Analysis

  • max time kernel
    149s
  • max time network
    149s
  • platform
    windows7_x64
  • resource
    win7-20240419-en
  • resource tags

    arch:x64arch:x86image:win7-20240419-enlocale:en-usos:windows7-x64system
  • submitted
    11-05-2024 07:53

General

  • Target

    f224a2adc08aef0c0fc1899d4ba8aa52e3c608ef2b294dec6d72590dfcb91614.js

  • Size

    443KB

  • MD5

    cdc0ff3b2e6bd8e1a0d09ff010c2c899

  • SHA1

    e15ab2d20673e273eb9698894c9f1ef07a893999

  • SHA256

    f224a2adc08aef0c0fc1899d4ba8aa52e3c608ef2b294dec6d72590dfcb91614

  • SHA512

    787ea82b4404ff50f77f18b36f60071551e8a80810e52d92fac6c89e06baa66bb3d0f09970c5a043273416a3aa92b99b74ae8e2a1f6d66f30c1bd92a282deea9

  • SSDEEP

    6144:ZQOOkQsu5kVH5fRAZmyUzxDRqns5D9rmqJ1UnYUB48xM91Y1WziypzkAkaM1kxKm:HVuGZq6xDk8H1cYm48xMYCkbprC

Score
3/10

Malware Config

Signatures

  • Command and Scripting Interpreter: JavaScript 1 TTPs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious use of WriteProcessMemory 9 IoCs

Processes

  • C:\Windows\system32\wscript.exe
    wscript.exe C:\Users\Admin\AppData\Local\Temp\f224a2adc08aef0c0fc1899d4ba8aa52e3c608ef2b294dec6d72590dfcb91614.js
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1740
    • C:\Program Files\Java\jre7\bin\javaw.exe
      "C:\Program Files\Java\jre7\bin\javaw.exe" -jar "C:\Users\Admin\AppData\Roaming\ocdlxket.txt"
      2⤵
      • Suspicious use of WriteProcessMemory
      PID:2832
      • C:\Windows\system32\wscript.exe
        wscript C:\Users\Admin\pnjtiaccyf.js
        3⤵
        • Suspicious use of WriteProcessMemory
        PID:2120
        • C:\Program Files\Java\jre7\bin\javaw.exe
          "C:\Program Files\Java\jre7\bin\javaw.exe" -jar "C:\Users\Admin\AppData\Roaming\zxpnsjnfr.txt"
          4⤵
            PID:2560

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\Roaming\ocdlxket.txt

      Filesize

      219KB

      MD5

      dc460eff6b011dad319db62115365f3a

      SHA1

      112909f254ae16361a6f3dfe757f45896fa8f522

      SHA256

      8d1f7af142e64bcc42117302ce5c20a1e8cce37485f5f8948f006924498cd997

      SHA512

      d8ed4c60a35a8be32cd391c4c356f53bedbb2f59b20061f01a0aa751091fcb367799ffab266ad9ca33ef677fe12d30811991b4641c4519aeea073a095cc74d18

    • C:\Users\Admin\AppData\Roaming\zxpnsjnfr.txt

      Filesize

      164KB

      MD5

      263238ba3312613146a92ecfad5f5abb

      SHA1

      57d076f1deb30314bdef4d7e4795068957c8c0d0

      SHA256

      4a464631cf3f7f3261f79fc443dd63d0d205806077e33e9ea1477134d2f7c723

      SHA512

      baaa069e01cf004eec72569fb49312dcf2b1bdac304b6c2e003a926f052c71708e2e704a14e81fbdaabbb01067c61f295bca1c97dfd2fef8ebc2b055eb12f9c4

    • C:\Users\Admin\pnjtiaccyf.js

      Filesize

      347KB

      MD5

      4ab0c7385d9202a8aed07e0086d83711

      SHA1

      987d7102a8585fde7412554732d7974159e007fa

      SHA256

      5eb64fbe30ab5c8d68fd358f31f9f3cf9c2cb52032a1736a4b327a3d02d8bd0a

      SHA512

      c53ffb22e9dba04607c6648c4b6dd3195eaedbf73ce6b0f065aa116db1e6188b5096b53f281e02486e0b0f8f7e407870c050465902566f4701ce511ed4631682

    • memory/2560-42-0x0000000000230000-0x0000000000231000-memory.dmp

      Filesize

      4KB

    • memory/2560-21-0x00000000024E0000-0x0000000002750000-memory.dmp

      Filesize

      2.4MB

    • memory/2560-29-0x0000000000230000-0x0000000000231000-memory.dmp

      Filesize

      4KB

    • memory/2560-36-0x0000000000230000-0x0000000000231000-memory.dmp

      Filesize

      4KB

    • memory/2560-50-0x0000000000230000-0x0000000000231000-memory.dmp

      Filesize

      4KB

    • memory/2560-57-0x0000000000230000-0x0000000000231000-memory.dmp

      Filesize

      4KB

    • memory/2560-92-0x0000000000230000-0x0000000000231000-memory.dmp

      Filesize

      4KB

    • memory/2560-180-0x00000000024E0000-0x0000000002750000-memory.dmp

      Filesize

      2.4MB

    • memory/2832-15-0x0000000002410000-0x0000000002680000-memory.dmp

      Filesize

      2.4MB

    • memory/2832-14-0x0000000000330000-0x0000000000331000-memory.dmp

      Filesize

      4KB

    • memory/2832-4-0x0000000002410000-0x0000000002680000-memory.dmp

      Filesize

      2.4MB