Analysis

  • max time kernel
    122s
  • max time network
    127s
  • platform
    windows7_x64
  • resource
    win7-20230831-en
  • resource tags

    arch:x64arch:x86image:win7-20230831-enlocale:en-usos:windows7-x64system
  • submitted
    12-10-2023 07:26

General

  • Target

    b8416d71e5a4bd1cc48552152bbbce450009ca04a6891823de3067af57c1559a.js

  • Size

    1.3MB

  • MD5

    f932b7a291840c0258415c4ec624b5b8

  • SHA1

    e5b47c5f358af996531e9cf94e4578f5ed916e76

  • SHA256

    b8416d71e5a4bd1cc48552152bbbce450009ca04a6891823de3067af57c1559a

  • SHA512

    fe369c4f285ff7dd2f57ba1705b14a10a6daee41d7d0093f1f3f232f0336c4e341c9c6f1e3b7851fd1fea0a90b6e93e1b536c895704e13f604772eb18fbb51f3

  • SSDEEP

    6144:MQqiiTWY4S2ptEeyYRTX4Vo+AGKtQxHJKq8uPIZxdG+it7aUiN0l/NqM138zMZn5:Xs

Score
3/10

Malware Config

Signatures

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Windows\system32\wscript.exe
    wscript.exe C:\Users\Admin\AppData\Local\Temp\b8416d71e5a4bd1cc48552152bbbce450009ca04a6891823de3067af57c1559a.js
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2944
    • C:\Program Files\Java\jre7\bin\javaw.exe
      "C:\Program Files\Java\jre7\bin\javaw.exe" -jar "C:\Users\Admin\AppData\Roaming\rmknliuhi.txt"
      2⤵
        PID:2140

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\Roaming\rmknliuhi.txt

      Filesize

      164KB

      MD5

      c7fff6f9adc6a624b2dcb9651c3b3567

      SHA1

      6912bf0f6924e47e88eb976214b4c4cd22f8e863

      SHA256

      0b7805864d52d9023f35762740194c4bcb7a01c38e9db071cc7526dca68253fd

      SHA512

      979ff8489c59c4e076113daa51a545cc4ab2b969e5d9b4ad2982eebc6cf2199852b70aa2d721277211ca0eb5664ba364b6bd5a4092f62dea98a1afc8d04c3c61

    • memory/2140-4-0x0000000002290000-0x0000000005290000-memory.dmp

      Filesize

      48.0MB

    • memory/2140-7-0x0000000002290000-0x0000000005290000-memory.dmp

      Filesize

      48.0MB

    • memory/2140-13-0x0000000000210000-0x0000000000211000-memory.dmp

      Filesize

      4KB