0d979dd79f5762ab28549e6b3b85c5639115dbbddf1f6c71f7d9991930b66e59 | Triage

Analysis

max time kernel
117s
max time network
121s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
10/04/2024, 20:38

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

file.js
Size

29KB
MD5

6e1c83549b4f7533dc34bcf6e71646cf
SHA1

9941c67a69ceba8001e72781dbd368d5fa3f68d1
SHA256

0d979dd79f5762ab28549e6b3b85c5639115dbbddf1f6c71f7d9991930b66e59
SHA512

3dacb9ac70239ed1fa9e0337c0fd6ad29ba4923341ae9a6a04859ea3db6a31e6ff4b3d3c6778d8cd3c869abe5e5280674faad3a508f987b5536a3d107bc43ae3
SSDEEP

384:KYTsIvgKZXqUzqKqDLQInJeGWB5Bl2PQUe+v4/BF0+iawQGmfz9KGrF:VgIvrXe9eBHBgYv+v4Z2+fFGmfz9J

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 6 IoCs

description	pid	Process	procid_target
PID 2888 wrote to memory of 2884	2888	cmd.exe	30
PID 2888 wrote to memory of 2884	2888	cmd.exe	30
PID 2888 wrote to memory of 2884	2888	cmd.exe	30
PID 2888 wrote to memory of 2828	2888	cmd.exe	31
PID 2888 wrote to memory of 2828	2888	cmd.exe	31
PID 2888 wrote to memory of 2828	2888	cmd.exe	31

C:\Windows\system32\wscript.exe
wscript.exe C:\Users\Admin\AppData\Local\Temp\file.js
1⤵
PID:2208

C:\Windows\system32\cmd.exe
"C:\Windows\system32\cmd.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2888
- C:\Windows\system32\cscript.exe
  cscript file.js
  2⤵
  PID:2884
- C:\Windows\system32\mshta.exe
  mshta file.js
  2⤵
  PID:2828

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads