68ba175a6363ed62824fb066933974588127b63d007f00b9f147845cebae45db

Analysis

max time kernel
150s
max time network
154s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
10/05/2024, 05:11

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Invoice & PL.js
Size

346KB
MD5

6e5f677f16815e0933d379f50581bea6
SHA1

2f5416c1927fb6b81241bb96eee69befa31b55f9
SHA256

68ba175a6363ed62824fb066933974588127b63d007f00b9f147845cebae45db
SHA512

727919e1be0223607964997a6951c6d117ef51c9eca4cb38de9834f7e7dd56eaa5bd0aafb6f3a9774103c8d9fc0bc155f9fa09abf2416e773673e77ba62548ff
SSDEEP

6144:VqawNPADGrly8y0L5+zf+S1gWpfu61c74xBBKLrUei1nOb+qgJHOAPk4YEUV18E:oNPAyobfu6A5rTb+TXPrwl

Score

3^/10

execution

Malware Config

Signatures

Command and Scripting Interpreter: JavaScript 1 TTPs
execution

JavaScript
T1059.007
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1368 wrote to memory of 1396	1368	wscript.exe	28
PID 1368 wrote to memory of 1396	1368	wscript.exe	28
PID 1368 wrote to memory of 1396	1368	wscript.exe	28

C:\Windows\system32\wscript.exe
wscript.exe "C:\Users\Admin\AppData\Local\Temp\Invoice & PL.js"
1⤵
- Suspicious use of WriteProcessMemory
PID:1368
- C:\Program Files\Java\jre7\bin\javaw.exe
  "C:\Program Files\Java\jre7\bin\javaw.exe" -jar "C:\Users\Admin\AppData\Roaming\clprblturz.txt"
  2⤵
  PID:1396

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

T1059

JavaScript

T1059.007

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Roaming\clprblturz.txt

Filesize
164KB

MD5
6f59762675a1043ce3d52145c4fca3b5

SHA1
e98851b70a4f1b413599ed7e848d4128d66f7d16

SHA256
19a1796f53aed8daf769cb5adc2fdec81bd3cd7b6f5a3a746bd41c97e1eea44c

SHA512
067c3d2e9c931cee28c0f5bf63fa0cc3a66b0060b23316aee8320a4383e54bcdd69d97bc7d29423249ff6e711ef7c05f246d689529663c18c00d11bb61742d00

Download Submit
memory/1396-4-0x00000000021A0000-0x0000000002410000-memory.dmp

Filesize
2.4MB

Download
memory/1396-12-0x0000000000310000-0x0000000000311000-memory.dmp

Filesize
4KB

Download
memory/1396-19-0x0000000000310000-0x0000000000311000-memory.dmp

Filesize
4KB

Download
memory/1396-25-0x0000000000310000-0x0000000000311000-memory.dmp

Filesize
4KB

Download
memory/1396-31-0x0000000000310000-0x0000000000311000-memory.dmp

Filesize
4KB

Download
memory/1396-55-0x0000000000310000-0x0000000000311000-memory.dmp

Filesize
4KB

Download
memory/1396-75-0x0000000000310000-0x0000000000311000-memory.dmp

Filesize
4KB

Download
memory/1396-74-0x0000000000310000-0x0000000000311000-memory.dmp

Filesize
4KB

Download
memory/1396-150-0x00000000021A0000-0x0000000002410000-memory.dmp

Filesize
2.4MB

Download