Overview

overview

7

Static

static

1

64201921222189.js

windows7-x64

3

64201921222189.js

windows10-2004-x64

7

Analysis

  • max time kernel
    119s
  • max time network
    123s
  • platform
    windows7_x64
  • resource
    win7-20231215-en
  • resource tags

    arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
  • submitted
    27-01-2024 07:59

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    64201921222189.js

  • Size

    6.4MB

  • MD5

    9ad0dc56c7f7492b4555812c774fe3d6

  • SHA1

    4b18214b4b08864f0073f56d098e2b4f0f1997ec

  • SHA256

    dbd9dcd47010476f23da069f9d2c41c9f20b08bf3eb506c5c8bdb6dfa6811c4d

  • SHA512

    01195cd51e6e47026d12b1c07c235704abe3e953e518ae14d0bcde6ee724667d318420d5e1b4e0784fcd52a388fd44046a44eacca017cd7e2da7e15d561707d2

  • SSDEEP

    49152:pDH/1og88w/d8Q3YOkgPJs8vU/knfBLi7kj6dXjocM:M

Score
3/10

Malware Config

Signatures

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies Internet Explorer settings 1 TTPs 1 IoCs
    adwarespyware
  • Suspicious use of SetWindowsHookEx 2 IoCs
  • Suspicious use of WriteProcessMemory 6 IoCs

Processes

  • C:\Windows\system32\wscript.exe
    wscript.exe C:\Users\Admin\AppData\Local\Temp\64201921222189.js
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2504
    • C:\Windows\System32\cmd.exe
      "C:\Windows\System32\cmd.exe" /k copy "C:\Users\Admin\AppData\Local\Temp\64201921222189.js" "C:\Users\Admin\AppData\Local\Temp\\geeserecord.bat" && "C:\Users\Admin\AppData\Local\Temp\\geeserecord.bat"
      2⤵
      • Suspicious use of WriteProcessMemory
      PID:2404
      • C:\Windows\hh.exe
        Hh /////0SLhCTAFwEAQYHw/////0UhxkQJ8YPx/0GD9f9Ei4QkwBcBAEGB8CYC/rVECelBgcgmAv61g/H/RCHBQYnoQYPw/0GB4P////+LnCTAFwEAgfP/////Id1BCehEifuD8/+B4/////+LrCTAFwEAgfX/////QSHvRAn7i6wkwBcBAIH1sgLiR4Hl4gDPg0SLtCTAFwEAQYH24gDPg0WJ90GB57IC4kdEi6QkwBcBAEGB9P////9BgeTiAM+DQYHm/////0QJ/UUJ9EQx5UWJxkEh3kEx2EUJxkSLhCTAFwEAQYHwsgLiR4nrg/P/RIu8JMAXAQBBgffyzmauRYnEQYHk8s5mrkWJ/UGB5bIC4keJ34Hn8s5mrkQh/UUJ7AnvQTH8QQnYQYPw/0GBz/LOZq5FIfhFCcRFifBBg/D/QYHg/////4u8JMAXAQCB9/////9BIf5FCfBBg/T/RInHRDHnRCHHRIuEJPwWAQBBg/D/QYHgKdR/k4ucJMAXAQCB8yn
        3⤵
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:2028

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\geeserecord.bat
    Filesize

    6.4MB

    MD5

    9ad0dc56c7f7492b4555812c774fe3d6

    SHA1

    4b18214b4b08864f0073f56d098e2b4f0f1997ec

    SHA256

    dbd9dcd47010476f23da069f9d2c41c9f20b08bf3eb506c5c8bdb6dfa6811c4d

    SHA512

    01195cd51e6e47026d12b1c07c235704abe3e953e518ae14d0bcde6ee724667d318420d5e1b4e0784fcd52a388fd44046a44eacca017cd7e2da7e15d561707d2

    Download Submit

  • memory/2028-186-0x000007FFFFF90000-0x000007FFFFFA0000-memory.dmp

    Filesize

    64KB

    Download