873bd289f8f446b716b39c7d229cd3a065547b68f54f771682156300c4247150

Analysis

max time kernel
0s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
22-12-2023 04:56

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

6b365cde2eb2200cf974830e8e89ff74.js
Size

1.8MB
MD5

6b365cde2eb2200cf974830e8e89ff74
SHA1

c7b2dd8fe2e63a784f3c304e8c8e6e4fb414c770
SHA256

873bd289f8f446b716b39c7d229cd3a065547b68f54f771682156300c4247150
SHA512

5aaceb9826db8a966cff9e43042a34baa27847512adb700844c63afe972db36e39eb8e522f592f184efbf5adc224f84f358cb9397b87b1fc437cdf6d9cc52609
SSDEEP

24576:TaSZBTwNKxGer6fLIQkn08cP2snpaSZBTwNKxGer6fLIQkn08cP2sn6:jVEZf1jPVEZf1j4

Score

7^/10

discovery

Malware Config

Signatures

Modifies file permissions 1 TTPs 1 IoCs

discovery

File and Directory Permissions Modification

T1222

pid	Process
4220	icacls.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

C:\Windows\system32\wscript.exe
wscript.exe C:\Users\Admin\AppData\Local\Temp\6b365cde2eb2200cf974830e8e89ff74.js
1⤵
PID:2988
- C:\Program Files\Java\jre-1.8\bin\javaw.exe
  "C:\Program Files\Java\jre-1.8\bin\javaw.exe" -jar "C:\Users\Admin\AppData\Roaming\pptjlxvyu.txt"
  2⤵
  PID:4716
- - C:\Program Files\Java\jre-1.8\bin\java.exe
    "C:\Program Files\Java\jre-1.8\bin\java.exe" -jar C:\Users\Admin\AppData\Local\Temp\_0.80925521916829635098430644303342459.class
    3⤵
    PID:4484
- - C:\Windows\system32\icacls.exe
    C:\Windows\system32\icacls.exe C:\ProgramData\Oracle\Java\.oracle_jre_usage /grant "everyone":(OI)(CI)M
    3⤵
    - Modifies file permissions
    PID:4220
- C:\Windows\System32\WScript.exe
  "C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Roaming\eVvEfMYHrV.js"
  2⤵
  PID:1056

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

File and Directory Permissions Modification

T1222

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\ProgramData\Oracle\Java\.oracle_jre_usage\3903daac9bc4a3b7.timestamp

Filesize
46B

MD5
9a5d8e7dfff3f4395b26f2efeb1b5970

SHA1
9a0f7bc4f932532e8e9991bc8532ac9fc441941e

SHA256
1ffeba8b48fa8b44f2188cdbd50daf72d6055834bd368882f2818f066af8ded5

SHA512
4b6a856a6e4b35db1c39d8cb1a6dffa5d1da8e8d02b3fd77031946ccdfe2842656e5ddbda469bfaa54f2a609ca1f107721fa912e3ea6916618d83b6a0b9ed972

Download Submit
C:\Users\Admin\AppData\Local\Temp\_0.80925521916829635098430644303342459.class

Filesize
35KB

MD5
b34b949d144d36def64b840d5849f37a

SHA1
76ec238721018b8d6a23566b9d701b674f8c63aa

SHA256
405cd3aa916adfcb30b61f82045d2790a0534165c75a731efac7f198a8407b35

SHA512
2f11c69b69c3637c427c2311ca49bd3863411f4889e844030298cf3cf7126f10bd03268cddf71e75b3aa766e65c8c5be0ee830c16a3ad25484a9ef7e0381282b

Download Submit
C:\Users\Admin\AppData\Roaming\eVvEfMYHrV.js

Filesize
14KB

MD5
7da63b5e09aca81ff9226cb98eb7c07f

SHA1
95b8e956af1684adfa7eeb44fbb8703e314ed714

SHA256
9591223d96a8fbdef996a889892846b7162aee19904f030080dbf3ca2d966c20

SHA512
608af6335c141e95cb8b1f95dae2d47c5cc7c0ba18fbcfca851681ddabfa17be920d5d5b2986b0da69fbaec6e4cd9d3bcadc70b6c63e2f9e31957eff6d347e70

Download Submit
C:\Users\Admin\AppData\Roaming\pptjlxvyu.txt

Filesize
28KB

MD5
bbe2bb8ca9e110d655ccd5a4c732804a

SHA1
1b3e5d26be76cb9729c037670a5df0e230167822

SHA256
2ad9e1d550052957befce897f9d6a49ce0a5ec7d27aefa5da830ef2cd9d120ca

SHA512
b314326ba3441293b9e1a6914cac332ce00f93956c843609f24e8572b56039d66d3b2bb3175d17549d80fc93c41817fd17300a989b755d977372785a86dc597d

Download Submit
memory/4484-30-0x000002BC1CCD0000-0x000002BC1DCD0000-memory.dmp

Filesize
16.0MB

Download
memory/4484-39-0x000002BC1B440000-0x000002BC1B441000-memory.dmp

Filesize
4KB

Download
memory/4484-42-0x000002BC1CCD0000-0x000002BC1DCD0000-memory.dmp

Filesize
16.0MB

Download
memory/4484-43-0x000002BC1CCD0000-0x000002BC1DCD0000-memory.dmp

Filesize
16.0MB

Download
memory/4716-11-0x000001FD9CF40000-0x000001FD9DF40000-memory.dmp

Filesize
16.0MB

Download
memory/4716-27-0x000001FD9B900000-0x000001FD9B901000-memory.dmp

Filesize
4KB

Download