Resubmissions

11/04/2024, 06:06 UTC

240411-gt1pxagh4y 7

11/04/2024, 05:53 UTC

240411-gllk1sdg28 7

11/04/2024, 05:51 UTC

240411-gj89asgf81 7

11/04/2024, 05:48 UTC

240411-ghl3dadf69 7

11/04/2024, 05:44 UTC

240411-gfgpwagf3y 7

11/04/2024, 05:39 UTC

240411-gcnn1sde52 7

Analysis

  • max time kernel
    455s
  • max time network
    459s
  • platform
    windows11-21h2_x64
  • resource
    win11-20240221-en
  • resource tags

    arch:x64arch:x86image:win11-20240221-enlocale:en-usos:windows11-21h2-x64system
  • submitted
    11/04/2024, 06:06 UTC

General

  • Target

    $PLUGINSDIR/app/js/windows/progress/progress-1-controller.js

  • Size

    1KB

  • MD5

    82f0b997ed552c52a510a9f2ab29dc3a

  • SHA1

    92aec3a656053c71eccdde610130f5d8008fa96f

  • SHA256

    838bab990ce38372dfedb50eb0a270db705811729630ab8557c08bd1e9e8e105

  • SHA512

    ecf67f877002d746eff8af3a50155aa381513ddafd17b6bff0188c85f0765579fea0112e82e1371f962b1f5decc94b65e6120f21fb516533dac35a2d541065bf

Score
1/10

Malware Config

Signatures

Processes

  • C:\Windows\system32\wscript.exe
    wscript.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\app\js\windows\progress\progress-1-controller.js
    1⤵
      PID:3584

    Network

    • flag-us
      DNS
      30.243.111.52.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      30.243.111.52.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      85.65.42.20.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      85.65.42.20.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      ocsp.digicert.com
      Remote address:
      8.8.8.8:53
      Request
      ocsp.digicert.com
      IN A
      Response
      ocsp.digicert.com
      IN CNAME
      ocsp.edge.digicert.com
      ocsp.edge.digicert.com
      IN CNAME
      fp2e7a.wpc.2be4.phicdn.net
      fp2e7a.wpc.2be4.phicdn.net
      IN CNAME
      fp2e7a.wpc.phicdn.net
      fp2e7a.wpc.phicdn.net
      IN A
      192.229.221.95
    • flag-us
      DNS
      ctldl.windowsupdate.com
      Remote address:
      8.8.8.8:53
      Request
      ctldl.windowsupdate.com
      IN A
      Response
      ctldl.windowsupdate.com
      IN CNAME
      wu-bg-shim.trafficmanager.net
      wu-bg-shim.trafficmanager.net
      IN CNAME
      download.windowsupdate.com.edgesuite.net
      download.windowsupdate.com.edgesuite.net
      IN CNAME
      a767.dspw65.akamai.net
      a767.dspw65.akamai.net
      IN A
      2.17.197.240
      a767.dspw65.akamai.net
      IN A
      2.17.197.249
    No results found
    • 8.8.8.8:53
      30.243.111.52.in-addr.arpa
      dns
      274 B
      710 B
      4
      4

      DNS Request

      30.243.111.52.in-addr.arpa

      DNS Request

      85.65.42.20.in-addr.arpa

      DNS Request

      ocsp.digicert.com

      DNS Response

      192.229.221.95

      DNS Request

      ctldl.windowsupdate.com

      DNS Response

      2.17.197.240
      2.17.197.249

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    We care about your privacy.

    This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.