43042751e19dca0c882b05dd29e02a1b4ed2453f8c482f016054256690788df8

Analysis

max time kernel
140s
max time network
156s
platform
windows10-2004_x64
resource
win10v2004-20230703-en
resource tags

arch:x64arch:x86image:win10v2004-20230703-enlocale:en-usos:windows10-2004-x64system
submitted
22/08/2023, 07:51

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

File.js
Size

354KB
MD5

56cdaacd1ad2f15d39329d2228faf410
SHA1

a458ff2092cb22bff8841d099993a693481f893a
SHA256

43042751e19dca0c882b05dd29e02a1b4ed2453f8c482f016054256690788df8
SHA512

fcbf868dfe1cbc8ee09a9af4ccdac6490fad14c9ee149f8efa0076ae088cf4dd18ffe41c2fd998b071734c512b79e480a33de38bbd192dad09a56d2c8cb7e547
SSDEEP

6144:qzIw9dIB6UmEBa7ydz8fy3h51wVhlC1ZuSSQxIEcoYVidGQKL9PEAJ:8laN8q151wVhwLSKqs1YPEg

Score

4^/10

Malware Config

Signatures

Drops file in Program Files directory 12 IoCs

description	ioc	Process
File opened for modification	C:\Program Files\Java\jre1.8.0_66\bin\symbols\dll\ntdll.pdb	javaw.exe
File opened for modification	C:\Program Files\Java\jre1.8.0_66\bin\server\jvm.pdb	javaw.exe
File opened for modification	C:\Program Files\Java\jre1.8.0_66\bin\dll\jvm.pdb	javaw.exe
File opened for modification	C:\Program Files\Java\jre1.8.0_66\bin\symbols\dll\jvm.pdb	javaw.exe
File opened for modification	C:\Program Files\Java\jre1.8.0_66\bin\server\ntdll.pdb	javaw.exe
File opened for modification	C:\Program Files\Java\jre1.8.0_66\bin\server\symbols\dll\ntdll.pdb	javaw.exe
File opened for modification	C:\Program Files\Java\jre1.8.0_66\bin\ntdll.pdb	javaw.exe
File opened for modification	C:\Program Files\Java\jre1.8.0_66\bin\dll\ntdll.pdb	javaw.exe
File opened for modification	C:\Program Files\Java\jre1.8.0_66\bin\server\dll\jvm.pdb	javaw.exe
File opened for modification	C:\Program Files\Java\jre1.8.0_66\bin\server\symbols\dll\jvm.pdb	javaw.exe
File opened for modification	C:\Program Files\Java\jre1.8.0_66\bin\jvm.pdb	javaw.exe
File opened for modification	C:\Program Files\Java\jre1.8.0_66\bin\server\dll\ntdll.pdb	javaw.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious use of WriteProcessMemory 2 IoCs

description	pid	Process	procid_target
PID 1020 wrote to memory of 1304	1020	wscript.exe	82
PID 1020 wrote to memory of 1304	1020	wscript.exe	82

C:\Windows\system32\wscript.exe
wscript.exe C:\Users\Admin\AppData\Local\Temp\File.js
1⤵
- Suspicious use of WriteProcessMemory
PID:1020
- C:\Program Files\Java\jre1.8.0_66\bin\javaw.exe
  "C:\Program Files\Java\jre1.8.0_66\bin\javaw.exe" -jar "C:\Users\Admin\AppData\Roaming\dgwaoy.txt"
  2⤵
  - Drops file in Program Files directory
  PID:1304

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Roaming\dgwaoy.txt

Filesize
164KB

MD5
e8639424cdaefdbc6cadba38b5c3b711

SHA1
37f1e654f64726e94de6539b20c6382c71aac93f

SHA256
ab6f8c51d1f15a18cd23e1ad5a34c82c83746befb7d11cce2860c971be35adaa

SHA512
b520f723016f8ceb0713afe3a8ead594dfd0c8617fe3d535c9e68dd16a7914d146a51213a9caaa3dce5b3ca4fd4247a6a3f03b2c4f82ccf10886bef1257a9fdc

Download Submit
memory/1304-139-0x0000000002EC0000-0x0000000003EC0000-memory.dmp

Filesize
16.0MB

Download
memory/1304-146-0x0000000000F90000-0x0000000000F91000-memory.dmp

Filesize
4KB

Download
memory/1304-155-0x0000000002EC0000-0x0000000003EC0000-memory.dmp

Filesize
16.0MB

Download
memory/1304-156-0x0000000000F90000-0x0000000000F91000-memory.dmp

Filesize
4KB

Download
memory/1304-157-0x0000000000F90000-0x0000000000F91000-memory.dmp

Filesize
4KB

Download
memory/1304-164-0x0000000002EC0000-0x0000000003EC0000-memory.dmp

Filesize
16.0MB

Download
memory/1304-173-0x0000000003140000-0x0000000003150000-memory.dmp

Filesize
64KB

Download
memory/1304-174-0x00000000031C0000-0x00000000031D0000-memory.dmp

Filesize
64KB

Download
memory/1304-175-0x0000000003170000-0x0000000003180000-memory.dmp

Filesize
64KB

Download
memory/1304-176-0x0000000003180000-0x0000000003190000-memory.dmp

Filesize
64KB

Download
memory/1304-177-0x0000000003190000-0x00000000031A0000-memory.dmp

Filesize
64KB

Download
memory/1304-178-0x00000000031A0000-0x00000000031B0000-memory.dmp

Filesize
64KB

Download
memory/1304-179-0x0000000002EC0000-0x0000000003EC0000-memory.dmp

Filesize
16.0MB

Download
memory/1304-180-0x00000000031B0000-0x00000000031C0000-memory.dmp

Filesize
64KB

Download
memory/1304-181-0x0000000002EC0000-0x0000000003EC0000-memory.dmp

Filesize
16.0MB

Download