Overview

overview

10

Static

static

1

4035_4414671332562.js

windows7-x64

10

4035_4414671332562.js

windows10-2004-x64

10

Analysis

  • max time kernel
    118s
  • max time network
    119s
  • platform
    windows7_x64
  • resource
    win7-20231215-en
  • resource tags

    arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
  • submitted
    04-02-2024 15:03

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    4035_4414671332562.js

  • Size

    1.7MB

  • MD5

    5691f001d9a83639c5f6fed3e999e090

  • SHA1

    2ba3ef2e2cca6dfdf154b0565901b4da5833cab9

  • SHA256

    7780f61445e2a2ca907d5f1292a02da7753c8959902ea54b1e4bc5bdb655d95e

  • SHA512

    9a3188340367feab9734c183a7c43cc98a7de149ecfe3bff27e73de717d9826aa5eab1ab4f532ebcbb43a362f274866bf342c3896fa52d56659daca5daa9eb65

  • SSDEEP

    24576:NdjoqRpEnFJoYgKyWGjg5Y0SNS/tSgVNkBI2KCcaxazM9jlVQ8l4PbmFCMX1/QQS:I7RGq

Score
10/10
strelastealer

Malware Config

Signatures

  • Strela

    An info stealer targeting mail credentials first seen in late 2022.

    stealerstrela
  • Loads dropped DLL 4 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious use of WriteProcessMemory 12 IoCs

Processes

  • C:\Windows\system32\wscript.exe
    wscript.exe C:\Users\Admin\AppData\Local\Temp\4035_4414671332562.js
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1960
    • C:\Windows\System32\cmd.exe
      "C:\Windows\System32\cmd.exe" /k copy "C:\Users\Admin\AppData\Local\Temp\4035_4414671332562.js" "C:\Users\Admin\\womanlypoor.bat" && "C:\Users\Admin\\womanlypoor.bat"
      2⤵
      • Suspicious use of WriteProcessMemory
      PID:1980
      • C:\Windows\system32\findstr.exe
        findstr /V mellowfemale ""C:\Users\Admin\\womanlypoor.bat""
        3⤵
          PID:2584
        • C:\Windows\system32\certutil.exe
          certutil -f -decode comfortablesteer scorchapparatus.dll
          3⤵
            PID:2916
          • C:\Windows\system32\rundll32.exe
            rundll32 scorchapparatus.dll,main
            3⤵
            • Loads dropped DLL
            PID:2072

      Network

      MITRE ATT&CK Matrix ATT&CK v13

      Replay Monitor

      Loading Replay Monitor...

      Downloads

      • C:\Users\Admin\comfortablesteer
        Filesize

        111KB

        MD5

        85c5984b1c3e85af87341c9849e6e414

        SHA1

        f290180076dcaba1dbfa649e359f479ca68bc2db

        SHA256

        886c894b9f537531ac52bab36464ae8f5bb3358a89984a3f02fddc6b7445b306

        SHA512

        f11e3405b58a935d30a0395c758ade37c641419bc5b443daedba769f31e3e688c0235a41309d1e0e321d7d79c0176493e47f9d9991eb947e0a4d84fef069d165

        Download Submit
      • C:\Users\Admin\scorchapparatus.dll
        Filesize

        142KB

        MD5

        66ab7d46797406c3e66099d060e7ba6f

        SHA1

        329a7eecefbd5f5f138a7ca51593fcb81467d928

        SHA256

        fa67fcbf0cc99749ce84cc5730f81304c2f8042b6e1ae13fb47fe0b535310a00

        SHA512

        81488283aadb5ad93569ae78da3094ded001087df76b22fa744d5c10acff465d83e5222128546fa46fe6c2616ee60a8f345d7bd7c5c939a165b3f798b9df4d3e

        Download Submit
      • C:\Users\Admin\womanlypoor.bat
        Filesize

        1.2MB

        MD5

        86feb3958edd3359028fb58fb342b956

        SHA1

        7cdc2415951d668cc81a2145ccd16e8ca9bb625f

        SHA256

        cc361c51487d162c04329d6d4bcffc0d3b2e0f2d5bb17ff41c7ac59dfd81cf17

        SHA512

        94d801679279f385193b880c7f7466c1653ee073a9e164fe727e9b88d07408161c4a097c891d123932fdcec2dbc2205a8787384face85e585fda483498d210aa

        Download Submit
      • C:\Users\Admin\womanlypoor.bat
        Filesize

        1.7MB

        MD5

        5691f001d9a83639c5f6fed3e999e090

        SHA1

        2ba3ef2e2cca6dfdf154b0565901b4da5833cab9

        SHA256

        7780f61445e2a2ca907d5f1292a02da7753c8959902ea54b1e4bc5bdb655d95e

        SHA512

        9a3188340367feab9734c183a7c43cc98a7de149ecfe3bff27e73de717d9826aa5eab1ab4f532ebcbb43a362f274866bf342c3896fa52d56659daca5daa9eb65

        Download Submit
      • \Users\Admin\scorchapparatus.dll
        Filesize

        122KB

        MD5

        c8fd979ac8a4fa4d9c48896b5cdb8c98

        SHA1

        7a0112c6e52ab0ce87e056a7039eaafb6729de5b

        SHA256

        1a5e43ce2aa335d0819a04fe9fc3f0e030bcb6266826785cecdff0b1fc47b238

        SHA512

        5ff9a29ea3586473283008918d1f17040e6b7f12872bb8012e795518f15d6c8d49c7dff43074ab633598d4e917773ae2fd8ea371ef2b009cf2b2874bc40af44c

        Download Submit
      • \Users\Admin\scorchapparatus.dll
        Filesize

        75KB

        MD5

        d9efaa2e2292c8255074099bc4db605a

        SHA1

        584464ab51dd13b5942e405d94f95edc0cc224ec

        SHA256

        1e36b0d2a4cf63f7729700d16cec4478fef537a0ebdb4b30e6634db8ae651385

        SHA512

        c380b9ef68154b28b8e806e8a84b55414057621a5fcaf13f4d5a957eb7f235afb17b565e70640bf8d5c67f6a69d411aa32a76c97a551ae88c69d8ea682635ca1

        Download Submit
      • \Users\Admin\scorchapparatus.dll
        Filesize

        119KB

        MD5

        c5c1b3015e1feb0176b3123d0ab80e02

        SHA1

        e57b5efbf81602105a582f82bf250cc8ebdbba58

        SHA256

        f325fa4313c0db43df400fba1a99c129dd3d46ce3ac94cffba04f1703096e7fe

        SHA512

        a76d1a9254a77428f87b59a5ce5f71a39ddd8b61a7e54ff65211cd5fd6510c33433f085bba35a0d154005fb8dafb63ef513a56674540c7b1bc063915aa1e0ebb

        Download Submit
      • \Users\Admin\scorchapparatus.dll
        Filesize

        94KB

        MD5

        32fe5e6e9827b4e8286f876360a41959

        SHA1

        1b23dcc78e51b7c87d634a4ceee61d92180ac769

        SHA256

        ef54d38aa8a68214d5d9f2ea9a20e3d877f9be8d94bfb36f01dc9c38bcc3a708

        SHA512

        65a6babc7f57bf139d61c4834abc8d6d23a4969b1086a86a8e250d783304838225a32301b4166bc1dcd23086a66d514e1ee316ce25d504f85c03d2a7713d50de

        Download Submit
      • memory/2072-1779-0x000007FEF68D0000-0x000007FEF6A1A000-memory.dmp
        Filesize

        1.3MB

        Download
      • memory/2072-1780-0x0000000000680000-0x00000000006A3000-memory.dmp
        Filesize

        140KB

        Download