e89a757d80258f9109a0f6c8749f9b7d8ced2e59ab5e8d41eb99e83e945c6292

Analysis

max time kernel
603s
max time network
614s
platform
windows10-2004_x64
resource
win10v2004-20230703-en
resource tags

arch:x64arch:x86image:win10v2004-20230703-enlocale:en-usos:windows10-2004-x64system
submitted
20/08/2023, 01:48

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

js-beautified-1.js
Size

7.6MB
MD5

a6900ddbf7aac81a43e6b677703ecc6e
SHA1

9a56333dddaee6c9ed2323b3510e96125022ef8d
SHA256

e89a757d80258f9109a0f6c8749f9b7d8ced2e59ab5e8d41eb99e83e945c6292
SHA512

1ffd42c6a88cf6dab8723db2089c04a6c52fce996380531c7c5e11a446ad5dc50f49ec45cbd7607015c51919136976a3f97e24193959cfc2a64be55463c9e5d4
SSDEEP

24576:5BxPjlbZLx/JXk36WP8HqFIxOWb/WUiKQmd9uyhN4XaneLH0mRSkwAPAyY:TbZ9J6bPTsNm8ctC

Score

8^/10

Malware Config

Signatures

Blocklisted process makes network request 51 IoCs

flow	pid	Process
45	3132	wscript.exe
46	3132	wscript.exe
47	3132	wscript.exe
48	3132	wscript.exe
49	3132	wscript.exe
50	3132	wscript.exe
53	3132	wscript.exe
54	3132	wscript.exe
56	3132	wscript.exe
57	3132	wscript.exe
58	3132	wscript.exe
59	3132	wscript.exe
60	3132	wscript.exe
61	3132	wscript.exe
62	3132	wscript.exe
63	3132	wscript.exe
65	3132	wscript.exe
66	3132	wscript.exe
67	3132	wscript.exe
68	3132	wscript.exe
69	3132	wscript.exe
70	3132	wscript.exe
71	3132	wscript.exe
73	3132	wscript.exe
74	3132	wscript.exe
75	3132	wscript.exe
76	3132	wscript.exe
77	3132	wscript.exe
78	3132	wscript.exe
79	3132	wscript.exe
81	3132	wscript.exe
83	3132	wscript.exe
84	3132	wscript.exe
85	3132	wscript.exe
86	3132	wscript.exe
88	3132	wscript.exe
89	3132	wscript.exe
90	3132	wscript.exe
91	3132	wscript.exe
92	3132	wscript.exe
93	3132	wscript.exe
94	3132	wscript.exe
95	3132	wscript.exe
97	3132	wscript.exe
98	3132	wscript.exe
99	3132	wscript.exe
100	3132	wscript.exe
101	3132	wscript.exe
102	3132	wscript.exe
103	3132	wscript.exe
104	3132	wscript.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

C:\Windows\system32\wscript.exe
wscript.exe C:\Users\Admin\AppData\Local\Temp\js-beautified-1.js
1⤵
- Blocklisted process makes network request
PID:3132

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

memory/3132-133-0x00007FFA360C0000-0x00007FFA36B81000-memory.dmp

Filesize
10.8MB

Download
memory/3132-134-0x00007FFA360C0000-0x00007FFA36B81000-memory.dmp

Filesize
10.8MB

Download