c5f15d7b748ad07d55353f2c47cb7c6a87e

SHA512
fb1a9fb7fd3b7ff511cf91a085879fbd2c8f99512ba5a14790a2c4f308ec4726a5ff53228589d555069f8ba22b41b1890b4e7bf8757984d02e37ec528d849541

Download Submit
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\InstallAgent\Checkpoints\9NCBCSZSJRSB.dat

Filesize
29KB

MD5
7ac7cae59048f8a8f7c884d04e8307da

SHA1
850d240dd6066f0f3ba03d737afff6445617db2d

SHA256
4cddfa21d6ef6b0a7867694b37abd5cc580573404cfe0b382fc60b00363b6231

SHA512
92d665bb381a2703b253581263a37d287619cd552fb87ff339e44050f74aa4ff4e10def8553e9fa56a0dc4c90182963903a6089fd69206848428ebf7ee0b3e65

Download Submit
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\InstallAgent\Checkpoints\9NCBCSZSJRSB.dat

Filesize
29KB

MD5
15d7872ad685d041219112bb2ea68cab

SHA1
006f86ec3d5604c9087e956163913c89f48b2173

SHA256
911d349e92b921d623fc79bd8c3bdfc3448cf30b9267105f581b9cb5214ce5e1

SHA512
c0b11c342db7d0e7e13db31b3e15489406fb1f8b64e0d1f4bfbadef8e7d5a9b97761c04979c72882ec5225c5dd1f5f8a46bd8f318e07dac18e5633e371a0db15

Download Submit
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\InstallAgent\Checkpoints\9NCBCSZSJRSB.dat

Filesize
29KB

MD5
fbe6f28e76ff2804a102e96a3b5c2d18

SHA1
3d68d3c013c90f152eda23fada4bd026be6a4d09

SHA256
4885bbc64d26639cbc89c3451caaa5d00829db6b084d10f216d57ab3abd2b5eb

SHA512
450038f983b25da28d0b8fbbd7cb7bc86f28514d93cde16dd74a57144872e543f2b627b0694e294a25a68ebdd2b43d0764b448b677784ff722845cfadb250d9e

Download Submit
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\InstallAgent\Checkpoints\9NCBCSZSJRSB.dat

Filesize
29KB

MD5
ee6952685bb64a278672a71bab84c37e

SHA1
9c5771840b7bc5996b9492177ba61a545723d99e

SHA256
bd6c50365859742c79b7e96d67fbd152050c5f7b391170d372bada2b51659e2f

SHA512
7691646a62903aeaf09cd5242d0b537108c69ed61995b6d3b2a36765c91541b6d777d6fc2f2c0badcca1991cec3e33b06642ee196a2d7575919c20b6445f60ce

Download Submit
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\InstallAgent\Checkpoints\9NCBCSZSJRSB.dat

Filesize
29KB

MD5
8455dee207964e3c8ee735d254512766

SHA1
c5ec9c0b5604822f58df4589ce40746ae82b7868

SHA256
bf3a90d91647dabfdda98739ea6a38f8e68ec759a0714a40026733fbe8a2dee0

SHA512
831bb98f0a1e5feab7842c466737c620fc462a38a0a4640e076b4caa217dcfd5dc3ab3e3e9a7046c4cc5a9831688f57530ebeb3e0db5db7f7e8ffd8b6a352da2

Download Submit
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\InstallAgent\Checkpoints\9NCBCSZSJRSB.dat

Filesize
29KB

MD5
0b5d11194c311da8cb06203b1f356afd

SHA1
32eaac01fcf0c085c3ac6113b6b1ceac7ad9c875

SHA256
ca2136eefa72e2041a960f2d788d76172264a327322819c7371fe5475eea2567

SHA512
b34d39c0939f6a93dcd4e9f66e5c5e2657daee2318718871d904dfab66dd819fda2ea4c1c263b1d1b29b453059395ae8d8bae60604a326b8e956a53328c07193

Download Submit
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\InstallAgent\Checkpoints\9NCBCSZSJRSB.dat

Filesize
29KB

MD5
b3ea77564b30547ba85322b1c467badc

SHA1
faee97ac460d9fbdbae442d7c5d1b0a463da07b6

SHA256
f650ed6a776cf8296df30d1756d64e48c3317775da6310650836d5378a8f0184

SHA512
7a7b828ec5a07e9e52a2b3dcf38006386af5a01880b7000e8ea04412b749ac7d1601e28432786822e7379f48298194284d5637d7d4831fa270f2d3d9bf4e057b

Download Submit
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\InstallAgent\Checkpoints\9NCBCSZSJRSB.dat

Filesize
29KB

MD5
1e347023fcd5dff3724518e6ebb8b0f7

SHA1
d1c5182dd2bf385ba120d4ab4a256220072d53a1

SHA256
7772f78836c183d0b8e65a572fe1b09eb804afcb481407d6725e8246a121a706

SHA512
0e6caa01a543319a2f89c0d8bb29994e8712565c29d55038c0276db14c6924a5ac2081fc4150e012243696809db7f86d9c4120ea4d83f1b4e8599b79b26aeaec

Download Submit
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\InstallAgent\Checkpoints\9NCBCSZSJRSB.dat

Filesize
29KB

MD5
235b2f26328bbd16821f9b6ec56e5ff8

SHA1
8132255686a54c2ce5ef17bc6520c51d10449fa5

SHA256
1cdbdef3c7b708c10d53d100eda6bc647e4097d03971a369fc3b4bd63d9a4abd

SHA512
e9264299650d33c580fba1e658d151590ade168b87e39b17cce4c45284287b22a25a9aebd6105641860bae17678da2f791fac2d6bc98342e5254e46bf077dbe9

Download Submit
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\InstallAgent\Checkpoints\9NCBCSZSJRSB.dat

Filesize
29KB

MD5
ce94c0d7c83b1928687b03e5b2c84dc7

SHA1
339148305f229b1d603ec8dace7417cd8d67501c

SHA256
d366da1681f0eac1ede41c601e5607b7a4fc6922e8db0923acfc9974f13f83c8

SHA512
2a898489e2b87264b67cf0b49c527fb76898f462bc38e3de1137f805153d91e09d9ed2511e6d48a738b7a0c93ed2844edce701fcdcad4fb6642bd7a345a586b7

Download Submit
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\InstallAgent\Checkpoints\9NCBCSZSJRSB.dat

Filesize
29KB

MD5
d6e1995db39790b3eec5477661fa0541

SHA1
d3c683a6e871a5c71cdc0564a2f70812f4d31225

SHA256
50bfc5ac22344d08f35c12254023612eb4e20e5d0d382b85587be06050a04460

SHA512
c14baf6f327b1aaded376d76ec65b8e3ea5ae592be08d0d9a23ec132bafd56fc8142914f1be99d1c6403b2d401bdd87186b868149564157b54b491865ed18a8a

Download Submit
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\InstallAgent\Checkpoints\9NCBCSZSJRSB.dat

Filesize
29KB

MD5
27204387ee9fee7d71f39d7fa174565d

SHA1
b801309d9ed2454b514a3b4b53b02a23d812b33a

SHA256
03363ce6120dc8194859aef2c615c8e969b8360ebcedf94adbe454c4622ea9cd

SHA512
1d1113fdfbcd40fa5ab3093a99d8a2057c54b3b5d9f42965ee4231225b0a7dcd9c1a154c86459dfb875c4d2bd3cabe43abcb37edeb8de2a82ceebf9b1251dbbd

Download Submit
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\InstallAgent\Checkpoints\9NCBCSZSJRSB.dat

Filesize
29KB

MD5
7b4853267efc7109a37330782bea983d

SHA1
b69d5d0b210cbe72bcb9cd9159a1ba118f853b14

SHA256
53d8cd42ec70ac729cf14f60a13ec9df85b811f7aec2fbfb127f7a441812ecd1

SHA512
5fac2cf5f6a90cd5845812605c3296a4eca859c6aa635fa96fa036f7dc53c3f5c69c74db946e4696782464921f07ece25c772d958d29cbe8679b71060101d62b

Download Submit
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\InstallAgent\Checkpoints\9NCBCSZSJRSB.dat

Filesize
29KB

MD5
c49747178c51136bd7bdb6e7bdfd9ec5

SHA1
3d4d425937028f53026d0c5bb7af71133b57a945

SHA256
ddaf6ad2391e7f59987c38af8b9bf3d4480acec9010d57c4e8fe3d3d3b7c160d

SHA512
58f91c6e633309afa279c4862babd5b299ec03c6218f3e6e9c8b074099d6fa17f3c8f3996567fe04e2b8e04009ecbf00fd5cdba024bb62f924f647d75c004c43

Download Submit
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\InstallAgent\Checkpoints\9NCBCSZSJRSB.dat

Filesize
29KB

MD5
00faa577a625f5043488bdc4491f965d

SHA1
cc68aa412f913a8fbb95dafd4caba65b89a9dc47

SHA256
da508de184212808420d443668c0347c39613550bc794c8989d97da66df18e60

SHA512
25e84504ea3c382fbdb89c8627779556d2f585ac8e7823b8eb497f4f63d2a7d7896cb48d120ab92e17dc2f9d25c87a800ef8bce5e33c136f7526705c891d4afd

Download Submit
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\InstallAgent\Checkpoints\9NCBCSZSJRSB.dat

Filesize
29KB

MD5
526b7176768d9aec9bf1c3f845e6177d

SHA1
63e0787d42201773dcd4c437404c5170da3bf138

SHA256
377b67030e3a3f3dae430a2d9188260ce0082c69e08e1603eb1c3f965e66c1f4

SHA512
83907b8082c61da17f1404a71f1da809c04be3441d1bfe0db4de82b9e1eab30f367b03308e9e629e468c967a702aa3434bf7719801478ee1850ddd20755e7c43

Download Submit
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\InstallAgent\Checkpoints\9NCBCSZSJRSB.dat

Filesize
29KB

MD5
87394410148fde0e057394eea632337f

SHA1
482974909c96f6474d2caf444e2fac8125591a80

SHA256
cec92772ef91785e2199e104a906f160133f478426683bbc6be978b8094ab271

SHA512
2a548db10a45e3ec3069c5f3e231e428674568c7b86c5e655979f0954b6b5533356b4187711caaec3518a9c09680244329c94485c81a37ba08a5be2a83f38f69

Download Submit
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\InstallAgent\Checkpoints\9NCBCSZSJRSB.dat

Filesize
29KB

MD5
67cc99ede99dc3d2402def5dc5b2982b

SHA1
78009f9c2a420a9e864535ff47d279f82a3c9960

SHA256
79306e12aae1c4b04f820fa6a357ac444f4cd5fbb41ca549e3014a880847ed2b

SHA512
835a3257f9713b634d6037e5fc4b3ce4fb36fd9d56214cc9baea9efca8aecfe0ee95b271765c1124eb8c96d9bd0e4d1b510e48167370899f088dd64127d7cee6

Download Submit
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\InstallAgent\Checkpoints\9NCBCSZSJRSB.dat

Filesize
29KB

MD5
d3ed3f605761ab914b4c61121c950bd8

SHA1
d3bd6cad98c4f668288d0c132fff217f46b967b8

SHA256
edfb99f3fc52bb351d6ec9b8ad7563251a5d988c2cfd39a223c9d2a9f4912b6c

SHA512
4b67ef49428f1609b9eb5124819254b1ac05b49051b95a4af64151ad26eac240bd80005e47f919fe7d94a53318c03252af34a7bc872d3858d7061d1a39e86c00

Download Submit