Overview

overview

10

Static

static

7

43f7de64b8...48.apk

android-9-x86

10

43f7de64b8...48.apk

android-10-x64

10

alert.js

windows7-x64

1

alert.js

windows10-2004-x64

1

app.js

windows7-x64

1

app.js

windows10-2004-x64

1

banner.js

windows7-x64

1

banner.js

windows10-2004-x64

1

build-plugins.js

windows7-x64

1

build-plugins.js

windows10-2004-x64

1

button.js

windows7-x64

1

button.js

windows10-2004-x64

1

change-version.js

ubuntu-18.04-amd64

change-version.js

debian-9-armhf

change-version.js

debian-9-mips

change-version.js

debian-9-mipsel

consentform.html

windows7-x64

1

consentform.html

windows10-2004-x64

1

cue.ps1

windows7-x64

1

cue.ps1

windows10-2004-x64

1

exec.js

windows7-x64

1

exec.js

windows10-2004-x64

1

flaticon.html

windows7-x64

1

flaticon.html

windows10-2004-x64

1

generate-sri.js

ubuntu-18.04-amd64

generate-sri.js

debian-9-armhf

generate-sri.js

debian-9-mips

generate-sri.js

debian-9-mipsel

howtouse.html

windows7-x64

1

howtouse.html

windows10-2004-x64

1

index.html

windows7-x64

1

index.html

windows10-2004-x64

1

Resubmissions

09-10-2023 22:34

231009-2hkvjaah72 10

09-10-2023 22:08

231009-12p3xsag76 10

Analysis

  • max time kernel
    105s
  • max time network
    133s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20230915-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20230915-enlocale:en-usos:windows10-2004-x64system
  • submitted
    09-10-2023 22:08

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    build-plugins.js

  • Size

    2KB

  • MD5

    4d95e21ba11b3da66135970ab765935b

  • SHA1

    ec7dffe91fb0a3c77be69bb92c5170b98cc52983

  • SHA256

    007416087b91ce181a81cc12edb63e096158f5763eddfabb05395397e1133689

  • SHA512

    fa95d06d72f1a9d88f64c15a6297debad5d376c41671cc67fe5132ec37d87e7f96e959a3a4e0f78aaa3ae928e45a28a2d097ada4ef53f5c8fcc356704d7e826c

Score
1/10

Malware Config

Signatures

  • Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes

  • C:\Windows\system32\wscript.exe
    wscript.exe C:\Users\Admin\AppData\Local\Temp\build-plugins.js
    1⤵
      PID:4552
    • C:\Windows\system32\rundll32.exe
      "C:\Windows\system32\rundll32.exe" "C:\Windows\SYSTEM32\EDGEHTML.dll",#141 Microsoft.VCLibs.140.00_8wekyb3d8bbwe
      1⤵
        PID:3456
      • C:\Windows\System32\svchost.exe
        C:\Windows\System32\svchost.exe -k UnistackSvcGroup
        1⤵
        • Suspicious use of AdjustPrivilegeToken
        PID:828

      Network

      MITRE ATT&CK Matrix

      Replay Monitor

      Loading Replay Monitor...

      Downloads

      • memory/828-0-0x0000015AB7170000-0x0000015AB7180000-memory.dmp

        Filesize

        64KB

        Download

      • memory/828-16-0x0000015AB7270000-0x0000015AB7280000-memory.dmp

        Filesize

        64KB

        Download

      • memory/828-32-0x0000015ABF5E0000-0x0000015ABF5E1000-memory.dmp

        Filesize

        4KB

        Download

      • memory/828-34-0x0000015ABF610000-0x0000015ABF611000-memory.dmp

        Filesize

        4KB

        Download

      • memory/828-35-0x0000015ABF610000-0x0000015ABF611000-memory.dmp

        Filesize

        4KB

        Download

      • memory/828-36-0x0000015ABF720000-0x0000015ABF721000-memory.dmp

        Filesize

        4KB

        Download