Overview

overview

7

Static

static

1

1859443221...008.js

windows7-x64

7

1859443221...008.js

windows10-2004-x64

7

Analysis

  • max time kernel
    149s
  • max time network
    151s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240226-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
  • submitted
    08/03/2024, 09:07

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    1859443221203720008.js

  • Size

    1.3MB

  • MD5

    fa9fe937a01a4d7b1aa82033b11ba0ad

  • SHA1

    b32f3ad5b40e42ac7194987afd21fbf7188afb21

  • SHA256

    3e68fa9ec9de4345e1d2d9937acd1bbf4695a035fe950640a558490bbf8a2ad6

  • SHA512

    e98c4d25024bcddc33c128b8d7fc352f49b165118d416614e4c9bd094cf01766e4176052df8b6830ab866f73c61e197780a8a3e45584740a1a38814a03a340ac

  • SSDEEP

    24576:nkYkWHsvb/dmmrH3yUmXHjJ7Pfv4lhZ9UzZ1Xs:CdVXqjFGVCZ1Xs

Score
7/10

Malware Config

Signatures

  • Checks computer location settings 2 TTPs 1 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE 1 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious use of WriteProcessMemory 10 IoCs

Processes

  • C:\Windows\system32\wscript.exe
    wscript.exe C:\Users\Admin\AppData\Local\Temp\1859443221203720008.js
    1⤵
    • Checks computer location settings
    • Suspicious use of WriteProcessMemory
    PID:4192
    • C:\Windows\System32\cmd.exe
      "C:\Windows\System32\cmd.exe" /k copy "C:\Users\Admin\AppData\Local\Temp\1859443221203720008.js" "C:\Users\Admin\\discreetarm.bat" && "C:\Users\Admin\\discreetarm.bat"
      2⤵
      • Suspicious use of WriteProcessMemory
      PID:2188
      • C:\Windows\system32\findstr.exe
        findstr /V sillygeneral ""C:\Users\Admin\\discreetarm.bat""
        3⤵
          PID:3112
        • C:\Windows\system32\certutil.exe
          certutil -f -decode brokenexpert fitfilthy.exe
          3⤵
            PID:2148
          • C:\Windows\system32\cmd.exe
            cmd /C fitfilthy.exe
            3⤵
            • Suspicious use of WriteProcessMemory
            PID:324
            • C:\Users\Admin\fitfilthy.exe
              fitfilthy.exe
              4⤵
              • Executes dropped EXE
              PID:2928

      Network

      MITRE ATT&CK Enterprise v15

      Replay Monitor

      Loading Replay Monitor...

      Downloads

      • C:\Users\Admin\brokenexpert
        Filesize

        1.2MB

        MD5

        3272048bb173814eee926ddfac2a1039

        SHA1

        d5d363c564c50c2c427e12dea54352a2f561f536

        SHA256

        c559589990050a5ef29eb754cda4f6425a5a0695dbbada076873ed7f7efe9dc2

        SHA512

        db13595ac96cc4e61eda7fe511f4afd47c4065cd8b764569b65e57f3ac4a10f36cb7a7520c1b8f9a23f71aa8458c49c1e4f2d589c08e7699319c3d5de7e2734e

        Download Submit

      • C:\Users\Admin\discreetarm.bat
        Filesize

        1.3MB

        MD5

        fa9fe937a01a4d7b1aa82033b11ba0ad

        SHA1

        b32f3ad5b40e42ac7194987afd21fbf7188afb21

        SHA256

        3e68fa9ec9de4345e1d2d9937acd1bbf4695a035fe950640a558490bbf8a2ad6

        SHA512

        e98c4d25024bcddc33c128b8d7fc352f49b165118d416614e4c9bd094cf01766e4176052df8b6830ab866f73c61e197780a8a3e45584740a1a38814a03a340ac

        Download Submit

      • C:\Users\Admin\fitfilthy.exe
        Filesize

        902KB

        MD5

        e9e8524f7bcd6868f4d70608c1d24a47

        SHA1

        bca63ab961bde4eed964fb0487039746b03d855c

        SHA256

        daaee94c612d856c11114d80ef9c3fae259548b3977797269b0dd01c22a9d2c3

        SHA512

        9037f267e1e095869a456247e65e91bf80aadd79129e470a35c97427a9ad5200e008d89eeefb263db54bf3d7a2d03265045ca1222648e6ab675f7c85603aff0e

        Download Submit

      • memory/2928-266-0x00007FF65B420000-0x00007FF65B509000-memory.dmp

        Filesize

        932KB

        Download

      • memory/2928-265-0x000001E0CD000000-0x000001E0CD022000-memory.dmp

        Filesize

        136KB

        Download

      • memory/2928-267-0x000001E0CD000000-0x000001E0CD022000-memory.dmp

        Filesize

        136KB

        Download