Resubmissions
27-01-2024 09:27
240127-lezxaahdd2 727-01-2024 09:23
240127-lcrswshch8 1027-01-2024 07:59
240127-jvdymshgcp 7Analysis
-
max time kernel
190s -
max time network
192s -
platform
windows10-1703_x64 -
resource
win10-20231215-en -
resource tags
arch:x64arch:x86image:win10-20231215-enlocale:en-usos:windows10-1703-x64system -
submitted
27-01-2024 09:23
Static task
static1
Behavioral task
behavioral1
Sample
64201921222189.js
Resource
win7-20231215-en
Behavioral task
behavioral2
Sample
64201921222189.js
Resource
win10-20231215-en
Behavioral task
behavioral3
Sample
64201921222189.js
Resource
win10v2004-20231215-en
Behavioral task
behavioral4
Sample
64201921222189.js
Resource
win11-20231222-en
General
-
Target
64201921222189.js
-
Size
6.4MB
-
MD5
9ad0dc56c7f7492b4555812c774fe3d6
-
SHA1
4b18214b4b08864f0073f56d098e2b4f0f1997ec
-
SHA256
dbd9dcd47010476f23da069f9d2c41c9f20b08bf3eb506c5c8bdb6dfa6811c4d
-
SHA512
01195cd51e6e47026d12b1c07c235704abe3e953e518ae14d0bcde6ee724667d318420d5e1b4e0784fcd52a388fd44046a44eacca017cd7e2da7e15d561707d2
-
SSDEEP
49152:pDH/1og88w/d8Q3YOkgPJs8vU/knfBLi7kj6dXjocM:M
Malware Config
Signatures
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Suspicious use of SetWindowsHookEx 2 IoCs
pid Process 2416 hh.exe 2416 hh.exe -
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 4292 wrote to memory of 1420 4292 wscript.exe 74 PID 4292 wrote to memory of 1420 4292 wscript.exe 74 PID 1420 wrote to memory of 2416 1420 cmd.exe 76 PID 1420 wrote to memory of 2416 1420 cmd.exe 76
Processes
-
C:\Windows\system32\wscript.exewscript.exe C:\Users\Admin\AppData\Local\Temp\64201921222189.js1⤵
- Suspicious use of WriteProcessMemory
PID:4292 -
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /k copy "C:\Users\Admin\AppData\Local\Temp\64201921222189.js" "C:\Users\Admin\AppData\Local\Temp\\geeserecord.bat" && "C:\Users\Admin\AppData\Local\Temp\\geeserecord.bat"2⤵
- Suspicious use of WriteProcessMemory
PID:1420 -
C:\Windows\hh.exeHh /////0SLhCTAFwEAQYHw/////0UhxkQJ8YPx/0GD9f9Ei4QkwBcBAEGB8CYC/rVECelBgcgmAv61g/H/RCHBQYnoQYPw/0GB4P////+LnCTAFwEAgfP/////Id1BCehEifuD8/+B4/////+LrCTAFwEAgfX/////QSHvRAn7i6wkwBcBAIH1sgLiR4Hl4gDPg0SLtCTAFwEAQYH24gDPg0WJ90GB57IC4kdEi6QkwBcBAEGB9P////9BgeTiAM+DQYHm/////0QJ/UUJ9EQx5UWJxkEh3kEx2EUJxkSLhCTAFwEAQYHwsgLiR4nrg/P/RIu8JMAXAQBBgffyzmauRYnEQYHk8s5mrkWJ/UGB5bIC4keJ34Hn8s5mrkQh/UUJ7AnvQTH8QQnYQYPw/0GBz/LOZq5FIfhFCcRFifBBg/D/QYHg/////4u8JMAXAQCB9/////9BIf5FCfBBg/T/RInHRDHnRCHHRIuEJPwWAQBBg/D/QYHgKdR/k4ucJMAXAQCB8yn3⤵
- Suspicious use of SetWindowsHookEx
PID:2416
-
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
764KB
MD534a22ea77357fa86dd4fece5ce6080d0
SHA1e463ce098d16c5849e5f369bb1cf1e8e68ca79e5
SHA256ee067c8a1b433cf171074a594bd53bcbb23b06ab72b140b0c1d7052f1d6f48c1
SHA512266d2d153908abdf07b484c3fad9237dd7b6851501c31e59bd6b0c2e3249d2091dd506588456797dbfe1676197479cca0498ae8cbba4944f44767494da38a751