7521672451a0885415f8e1649185a4e44636fb6c018a07ec77ac296a4c0c6242

Analysis

max time kernel
131s
max time network
123s
platform
windows10-2004_x64
resource
win10v2004-20240419-en
resource tags

arch:x64arch:x86image:win10v2004-20240419-enlocale:en-usos:windows10-2004-x64system
submitted
05-05-2024 01:33

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

T-91044482-04242019.js
Size

26KB
MD5

dc325decfb873739d6c09055b09fc043
SHA1

50dfe46b30f8dee35bc6f1285138e3dd631165ee
SHA256

f9a3d8d2568059bff0da6d27fe8d474fa8dc1c0f97c24433f2fd9caed3594b0f
SHA512

3a468cb4ad8ebc69cd53891868949856bd5877b72191bcc500b097bd2e090ee326ca8ef82b6f0d69f9296ab79091c57788d09f905f9b8eefd87a34af3aad341f
SSDEEP

768:/mpSpUgP3uPJSNRAyMLNhRKl0TSGkFDbLKXyAXStfwzrR2nr2IT1JRT2xML1i7GS:OpSpUgP3kSNJMLAqqo

Score

8^/10

execution

Malware Config

Signatures

Blocklisted process makes network request 14 IoCs

Processes:

wscript.exe

flow	pid	process
4	2356	wscript.exe
5	2356	wscript.exe
7	2356	wscript.exe
10	2356	wscript.exe
12	2356	wscript.exe
37	2356	wscript.exe
39	2356	wscript.exe
48	2356	wscript.exe
50	2356	wscript.exe
51	2356	wscript.exe
52	2356	wscript.exe
69	2356	wscript.exe
71	2356	wscript.exe
72	2356	wscript.exe

Checks computer location settings 2 TTPs 1 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

Processes:

wscript.exe

description	ioc	process
Key value queried	\REGISTRY\USER\S-1-5-21-2818691465-3043947619-2475182763-1000\Control Panel\International\Geo\Nation	wscript.exe

Command and Scripting Interpreter: JavaScript 1 TTPs
execution

JavaScript
T1059.007
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

C:\Windows\system32\wscript.exe
wscript.exe C:\Users\Admin\AppData\Local\Temp\T-91044482-04242019.js
1⤵
- Blocklisted process makes network request
- Checks computer location settings
PID:2356

Network

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Command and Scripting Interpreter

T1059

JavaScript

T1059.007

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\pdrgg9au7.exe
Filesize
61KB

MD5
14d909c5c5f9412fb99e0c196dad1c94

SHA1
8b1c983d429bca887a65f1e7582f4f4d63fe2500

SHA256
28f94b03dc8af2cf636e008f2c00c5554fe3c649b6e85e6d794ff710a5fa7e33

SHA512
e78f5eb65bae017cf603e6b5030c496f85b70fcdfb8a56e9296ce4c23c46bc5f2283dd93b6432a50834a30d7c788b2f99c5f872112c3427bd22759857e91ec57

Download Submit