Overview

overview

10

Static

static

1

68ba175a63...5db.js

windows7-x64

3

68ba175a63...5db.js

windows10-2004-x64

10

Analysis

  • max time kernel
    150s
  • max time network
    151s
  • platform
    windows7_x64
  • resource
    win7-20240220-en
  • resource tags

    arch:x64arch:x86image:win7-20240220-enlocale:en-usos:windows7-x64system
  • submitted
    11-05-2024 08:34

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    68ba175a6363ed62824fb066933974588127b63d007f00b9f147845cebae45db.js

  • Size

    346KB

  • MD5

    6e5f677f16815e0933d379f50581bea6

  • SHA1

    2f5416c1927fb6b81241bb96eee69befa31b55f9

  • SHA256

    68ba175a6363ed62824fb066933974588127b63d007f00b9f147845cebae45db

  • SHA512

    727919e1be0223607964997a6951c6d117ef51c9eca4cb38de9834f7e7dd56eaa5bd0aafb6f3a9774103c8d9fc0bc155f9fa09abf2416e773673e77ba62548ff

  • SSDEEP

    6144:VqawNPADGrly8y0L5+zf+S1gWpfu61c74xBBKLrUei1nOb+qgJHOAPk4YEUV18E:oNPAyobfu6A5rTb+TXPrwl

Score
3/10
execution

Malware Config

Signatures

  • Command and Scripting Interpreter: JavaScript 1 TTPs
    execution
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Windows\system32\wscript.exe
    wscript.exe C:\Users\Admin\AppData\Local\Temp\68ba175a6363ed62824fb066933974588127b63d007f00b9f147845cebae45db.js
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:840
    • C:\Program Files\Java\jre7\bin\javaw.exe
      "C:\Program Files\Java\jre7\bin\javaw.exe" -jar "C:\Users\Admin\AppData\Roaming\xeegbeeyfc.txt"
      2⤵
        PID:1688

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\Roaming\xeegbeeyfc.txt
      Filesize

      164KB

      MD5

      6f59762675a1043ce3d52145c4fca3b5

      SHA1

      e98851b70a4f1b413599ed7e848d4128d66f7d16

      SHA256

      19a1796f53aed8daf769cb5adc2fdec81bd3cd7b6f5a3a746bd41c97e1eea44c

      SHA512

      067c3d2e9c931cee28c0f5bf63fa0cc3a66b0060b23316aee8320a4383e54bcdd69d97bc7d29423249ff6e711ef7c05f246d689529663c18c00d11bb61742d00

      Download Submit

    • memory/1688-4-0x00000000025F0000-0x0000000002860000-memory.dmp

      Filesize

      2.4MB

      Download

    • memory/1688-12-0x0000000000130000-0x0000000000131000-memory.dmp

      Filesize

      4KB

      Download

    • memory/1688-19-0x0000000000130000-0x0000000000131000-memory.dmp

      Filesize

      4KB

      Download

    • memory/1688-25-0x0000000000130000-0x0000000000131000-memory.dmp

      Filesize

      4KB

      Download

    • memory/1688-33-0x0000000000130000-0x0000000000131000-memory.dmp

      Filesize

      4KB

      Download

    • memory/1688-40-0x0000000000130000-0x0000000000131000-memory.dmp

      Filesize

      4KB

      Download

    • memory/1688-47-0x0000000000130000-0x0000000000131000-memory.dmp

      Filesize

      4KB

      Download

    • memory/1688-68-0x0000000000130000-0x0000000000131000-memory.dmp

      Filesize

      4KB

      Download

    • memory/1688-161-0x00000000025F0000-0x0000000002860000-memory.dmp

      Filesize

      2.4MB

      Download