Analysis
-
max time kernel
300s -
max time network
301s -
platform
windows10-2004_x64 -
resource
win10v2004-20240419-en -
resource tags
arch:x64arch:x86image:win10v2004-20240419-enlocale:en-usos:windows10-2004-x64system -
submitted
26-04-2024 17:08
Static task
static1
Behavioral task
behavioral1
Sample
Document_e31_92y951666-82a25718d3602-7076a5.js
Resource
win10-20240404-en
windows10-1703-x64
Behavioral task
behavioral2
Sample
Document_e31_92y951666-82a25718d3602-7076a5.js
Resource
win7-20240215-en
windows7-x64
Behavioral task
behavioral3
Sample
Document_e31_92y951666-82a25718d3602-7076a5.js
Resource
win10v2004-20240419-en
windows10-2004-x64
General
-
Target
Document_e31_92y951666-82a25718d3602-7076a5.js
-
Size
467KB
-
MD5
57847455932cb39bde4eb69fa0b802a2
-
SHA1
5487caab411c7205f7f67250e29730c315a4f22d
-
SHA256
da305ed28c974ac82afc57ae365e9955b3237cde4659fb1922de4e72ed42f2b7
-
SHA512
9815795bf9d03ec716afade344a9ca73c966bc4d0c964d88c9596f450ce7f9c911886d92d1475538d8681f6b1fa8244facbc71e1b4ec16a93a45511240d10f8c
-
SSDEEP
6144:hMREJkNl+RKvE9pJDS905tB8mH/4nZsJVyk8GgScwHwXBrG9m6dJuKSs+1txzEHH:ai25vElrtmmfCky2n4qdYi+5z8Rvl
Malware Config
Signatures
-
Blocklisted process makes network request 1 IoCs
flow pid Process 11 768 msiexec.exe -
Suspicious use of AdjustPrivilegeToken 32 IoCs
description pid Process Token: SeShutdownPrivilege 4420 wscript.exe Token: SeIncreaseQuotaPrivilege 4420 wscript.exe Token: SeSecurityPrivilege 768 msiexec.exe Token: SeCreateTokenPrivilege 4420 wscript.exe Token: SeAssignPrimaryTokenPrivilege 4420 wscript.exe Token: SeLockMemoryPrivilege 4420 wscript.exe Token: SeIncreaseQuotaPrivilege 4420 wscript.exe Token: SeMachineAccountPrivilege 4420 wscript.exe Token: SeTcbPrivilege 4420 wscript.exe Token: SeSecurityPrivilege 4420 wscript.exe Token: SeTakeOwnershipPrivilege 4420 wscript.exe Token: SeLoadDriverPrivilege 4420 wscript.exe Token: SeSystemProfilePrivilege 4420 wscript.exe Token: SeSystemtimePrivilege 4420 wscript.exe Token: SeProfSingleProcessPrivilege 4420 wscript.exe Token: SeIncBasePriorityPrivilege 4420 wscript.exe Token: SeCreatePagefilePrivilege 4420 wscript.exe Token: SeCreatePermanentPrivilege 4420 wscript.exe Token: SeBackupPrivilege 4420 wscript.exe Token: SeRestorePrivilege 4420 wscript.exe Token: SeShutdownPrivilege 4420 wscript.exe Token: SeDebugPrivilege 4420 wscript.exe Token: SeAuditPrivilege 4420 wscript.exe Token: SeSystemEnvironmentPrivilege 4420 wscript.exe Token: SeChangeNotifyPrivilege 4420 wscript.exe Token: SeRemoteShutdownPrivilege 4420 wscript.exe Token: SeUndockPrivilege 4420 wscript.exe Token: SeSyncAgentPrivilege 4420 wscript.exe Token: SeEnableDelegationPrivilege 4420 wscript.exe Token: SeManageVolumePrivilege 4420 wscript.exe Token: SeImpersonatePrivilege 4420 wscript.exe Token: SeCreateGlobalPrivilege 4420 wscript.exe
Processes
-
C:\Windows\system32\wscript.exewscript.exe C:\Users\Admin\AppData\Local\Temp\Document_e31_92y951666-82a25718d3602-7076a5.js1⤵
- Suspicious use of AdjustPrivilegeToken
PID:4420
-
C:\Windows\system32\msiexec.exeC:\Windows\system32\msiexec.exe /V1⤵
- Blocklisted process makes network request
- Suspicious use of AdjustPrivilegeToken
PID:768