1de0458822ac2ce81c11a64fa8c4eb90d6b9173c10eb89d4dedbecaaf566b1a6 | Triage

Analysis

max time kernel
118s
max time network
120s
platform
windows7_x64
resource
win7-20231129-en
resource tags

arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
submitted
08-04-2024 16:00

Sharing

Report Analysis Logs

General

Target

Update_123.0.6312.js
Size

6.4MB
MD5

2f1426a46741e36e43119d069a8e85d8
SHA1

5b7aa81bd3fbd37aa3e9b1c4b9fec9b67435a7d3
SHA256

1de0458822ac2ce81c11a64fa8c4eb90d6b9173c10eb89d4dedbecaaf566b1a6
SHA512

8674b5779540e9d1c478348f0403609e5ceecc594490f39fa6bdf9478b05b37be90417db0ad49a001228199b13a236a4fc4c5292d4e17123a3017b51e44726b4
SSDEEP

49152:B7V7zjCxbzqHlp4LhyN0kghDzLZzjYzYsmCW+8z2V35//9SGGqHm3quVIKXgxcEm:C

Score

8^/10

Malware Config

Signatures

Blocklisted process makes network request 2 IoCs

flow	pid	Process
3	1752	wscript.exe
4	1752	wscript.exe

Looks up external IP address via web service 2 IoCs

Uses a legitimate IP lookup service to find the infected system's external IP.

flow	ioc
3	ipinfo.io
2	ipinfo.io

C:\Windows\system32\wscript.exe
wscript.exe C:\Users\Admin\AppData\Local\Temp\Update_123.0.6312.js
1⤵
- Blocklisted process makes network request
PID:1752

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads