fb4461e50b60ff0f65b04690674f3f1c9e99b90d13559d89996e9ceded960d3f

Analysis

max time kernel
120s
max time network
123s
platform
windows7_x64
resource
win7-20230712-en
resource tags

arch:x64arch:x86image:win7-20230712-enlocale:en-usos:windows7-x64system
submitted
26/08/2023, 11:35

Target

main_JC.js
Size

67B
MD5

25436f5317068d7650add7fa9a19f0a5
SHA1

695ffd0e014e2331f6b3075c526b3679a20325bc
SHA256

fb4461e50b60ff0f65b04690674f3f1c9e99b90d13559d89996e9ceded960d3f
SHA512

fb0d5595a57f6960e486bb757a008d45e48d1f0091663e125f010e2759589d395766c9deaaa66a4c4e66545b5f1830c9780f05ee38c792e5ccdceab676d46a34

Score

3^/10

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1964 wrote to memory of 2208	1964	wscript.exe	28
PID 1964 wrote to memory of 2208	1964	wscript.exe	28
PID 1964 wrote to memory of 2208	1964	wscript.exe	28

C:\Windows\system32\wscript.exe
wscript.exe C:\Users\Admin\AppData\Local\Temp\main_JC.js
1⤵
- Suspicious use of WriteProcessMemory
PID:1964
- C:\Windows\System32\calc.exe
  "C:\Windows\System32\calc.exe"
  2⤵
  PID:2208

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact