3e412415534fe225cdff7d62e3f6aed4a060e83b18b2d139e3201886d6fa37f3

Analysis

max time kernel
149s
max time network
145s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
19/02/2024, 10:12

Target

PO-65547.js
Size

852KB
MD5

5856355b838c7c8039c95d21fd8be3d9
SHA1

687dc393de59093151ae382c2cb05e8e1150b184
SHA256

3e412415534fe225cdff7d62e3f6aed4a060e83b18b2d139e3201886d6fa37f3
SHA512

1ffcc827b78cb6d770ead4a7d2c3dca7d5180a7d8350df8a6413a6ac49e19ca474486b64263b1b1a66542cbd72c490f45a309988e7695e1c32163aa3c99276f4
SSDEEP

6144:XQcSb+aGaK03qUext3Rrr3O0y4lGAnEBXU5GDHnA1X2oY8NJAhiVjYZb2L/F1j8j:gH

Score

3^/10

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2172 wrote to memory of 2516	2172	wscript.exe	28
PID 2172 wrote to memory of 2516	2172	wscript.exe	28
PID 2172 wrote to memory of 2516	2172	wscript.exe	28

C:\Windows\system32\wscript.exe
wscript.exe C:\Users\Admin\AppData\Local\Temp\PO-65547.js
1⤵
- Suspicious use of WriteProcessMemory
PID:2172
- C:\Program Files\Java\jre7\bin\javaw.exe
  "C:\Program Files\Java\jre7\bin\javaw.exe" -jar "C:\Users\Admin\AppData\Roaming\hnxlqdigoc.txt"
  2⤵
  PID:2516

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

C:\Users\Admin\AppData\Roaming\hnxlqdigoc.txt

Filesize
92KB

MD5
878180ed3a5baf3352b3ea3d92a3c52b

SHA1
144a9b7b6d8309b44f9631156fa1ff4381204943

SHA256
1bf26c165f67d151302623a90f09cf3835d9cba760253729429728238b865aee

SHA512
ac31f13f7bcc4597c3d886bb78649db621ca36152365284e87eb29e6dbd7991a14e8be9450e500dae71938c88fb375cb1d9aa9748a39b5c4a30b2f33c06bed66

Download Submit
memory/2516-5-0x0000000002260000-0x0000000005260000-memory.dmp

Filesize
48.0MB

Download
memory/2516-12-0x0000000000110000-0x0000000000111000-memory.dmp

Filesize
4KB

Download
memory/2516-13-0x0000000000110000-0x0000000000111000-memory.dmp

Filesize
4KB

Download
memory/2516-26-0x0000000000110000-0x0000000000111000-memory.dmp

Filesize
4KB

Download
memory/2516-27-0x0000000000110000-0x0000000000111000-memory.dmp

Filesize
4KB

Download
memory/2516-41-0x0000000002260000-0x0000000005260000-memory.dmp

Filesize
48.0MB

Download
memory/2516-42-0x0000000000110000-0x0000000000111000-memory.dmp

Filesize
4KB

Download