Overview

overview

7

Static

static

1

d25ad4df12..._JC.js

windows7-x64

3

d25ad4df12..._JC.js

windows10-2004-x64

7

Analysis

  • max time kernel
    182s
  • max time network
    143s
  • platform
    windows7_x64
  • resource
    win7-20230831-en
  • resource tags

    arch:x64arch:x86image:win7-20230831-enlocale:en-usos:windows7-x64system
  • submitted
    12/10/2023, 00:44

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    d25ad4df124b1f69972d1e09520ffecf979f89957ca296d11aaa4454d2922a97_JC.js

  • Size

    1.3MB

  • MD5

    3105a413a55501f7a7a878643cd37b33

  • SHA1

    ab276a88e6a6be38aa3ff28aa97a8b1f8a55ff92

  • SHA256

    d25ad4df124b1f69972d1e09520ffecf979f89957ca296d11aaa4454d2922a97

  • SHA512

    6d59ae07512ef52c3a99bc0165eb7ca1c14cbd6bd43b09fe87d972c475221bd6cd027795075a5b3ce31fef66fe2df39b7de1194bdd1fe92a1ecbbd546d4b70a1

  • SSDEEP

    6144:MQJdZ/vlGYLDTYNpHI4DCQwZEauZnDjhLkoNety1CHrD2dDcuNoKlk7JYlD8AbdG:X/3

Score
3/10

Malware Config

Signatures

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Windows\system32\wscript.exe
    wscript.exe C:\Users\Admin\AppData\Local\Temp\d25ad4df124b1f69972d1e09520ffecf979f89957ca296d11aaa4454d2922a97_JC.js
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2652
    • C:\Program Files\Java\jre7\bin\javaw.exe
      "C:\Program Files\Java\jre7\bin\javaw.exe" -jar "C:\Users\Admin\AppData\Roaming\gvswaoiam.txt"
      2⤵
        PID:2784

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\Roaming\gvswaoiam.txt
      Filesize

      164KB

      MD5

      82c0f8b2ef6a780e0ab1259492a9a192

      SHA1

      823e401b4948853cada0c01be21e65aaf4164499

      SHA256

      6ce3a434a861bd56cb32b6102760a5d35fc3e94ee196e15d860ccde41058761d

      SHA512

      60b86bf4fa78d643fade29de67bc6f356158facf0376240b1a70b044c25f343e7c0c2d1935543ba3ee435fa6bf109f2aaf6fd8d476e1012d76d55cd31ea262a5

      Download Submit

    • memory/2784-8-0x0000000002250000-0x0000000005250000-memory.dmp

      Filesize

      48.0MB

      Download

    • memory/2784-12-0x0000000000110000-0x0000000000111000-memory.dmp

      Filesize

      4KB

      Download

    • memory/2784-13-0x0000000000110000-0x0000000000111000-memory.dmp

      Filesize

      4KB

      Download

    • memory/2784-14-0x0000000002250000-0x0000000005250000-memory.dmp

      Filesize

      48.0MB

      Download

    • memory/2784-15-0x0000000000110000-0x0000000000111000-memory.dmp

      Filesize

      4KB

      Download