5cf78dac329e6fb3daaaf288762db77fe8a0630e8a7a0abdffba2a0e5fef4165

Analysis

max time kernel
93s
max time network
94s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
11-05-2024 06:22

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

T-465916-04242019.js
Size

26KB
MD5

dc325decfb873739d6c09055b09fc043
SHA1

50dfe46b30f8dee35bc6f1285138e3dd631165ee
SHA256

f9a3d8d2568059bff0da6d27fe8d474fa8dc1c0f97c24433f2fd9caed3594b0f
SHA512

3a468cb4ad8ebc69cd53891868949856bd5877b72191bcc500b097bd2e090ee326ca8ef82b6f0d69f9296ab79091c57788d09f905f9b8eefd87a34af3aad341f
SSDEEP

768:/mpSpUgP3uPJSNRAyMLNhRKl0TSGkFDbLKXyAXStfwzrR2nr2IT1JRT2xML1i7GS:OpSpUgP3kSNJMLAqqo

Score

8^/10

execution

Malware Config

Signatures

Blocklisted process makes network request 14 IoCs

Processes:

wscript.exe

flow	pid	process
2	4848	wscript.exe
3	4848	wscript.exe
5	4848	wscript.exe
9	4848	wscript.exe
11	4848	wscript.exe
30	4848	wscript.exe
32	4848	wscript.exe
35	4848	wscript.exe
37	4848	wscript.exe
38	4848	wscript.exe
40	4848	wscript.exe
44	4848	wscript.exe
46	4848	wscript.exe
48	4848	wscript.exe

Checks computer location settings 2 TTPs 1 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

Processes:

wscript.exe

description	ioc	process
Key value queried	\REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\Control Panel\International\Geo\Nation	wscript.exe

Command and Scripting Interpreter: JavaScript 1 TTPs
execution

JavaScript
T1059.007
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

C:\Windows\system32\wscript.exe
wscript.exe C:\Users\Admin\AppData\Local\Temp\T-465916-04242019.js
1⤵
- Blocklisted process makes network request
- Checks computer location settings
PID:4848

Network

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Command and Scripting Interpreter

T1059

JavaScript

T1059.007

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\c50j4mm9j.exe
Filesize
61KB

MD5
e975aa4ccf8f37444edf395c7ee605f5

SHA1
757173ad7cc7e9d74fad8d48c9d0940e74577e25

SHA256
3d5e24ceb8758ef8e6c885a1cbfe176a7d2675afa7ec3417f9fbc1f776810aa3

SHA512
4506c75e135e135c2f3e3fa46de778f5c1e2fe055602556f878cddbbfa2d4a5902faf0186c309b577ed72a2f734b571561a195e6efc2636b783549d164aa84ff

Download Submit