Analysis
-
max time kernel
4s -
max time network
0s -
platform
windows7_x64 -
resource
win7-20240215-en -
resource tags
arch:x64arch:x86image:win7-20240215-enlocale:en-usos:windows7-x64system -
submitted
14-03-2024 12:51
Static task
static1
Behavioral task
behavioral1
Sample
sonveastrit.js
Resource
win7-20240215-en
Behavioral task
behavioral2
Sample
sonveastrit.js
Resource
win10v2004-20240226-en
General
-
Target
sonveastrit.js
-
Size
15KB
-
MD5
517affe6e5fe79afcf4f49cb46d8a3cc
-
SHA1
bb44562c59f77c63c1fa1fa28ba67d064eed2ad0
-
SHA256
8c169aa9c23673c84cbea07e7ef8fdd7f2458856f8dfcdb5c1723e9a20a79b0d
-
SHA512
81bb3f498baf5c012173a0dedd7981ed4747649f8dd010f4fa8d2f2b75ea574e337dd0306a7546307455bc02f0599f959e85ff041d8fbb7a42f5660a1f05f473
-
SSDEEP
384:j1pkU3o9kMw9bLSXfm96YPnA3AQzkkBRBYOC72lN:Ef9sLvAzxh
Malware Config
Signatures
-
Deletes itself 1 IoCs
pid Process 2700 wscript.exe -
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 2700 wrote to memory of 2636 2700 wscript.exe 28 PID 2700 wrote to memory of 2636 2700 wscript.exe 28 PID 2700 wrote to memory of 2636 2700 wscript.exe 28
Processes
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
207B
MD55e2ca42b6e1114d6001ca0dcc06b3592
SHA1537278094a481b3f385b6e47edaf655b78aff66c
SHA2569f3c8ebd8cd0f9c1e22317caf6de64ce5eb97949ed71bd80ac604d68bd902ee1
SHA5120130f9a683a122b671fb9126fb2d498787f674ecfb4dcfb467a7e2b24f4917cf7a590aa56c028b16fdbe33efe774680fa93b17ca20a55e4102498d6dc8a3b668