8201770ffc9d1b1c6b13b9a802e752083e5883e6df442cafa59fa435911756f4

Analysis

max time kernel
121s
max time network
124s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
10-04-2024 01:08

Target

1de0458822ac2ce81c11a64fa8c4eb90d6b9173c10eb89d4dedbecaaf566b1a6.js
Size

6.4MB
MD5

2f1426a46741e36e43119d069a8e85d8
SHA1

5b7aa81bd3fbd37aa3e9b1c4b9fec9b67435a7d3
SHA256

1de0458822ac2ce81c11a64fa8c4eb90d6b9173c10eb89d4dedbecaaf566b1a6
SHA512

8674b5779540e9d1c478348f0403609e5ceecc594490f39fa6bdf9478b05b37be90417db0ad49a001228199b13a236a4fc4c5292d4e17123a3017b51e44726b4
SSDEEP

49152:B7V7zjCxbzqHlp4LhyN0kghDzLZzjYzYsmCW+8z2V35//9SGGqHm3quVIKXgxcEm:C

Score

8^/10

Blocklisted process makes network request 2 IoCs

flow	pid	Process
3	272	wscript.exe
4	272	wscript.exe

Looks up external IP address via web service 2 IoCs

Uses a legitimate IP lookup service to find the infected system's external IP.

flow	ioc
2	ipinfo.io
3	ipinfo.io

C:\Windows\system32\wscript.exe
wscript.exe C:\Users\Admin\AppData\Local\Temp\1de0458822ac2ce81c11a64fa8c4eb90d6b9173c10eb89d4dedbecaaf566b1a6.js
1⤵
- Blocklisted process makes network request
PID:272