Analysis
-
max time kernel
8s -
max time network
199s -
platform
windows10-2004_x64 -
resource
win10v2004-20231215-en -
resource tags
arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system -
submitted
10-01-2024 18:02
Static task
static1
Behavioral task
behavioral1
Sample
update.js
Resource
win7-20231215-en
windows7-x64
2 signatures
300 seconds
Behavioral task
behavioral2
Sample
update.js
Resource
win10v2004-20231215-en
windows10-2004-x64
2 signatures
300 seconds
General
-
Target
update.js
-
Size
8.4MB
-
MD5
02e0d62d9ec94b322ea3358b8d8844c2
-
SHA1
3f3d4a982d01e9d152434187fb88144f0a5f6408
-
SHA256
7b0cdf4f0ef5b014c27e97325f31af8875384fff555129a95a12c9ebea66de0a
-
SHA512
9f03bf3dd662a5d2f3de5c062ac5b881bd3c420c00ee440a6082b2e45116739a3738d5fc0cbfe634c17ef2ba80e2e5a290c9e8ee1c9cc5098bec4c856a5e0e52
-
SSDEEP
6144:4QUfqr/bg4Ozb/h4OlbfC4ObbO04O8e5LBfl0Kldq8D6WUZT+1R4PoXW0b4/3mlS:o
Score
1/10
Malware Config
Signatures
-
Suspicious behavior: EnumeratesProcesses 2 IoCs
pid Process 1344 AddInProcess.exe 1344 AddInProcess.exe -
Suspicious use of AdjustPrivilegeToken 1 IoCs
description pid Process Token: SeDebugPrivilege 1344 AddInProcess.exe
Processes
-
C:\Windows\system32\wscript.exewscript.exe C:\Users\Admin\AppData\Local\Temp\update.js1⤵PID:1908
-
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInProcess.exe"C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInProcess.exe" /guid:842fcdd2-f172-4647-a444-05a0bdc8965b /pid:33041⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:1344