Resubmissions
27-01-2024 09:27
240127-lezxaahdd2 727-01-2024 09:23
240127-lcrswshch8 1027-01-2024 07:59
240127-jvdymshgcp 7Analysis
-
max time kernel
203s -
max time network
196s -
platform
windows11-21h2_x64 -
resource
win11-20231222-en -
resource tags
arch:x64arch:x86image:win11-20231222-enlocale:en-usos:windows11-21h2-x64system -
submitted
27-01-2024 09:23
Static task
static1
Behavioral task
behavioral1
Sample
64201921222189.js
Resource
win7-20231215-en
Behavioral task
behavioral2
Sample
64201921222189.js
Resource
win10-20231215-en
Behavioral task
behavioral3
Sample
64201921222189.js
Resource
win10v2004-20231215-en
Behavioral task
behavioral4
Sample
64201921222189.js
Resource
win11-20231222-en
General
-
Target
64201921222189.js
-
Size
6.4MB
-
MD5
9ad0dc56c7f7492b4555812c774fe3d6
-
SHA1
4b18214b4b08864f0073f56d098e2b4f0f1997ec
-
SHA256
dbd9dcd47010476f23da069f9d2c41c9f20b08bf3eb506c5c8bdb6dfa6811c4d
-
SHA512
01195cd51e6e47026d12b1c07c235704abe3e953e518ae14d0bcde6ee724667d318420d5e1b4e0784fcd52a388fd44046a44eacca017cd7e2da7e15d561707d2
-
SSDEEP
49152:pDH/1og88w/d8Q3YOkgPJs8vU/knfBLi7kj6dXjocM:M
Malware Config
Signatures
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Suspicious use of SetWindowsHookEx 2 IoCs
pid Process 3060 hh.exe 3060 hh.exe -
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 2104 wrote to memory of 2000 2104 wscript.exe 79 PID 2104 wrote to memory of 2000 2104 wscript.exe 79 PID 2000 wrote to memory of 3060 2000 cmd.exe 82 PID 2000 wrote to memory of 3060 2000 cmd.exe 82
Processes
-
C:\Windows\system32\wscript.exewscript.exe C:\Users\Admin\AppData\Local\Temp\64201921222189.js1⤵
- Suspicious use of WriteProcessMemory
PID:2104 -
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /k copy "C:\Users\Admin\AppData\Local\Temp\64201921222189.js" "C:\Users\Admin\AppData\Local\Temp\\geeserecord.bat" && "C:\Users\Admin\AppData\Local\Temp\\geeserecord.bat"2⤵
- Suspicious use of WriteProcessMemory
PID:2000 -
C:\Windows\hh.exeHh /////0SLhCTAFwEAQYHw/////0UhxkQJ8YPx/0GD9f9Ei4QkwBcBAEGB8CYC/rVECelBgcgmAv61g/H/RCHBQYnoQYPw/0GB4P////+LnCTAFwEAgfP/////Id1BCehEifuD8/+B4/////+LrCTAFwEAgfX/////QSHvRAn7i6wkwBcBAIH1sgLiR4Hl4gDPg0SLtCTAFwEAQYH24gDPg0WJ90GB57IC4kdEi6QkwBcBAEGB9P////9BgeTiAM+DQYHm/////0QJ/UUJ9EQx5UWJxkEh3kEx2EUJxkSLhCTAFwEAQYHwsgLiR4nrg/P/RIu8JMAXAQBBgffyzmauRYnEQYHk8s5mrkWJ/UGB5bIC4keJ34Hn8s5mrkQh/UUJ7AnvQTH8QQnYQYPw/0GBz/LOZq5FIfhFCcRFifBBg/D/QYHg/////4u8JMAXAQCB9/////9BIf5FCfBBg/T/RInHRDHnRCHHRIuEJPwWAQBBg/D/QYHgKdR/k4ucJMAXAQCB8yn3⤵
- Suspicious use of SetWindowsHookEx
PID:3060
-
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
6.4MB
MD59ad0dc56c7f7492b4555812c774fe3d6
SHA14b18214b4b08864f0073f56d098e2b4f0f1997ec
SHA256dbd9dcd47010476f23da069f9d2c41c9f20b08bf3eb506c5c8bdb6dfa6811c4d
SHA51201195cd51e6e47026d12b1c07c235704abe3e953e518ae14d0bcde6ee724667d318420d5e1b4e0784fcd52a388fd44046a44eacca017cd7e2da7e15d561707d2