f4267ec696cf9223569ebbb27617e04641eab296a81b919c923a54288342a34c

Analysis

max time kernel
147s
max time network
148s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
08-05-2024 17:56

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

INS-386779.js
Size

460KB
MD5

c24358be43368c8197bc1d25f3ba421e
SHA1

b97e6fcbfccedbf673f0126caa24e1665a50dec8
SHA256

f4267ec696cf9223569ebbb27617e04641eab296a81b919c923a54288342a34c
SHA512

0d2ec59968d8169f7efb6d31551a101460bdbe8bfb8d0ac67e0a0b2841910032fabc9b824a7b7e9bc17317b12df751bf5197085b65f7d229af3a331ac982b8d7
SSDEEP

6144:Dk5b3RksMXWmzWRqpAOcGB3DRC+xpleNKkJJ2lj7j+viVd7Wbs9HLsT5UQ5TsBzr:kCyROcGVsJH6ljfpTHzzksf

Score

3^/10

execution

Malware Config

Signatures

Command and Scripting Interpreter: JavaScript 1 TTPs
execution

JavaScript
T1059.007
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious use of WriteProcessMemory 9 IoCs

description	pid	Process	procid_target
PID 1924 wrote to memory of 2332	1924	wscript.exe	28
PID 1924 wrote to memory of 2332	1924	wscript.exe	28
PID 1924 wrote to memory of 2332	1924	wscript.exe	28
PID 2332 wrote to memory of 2780	2332	javaw.exe	29
PID 2332 wrote to memory of 2780	2332	javaw.exe	29
PID 2332 wrote to memory of 2780	2332	javaw.exe	29
PID 2780 wrote to memory of 2368	2780	wscript.exe	30
PID 2780 wrote to memory of 2368	2780	wscript.exe	30
PID 2780 wrote to memory of 2368	2780	wscript.exe	30

C:\Windows\system32\wscript.exe
wscript.exe C:\Users\Admin\AppData\Local\Temp\INS-386779.js
1⤵
- Suspicious use of WriteProcessMemory
PID:1924
- C:\Program Files\Java\jre7\bin\javaw.exe
  "C:\Program Files\Java\jre7\bin\javaw.exe" -jar "C:\Users\Admin\AppData\Roaming\vhjfzhsmwo.txt"
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:2332
- - C:\Windows\system32\wscript.exe
    wscript C:\Users\Admin\pnjtiaccyf.js
    3⤵
    - Suspicious use of WriteProcessMemory
    PID:2780
  - - C:\Program Files\Java\jre7\bin\javaw.exe
      "C:\Program Files\Java\jre7\bin\javaw.exe" -jar "C:\Users\Admin\AppData\Roaming\ibmgvpyzj.txt"
      4⤵
      PID:2368

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

T1059

JavaScript

T1059.007

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Roaming\ibmgvpyzj.txt

Filesize
164KB

MD5
263238ba3312613146a92ecfad5f5abb

SHA1
57d076f1deb30314bdef4d7e4795068957c8c0d0

SHA256
4a464631cf3f7f3261f79fc443dd63d0d205806077e33e9ea1477134d2f7c723

SHA512
baaa069e01cf004eec72569fb49312dcf2b1bdac304b6c2e003a926f052c71708e2e704a14e81fbdaabbb01067c61f295bca1c97dfd2fef8ebc2b055eb12f9c4

Download Submit
C:\Users\Admin\AppData\Roaming\vhjfzhsmwo.txt

Filesize
219KB

MD5
dc460eff6b011dad319db62115365f3a

SHA1
112909f254ae16361a6f3dfe757f45896fa8f522

SHA256
8d1f7af142e64bcc42117302ce5c20a1e8cce37485f5f8948f006924498cd997

SHA512
d8ed4c60a35a8be32cd391c4c356f53bedbb2f59b20061f01a0aa751091fcb367799ffab266ad9ca33ef677fe12d30811991b4641c4519aeea073a095cc74d18

Download Submit
C:\Users\Admin\pnjtiaccyf.js

Filesize
347KB

MD5
4ab0c7385d9202a8aed07e0086d83711

SHA1
987d7102a8585fde7412554732d7974159e007fa

SHA256
5eb64fbe30ab5c8d68fd358f31f9f3cf9c2cb52032a1736a4b327a3d02d8bd0a

SHA512
c53ffb22e9dba04607c6648c4b6dd3195eaedbf73ce6b0f065aa116db1e6188b5096b53f281e02486e0b0f8f7e407870c050465902566f4701ce511ed4631682

Download Submit
memory/2332-4-0x00000000026F0000-0x0000000002960000-memory.dmp

Filesize
2.4MB

Download
memory/2332-14-0x0000000000130000-0x0000000000131000-memory.dmp

Filesize
4KB

Download
memory/2332-16-0x00000000026F0000-0x0000000002960000-memory.dmp

Filesize
2.4MB

Download
memory/2368-36-0x0000000000240000-0x0000000000241000-memory.dmp

Filesize
4KB

Download
memory/2368-29-0x0000000000240000-0x0000000000241000-memory.dmp

Filesize
4KB

Download
memory/2368-21-0x0000000002460000-0x00000000026D0000-memory.dmp

Filesize
2.4MB

Download
memory/2368-37-0x0000000000240000-0x0000000000241000-memory.dmp

Filesize
4KB

Download
memory/2368-45-0x0000000000240000-0x0000000000241000-memory.dmp

Filesize
4KB

Download
memory/2368-46-0x0000000000240000-0x0000000000241000-memory.dmp

Filesize
4KB

Download
memory/2368-51-0x0000000000240000-0x0000000000241000-memory.dmp

Filesize
4KB

Download
memory/2368-54-0x0000000000240000-0x0000000000241000-memory.dmp

Filesize
4KB

Download
memory/2368-55-0x0000000002460000-0x00000000026D0000-memory.dmp

Filesize
2.4MB

Download
memory/2368-58-0x0000000000240000-0x0000000000241000-memory.dmp

Filesize
4KB

Download
memory/2368-60-0x0000000000240000-0x0000000000241000-memory.dmp

Filesize
4KB

Download