421c6e4dc68b3eb178243788435e0346b78fae06ffa5126c7b95bd222da0f9d9

Analysis

max time kernel
8s
max time network
121s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
11-01-2024 03:38

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

526e79a834bb7c263ee552706e8ca417.js
Size

462KB
MD5

526e79a834bb7c263ee552706e8ca417
SHA1

088706831253c13f4d77a76c3e9c4e85ac15e104
SHA256

421c6e4dc68b3eb178243788435e0346b78fae06ffa5126c7b95bd222da0f9d9
SHA512

8bb57999c72b37b2572c166c46026f53c5746992c0a7019f5aa74651e87bef9042254d031412c458a9542e38f61304756787822ffc4ef2ffcf3bd1ae07ccb59f
SSDEEP

6144:b2MG+uzi8Smdo2S/2/7Xu3b318f2MG+uzi8Smdo2S/2/7Xu3b318g:oK8Smdoh/awbKEK8Smdoh/awbKg

Score

7^/10

discovery

Malware Config

Signatures

Modifies file permissions 1 TTPs 1 IoCs

discovery

File and Directory Permissions Modification

T1222

pid	Process
460	icacls.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

C:\Windows\system32\wscript.exe
wscript.exe C:\Users\Admin\AppData\Local\Temp\526e79a834bb7c263ee552706e8ca417.js
1⤵
PID:3556
- C:\Windows\System32\WScript.exe
  "C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Roaming\RypRJcyXfu.js"
  2⤵
  PID:560
- C:\Program Files\Java\jre-1.8\bin\javaw.exe
  "C:\Program Files\Java\jre-1.8\bin\javaw.exe" -jar "C:\Users\Admin\AppData\Roaming\farswlsp.txt"
  2⤵
  PID:2356
- - C:\Windows\system32\icacls.exe
    C:\Windows\system32\icacls.exe C:\ProgramData\Oracle\Java\.oracle_jre_usage /grant "everyone":(OI)(CI)M
    3⤵
    - Modifies file permissions
    PID:460

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

File and Directory Permissions Modification

T1222

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\ProgramData\Oracle\Java\.oracle_jre_usage\3903daac9bc4a3b7.timestamp

Filesize
46B

MD5
f2d1339bf06fbe484153622db41a797b

SHA1
9e2c0e9225bce8966867b1c3dfc169e202e89b05

SHA256
ae8ea00efd36e47d89c6ae35708e49de860327a73fafd97b6259d555cd5fb0ce

SHA512
afea8936a2521eb58139ded496c897da293180f43f0063a3a9fedf394e9873369917c9ff3882669abaf92135f9ac71a02209b2b52459f60974b0a392a54a8eaf

Download Submit
C:\Users\Admin\AppData\Roaming\RypRJcyXfu.js

Filesize
14KB

MD5
1ba12eceb96fcc3f701b57a122d2d619

SHA1
e6760348cbee519d5f6d99f38cce7c4ead6fc9fa

SHA256
f5582ff25d56281b7a5158ff4105d71f6a1453f1f75e4f26a0d82efd2f61160d

SHA512
08a22d4a5642a828ebfdb18c99d20cbaa49ee966cd166f4338a8ddfc17875da3f5bb1feb7ab8a7aab3e2b98adca9d9464b786d7dc8329cad1e52082669b81ed7

Download Submit
C:\Users\Admin\AppData\Roaming\farswlsp.txt

Filesize
64KB

MD5
529845b08de5e5993c445d5d1e011046

SHA1
fc8693ed3902ca232c74162cc36c7e55cbed704c

SHA256
26151310470cc8dcd3b9735c81dedb4efa4b0b041115b787700a78ed39f87304

SHA512
0993a2934114a10a5fa1f9477d713cf8a7ce49a880550086adea65d508332d93ad140c8a4e70025d11a7d210f9dc337c92322c36983eee2fd5e45ffa1f55a503

Download Submit
memory/2356-52-0x000001ED15FD0000-0x000001ED15FE0000-memory.dmp

Filesize
64KB

Download
memory/2356-57-0x000001ED16020000-0x000001ED16030000-memory.dmp

Filesize
64KB

Download
memory/2356-27-0x000001ED15D30000-0x000001ED16D30000-memory.dmp

Filesize
16.0MB

Download
memory/2356-29-0x000001ED15D10000-0x000001ED15D11000-memory.dmp

Filesize
4KB

Download
memory/2356-37-0x000001ED15D10000-0x000001ED15D11000-memory.dmp

Filesize
4KB

Download
memory/2356-42-0x000001ED15D30000-0x000001ED16D30000-memory.dmp

Filesize
16.0MB

Download
memory/2356-50-0x000001ED15FB0000-0x000001ED15FC0000-memory.dmp

Filesize
64KB

Download
memory/2356-51-0x000001ED16030000-0x000001ED16040000-memory.dmp

Filesize
64KB

Download
memory/2356-53-0x000001ED15FF0000-0x000001ED16000000-memory.dmp

Filesize
64KB

Download
memory/2356-12-0x000001ED15D30000-0x000001ED16D30000-memory.dmp

Filesize
16.0MB

Download
memory/2356-56-0x000001ED15D30000-0x000001ED16D30000-memory.dmp

Filesize
16.0MB

Download
memory/2356-19-0x000001ED15D10000-0x000001ED15D11000-memory.dmp

Filesize
4KB

Download
memory/2356-55-0x000001ED16010000-0x000001ED16020000-memory.dmp

Filesize
64KB

Download
memory/2356-58-0x000001ED16040000-0x000001ED16050000-memory.dmp

Filesize
64KB

Download
memory/2356-54-0x000001ED16000000-0x000001ED16010000-memory.dmp

Filesize
64KB

Download
memory/2356-60-0x000001ED16070000-0x000001ED16080000-memory.dmp

Filesize
64KB

Download
memory/2356-62-0x000001ED16090000-0x000001ED160A0000-memory.dmp

Filesize
64KB

Download
memory/2356-64-0x000001ED160A0000-0x000001ED160B0000-memory.dmp

Filesize
64KB

Download
memory/2356-65-0x000001ED160B0000-0x000001ED160C0000-memory.dmp

Filesize
64KB

Download
memory/2356-63-0x000001ED15D30000-0x000001ED16D30000-memory.dmp

Filesize
16.0MB

Download
memory/2356-61-0x000001ED16080000-0x000001ED16090000-memory.dmp

Filesize
64KB

Download
memory/2356-59-0x000001ED16060000-0x000001ED16070000-memory.dmp

Filesize
64KB

Download
memory/2356-66-0x000001ED15D30000-0x000001ED16D30000-memory.dmp

Filesize
16.0MB

Download