Analysis
-
max time kernel
122s -
max time network
127s -
platform
windows7_x64 -
resource
win7-20230831-en -
resource tags
arch:x64arch:x86image:win7-20230831-enlocale:en-usos:windows7-x64system -
submitted
12-10-2023 07:26
Static task
static1
Behavioral task
behavioral1
Sample
b8416d71e5a4bd1cc48552152bbbce450009ca04a6891823de3067af57c1559a.js
Resource
win7-20230831-en
Behavioral task
behavioral2
Sample
b8416d71e5a4bd1cc48552152bbbce450009ca04a6891823de3067af57c1559a.js
Resource
win10v2004-20230915-en
General
-
Target
b8416d71e5a4bd1cc48552152bbbce450009ca04a6891823de3067af57c1559a.js
-
Size
1.3MB
-
MD5
f932b7a291840c0258415c4ec624b5b8
-
SHA1
e5b47c5f358af996531e9cf94e4578f5ed916e76
-
SHA256
b8416d71e5a4bd1cc48552152bbbce450009ca04a6891823de3067af57c1559a
-
SHA512
fe369c4f285ff7dd2f57ba1705b14a10a6daee41d7d0093f1f3f232f0336c4e341c9c6f1e3b7851fd1fea0a90b6e93e1b536c895704e13f604772eb18fbb51f3
-
SSDEEP
6144:MQqiiTWY4S2ptEeyYRTX4Vo+AGKtQxHJKq8uPIZxdG+it7aUiN0l/NqM138zMZn5:Xs
Malware Config
Signatures
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Suspicious use of WriteProcessMemory 3 IoCs
Processes:
wscript.exedescription pid process target process PID 2944 wrote to memory of 2140 2944 wscript.exe javaw.exe PID 2944 wrote to memory of 2140 2944 wscript.exe javaw.exe PID 2944 wrote to memory of 2140 2944 wscript.exe javaw.exe
Processes
-
C:\Windows\system32\wscript.exewscript.exe C:\Users\Admin\AppData\Local\Temp\b8416d71e5a4bd1cc48552152bbbce450009ca04a6891823de3067af57c1559a.js1⤵
- Suspicious use of WriteProcessMemory
PID:2944 -
C:\Program Files\Java\jre7\bin\javaw.exe"C:\Program Files\Java\jre7\bin\javaw.exe" -jar "C:\Users\Admin\AppData\Roaming\rmknliuhi.txt"2⤵PID:2140
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
164KB
MD5c7fff6f9adc6a624b2dcb9651c3b3567
SHA16912bf0f6924e47e88eb976214b4c4cd22f8e863
SHA2560b7805864d52d9023f35762740194c4bcb7a01c38e9db071cc7526dca68253fd
SHA512979ff8489c59c4e076113daa51a545cc4ab2b969e5d9b4ad2982eebc6cf2199852b70aa2d721277211ca0eb5664ba364b6bd5a4092f62dea98a1afc8d04c3c61