Resubmissions

14-03-2024 12:52

240314-p38qwacd8v 10

14-03-2024 12:51

240314-p3p9jacd7w 7

Analysis

  • max time kernel
    4s
  • max time network
    0s
  • platform
    windows7_x64
  • resource
    win7-20240215-en
  • resource tags

    arch:x64arch:x86image:win7-20240215-enlocale:en-usos:windows7-x64system
  • submitted
    14-03-2024 12:51

General

  • Target

    sonveastrit.js

  • Size

    15KB

  • MD5

    517affe6e5fe79afcf4f49cb46d8a3cc

  • SHA1

    bb44562c59f77c63c1fa1fa28ba67d064eed2ad0

  • SHA256

    8c169aa9c23673c84cbea07e7ef8fdd7f2458856f8dfcdb5c1723e9a20a79b0d

  • SHA512

    81bb3f498baf5c012173a0dedd7981ed4747649f8dd010f4fa8d2f2b75ea574e337dd0306a7546307455bc02f0599f959e85ff041d8fbb7a42f5660a1f05f473

  • SSDEEP

    384:j1pkU3o9kMw9bLSXfm96YPnA3AQzkkBRBYOC72lN:Ef9sLvAzxh

Score
7/10

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Windows\system32\wscript.exe
    wscript.exe C:\Users\Admin\AppData\Local\Temp\sonveastrit.js
    1⤵
    • Deletes itself
    • Suspicious use of WriteProcessMemory
    PID:2700
    • C:\Windows\system32\cmd.exe
      cmd /c ""C:\Users\Admin\AppData\Local\howeathermsych.sonapitheip.bat" "
      2⤵
        PID:2636

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\Local\howeathermsych.sonapitheip.bat

      Filesize

      207B

      MD5

      5e2ca42b6e1114d6001ca0dcc06b3592

      SHA1

      537278094a481b3f385b6e47edaf655b78aff66c

      SHA256

      9f3c8ebd8cd0f9c1e22317caf6de64ce5eb97949ed71bd80ac604d68bd902ee1

      SHA512

      0130f9a683a122b671fb9126fb2d498787f674ecfb4dcfb467a7e2b24f4917cf7a590aa56c028b16fdbe33efe774680fa93b17ca20a55e4102498d6dc8a3b668

    We care about your privacy.

    This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.