Resubmissions

27-01-2024 09:27

240127-lezxaahdd2 7

27-01-2024 09:23

240127-lcrswshch8 10

27-01-2024 07:59

240127-jvdymshgcp 7

Analysis

  • max time kernel
    190s
  • max time network
    192s
  • platform
    windows10-1703_x64
  • resource
    win10-20231215-en
  • resource tags

    arch:x64arch:x86image:win10-20231215-enlocale:en-usos:windows10-1703-x64system
  • submitted
    27-01-2024 09:23

General

  • Target

    64201921222189.js

  • Size

    6.4MB

  • MD5

    9ad0dc56c7f7492b4555812c774fe3d6

  • SHA1

    4b18214b4b08864f0073f56d098e2b4f0f1997ec

  • SHA256

    dbd9dcd47010476f23da069f9d2c41c9f20b08bf3eb506c5c8bdb6dfa6811c4d

  • SHA512

    01195cd51e6e47026d12b1c07c235704abe3e953e518ae14d0bcde6ee724667d318420d5e1b4e0784fcd52a388fd44046a44eacca017cd7e2da7e15d561707d2

  • SSDEEP

    49152:pDH/1og88w/d8Q3YOkgPJs8vU/knfBLi7kj6dXjocM:M

Score
3/10

Malware Config

Signatures

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious use of SetWindowsHookEx 2 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Windows\system32\wscript.exe
    wscript.exe C:\Users\Admin\AppData\Local\Temp\64201921222189.js
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:4292
    • C:\Windows\System32\cmd.exe
      "C:\Windows\System32\cmd.exe" /k copy "C:\Users\Admin\AppData\Local\Temp\64201921222189.js" "C:\Users\Admin\AppData\Local\Temp\\geeserecord.bat" && "C:\Users\Admin\AppData\Local\Temp\\geeserecord.bat"
      2⤵
      • Suspicious use of WriteProcessMemory
      PID:1420
      • C:\Windows\hh.exe
        Hh /////0SLhCTAFwEAQYHw/////0UhxkQJ8YPx/0GD9f9Ei4QkwBcBAEGB8CYC/rVECelBgcgmAv61g/H/RCHBQYnoQYPw/0GB4P////+LnCTAFwEAgfP/////Id1BCehEifuD8/+B4/////+LrCTAFwEAgfX/////QSHvRAn7i6wkwBcBAIH1sgLiR4Hl4gDPg0SLtCTAFwEAQYH24gDPg0WJ90GB57IC4kdEi6QkwBcBAEGB9P////9BgeTiAM+DQYHm/////0QJ/UUJ9EQx5UWJxkEh3kEx2EUJxkSLhCTAFwEAQYHwsgLiR4nrg/P/RIu8JMAXAQBBgffyzmauRYnEQYHk8s5mrkWJ/UGB5bIC4keJ34Hn8s5mrkQh/UUJ7AnvQTH8QQnYQYPw/0GBz/LOZq5FIfhFCcRFifBBg/D/QYHg/////4u8JMAXAQCB9/////9BIf5FCfBBg/T/RInHRDHnRCHHRIuEJPwWAQBBg/D/QYHgKdR/k4ucJMAXAQCB8yn
        3⤵
        • Suspicious use of SetWindowsHookEx
        PID:2416

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\geeserecord.bat

    Filesize

    764KB

    MD5

    34a22ea77357fa86dd4fece5ce6080d0

    SHA1

    e463ce098d16c5849e5f369bb1cf1e8e68ca79e5

    SHA256

    ee067c8a1b433cf171074a594bd53bcbb23b06ab72b140b0c1d7052f1d6f48c1

    SHA512

    266d2d153908abdf07b484c3fad9237dd7b6851501c31e59bd6b0c2e3249d2091dd506588456797dbfe1676197479cca0498ae8cbba4944f44767494da38a751