Analysis
-
max time kernel
315s -
max time network
316s -
platform
windows7_x64 -
resource
win7-20240221-en -
resource tags
-
submitted
24-04-2024 02:54
General
-
Target
sumsj.js
-
Size
12.9MB
-
MD5
413da71d07370c4579943cc5dfb074e3
-
SHA1
cdb7f3c1d61c9c61b61a835a17f4b79402199e05
-
SHA256
ce02817c1a10ba1f49a139db19394fe67b5a1b2485c866d92cc26ef361e0a9d6
-
SHA512
afbf8142ced6f01a05b4eb34a5845e73a8be356555ab686e4fc3291a6b93838f989ac25e2009ffe08bb46ae36a05ab0231d95f64bb741c7d6438483f2778fe58
-
SSDEEP
49152:C7BfzjCxbqqHlp4rHfN0MNhzoNszsYzYBgE5+85R33uK/zp+GiR93quKLagucEP6:H
Malware Config
Signatures
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Suspicious behavior: EnumeratesProcesses 1 IoCs
-
Suspicious use of AdjustPrivilegeToken 1 IoCs
-
Suspicious use of WriteProcessMemory 9 IoCs
-
Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
Processes
-
C:\Windows\system32\wscript.exewscript.exe C:\Users\Admin\AppData\Local\Temp\sumsj.js1⤵
-
C:\Windows\system32\taskeng.exetaskeng.exe {76A8622A-6293-47DD-BE5F-F4C1E2842013} S-1-5-21-2297530677-1229052932-2803917579-1000:HKULBIBU\Admin:Interactive:[1]1⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\system32\wscript.EXEC:\Windows\system32\wscript.EXE TECHNI~1.JS2⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\System32\cscript.exe"C:\Windows\System32\cscript.exe" "TECHNI~1.JS"3⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exepowershell4⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
Network
MITRE ATT&CK Matrix ATT&CK v13
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\Roaming\Media Center Programs\TECHNI~1.JSFilesize
40.8MB
MD583d7a72932c113d8e1dfae1189b91a1e
SHA116aa3470e88284aa470c5385382b212d3d2241ea
SHA2561cadd1359d386dea78dba195ae4e5c37875fc1fa1f37719ad3b5afe2a9a1a9e1
SHA5121f3af1b65715d93a23660f6b4b3baf4792bfc842c1091910504775b8291d20f681ed80106325dc410a45e26101cb036f3435e843dcd703b30ae33aa190a5a8ba
-
memory/2476-7-0x000007FEF5A30000-0x000007FEF63CD000-memory.dmpFilesize
9.6MB
-
memory/2476-8-0x0000000002A00000-0x0000000002A80000-memory.dmpFilesize
512KB
-
memory/2476-9-0x000000001B690000-0x000000001B972000-memory.dmpFilesize
2.9MB
-
memory/2476-10-0x0000000002A00000-0x0000000002A80000-memory.dmpFilesize
512KB
-
memory/2476-11-0x0000000001DF0000-0x0000000001DF8000-memory.dmpFilesize
32KB
-
memory/2476-12-0x0000000002A00000-0x0000000002A80000-memory.dmpFilesize
512KB
-
memory/2476-13-0x000007FEF5A30000-0x000007FEF63CD000-memory.dmpFilesize
9.6MB
-
memory/2476-14-0x0000000002A00000-0x0000000002A80000-memory.dmpFilesize
512KB
-
memory/2476-15-0x0000000002A00000-0x0000000002A80000-memory.dmpFilesize
512KB