Overview

overview

3

Static

static

1

0x001b0000...2-2.js

windows10-1703-x64

3

0x001b0000...2-2.js

windows11-21h2-x64

3

Analysis

  • max time kernel
    195s
  • max time network
    197s
  • platform
    windows10-1703_x64
  • resource
    win10-20240404-en
  • resource tags

    arch:x64arch:x86image:win10-20240404-enlocale:en-usos:windows10-1703-x64system
  • submitted
    29/04/2024, 08:51

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    0x001b00000002ab02-2.js

  • Size

    45.9MB

  • MD5

    cc7698e15d6167c769179239863e606f

  • SHA1

    17851cef3252ac0d95de3bfe521d645ce9702aa9

  • SHA256

    6be3781619ebfef2d146f2b1d38d54791c80bfce8727f27e649de3c79bca7a8e

  • SHA512

    bab64528edf8aa94abc0c4162ec69e92c413a5d9aa6637102f45156699137b4fec665685c2c46a2852949fcdf19a15db270ae06f0addfb56ae36a98b25805cc5

  • SSDEEP

    12288:tEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEc:K

Score
3/10

Malware Config

Signatures

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious behavior: EnumeratesProcesses 21 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Windows\system32\wscript.exe
    wscript.exe C:\Users\Admin\AppData\Local\Temp\0x001b00000002ab02-2.js
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:3652
    • C:\Windows\System32\cscript.exe
      "C:\Windows\System32\cscript.exe" "0x001b00000002ab02-2.js"
      2⤵
      • Suspicious use of WriteProcessMemory
      PID:520
      • C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
        powershell
        3⤵
        • Suspicious behavior: EnumeratesProcesses
        • Suspicious use of AdjustPrivilegeToken
        PID:1348
  • C:\Windows\System32\rundll32.exe
    C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
    1⤵
      PID:4264

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_rr5foorb.wvq.ps1
      Filesize

      1B

      MD5

      c4ca4238a0b923820dcc509a6f75849b

      SHA1

      356a192b7913b04c54574d18c28d46e6395428ab

      SHA256

      6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b

      SHA512

      4dff4ea340f0a823f15d3f4f01ab62eae0e5da579ccb851f8db9dfe84c58b2b37b89903a740e1ee172da793a6e79d560e5f7f9bd058a12a280433ed6fa46510a

      Download Submit

    • memory/1348-4-0x00007FFFC02DB000-0x00007FFFC02DF000-memory.dmp

      Filesize

      16KB

      Download

    • memory/1348-5-0x00000207F5D90000-0x00000207F5DB2000-memory.dmp

      Filesize

      136KB

      Download

    • memory/1348-32-0x00000207F5E10000-0x00000207F5E4C000-memory.dmp

      Filesize

      240KB

      Download

    • memory/1348-43-0x00000207F65B0000-0x00000207F6626000-memory.dmp

      Filesize

      472KB

      Download