Overview

overview

10

Static

static

1

Ziraat Ban...aji.js

windows7-x64

3

Ziraat Ban...aji.js

windows10-2004-x64

10

Analysis

  • max time kernel
    150s
  • max time network
    150s
  • platform
    windows7_x64
  • resource
    win7-20240220-en
  • resource tags

    arch:x64arch:x86image:win7-20240220-enlocale:en-usos:windows7-x64system
  • submitted
    14-05-2024 07:33

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Ziraat Bankasi Swift Mesaji.js

  • Size

    353KB

  • MD5

    f1e972166f46d1b17250e076b3c9d048

  • SHA1

    29de44cb79d7b60ecd0ccfc293dc137aadf70767

  • SHA256

    40c97f136f72b6613c9f947c7e1fe112706eae5c574902dd1904f80b0fc1d212

  • SHA512

    c7e3947eb45dbad441674f7f469edfdb2c385419c7583141995ed71cdd2faf8bb86248a12c2fbf7dcabdc45ba673ed35830e4ab75f439daf06631b19e7c734a4

  • SSDEEP

    6144:CjTqNadgJXXiQu87UE2tajU7RP4Y/oj3i+R/2RCO0VVQc6xZzHAOjnRKjoXBKZRG:CaAd0XXiw5jX+E3/WzpnlwJjXXyGe3

Score
3/10
execution

Malware Config

Signatures

  • Command and Scripting Interpreter: JavaScript 1 TTPs
    execution
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Windows\system32\wscript.exe
    wscript.exe "C:\Users\Admin\AppData\Local\Temp\Ziraat Bankasi Swift Mesaji.js"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2172
    • C:\Program Files\Java\jre7\bin\javaw.exe
      "C:\Program Files\Java\jre7\bin\javaw.exe" -jar "C:\Users\Admin\AppData\Roaming\bgjnbvvd.txt"
      2⤵
        PID:2344

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\Roaming\bgjnbvvd.txt
      Filesize

      164KB

      MD5

      7ea89d19a8441cc58b7255dc9fb205fa

      SHA1

      2ae19607a8231bffd72353766f4017eb5492f3e8

      SHA256

      486b68ef93d03c4e486b8ddd9e153391e7debc6839e0c09d38999dd159e30705

      SHA512

      0a76f52939c305b2756fa486222210a4a8c40deff0fc753d11da899baaa84da2fed37ddbd333c6b1dc91ea07a2a1bffcaeb4db08dcbb3db97c925254e6bcbaf4

      Download Submit

    • memory/2344-4-0x0000000002540000-0x00000000027B0000-memory.dmp

      Filesize

      2.4MB

      Download

    • memory/2344-12-0x0000000000340000-0x0000000000341000-memory.dmp

      Filesize

      4KB

      Download

    • memory/2344-19-0x0000000000340000-0x0000000000341000-memory.dmp

      Filesize

      4KB

      Download

    • memory/2344-25-0x0000000000340000-0x0000000000341000-memory.dmp

      Filesize

      4KB

      Download

    • memory/2344-31-0x0000000000340000-0x0000000000341000-memory.dmp

      Filesize

      4KB

      Download

    • memory/2344-41-0x0000000000340000-0x0000000000341000-memory.dmp

      Filesize

      4KB

      Download

    • memory/2344-68-0x0000000000340000-0x0000000000341000-memory.dmp

      Filesize

      4KB

      Download

    • memory/2344-75-0x0000000000340000-0x0000000000341000-memory.dmp

      Filesize

      4KB

      Download

    • memory/2344-71-0x0000000000340000-0x0000000000341000-memory.dmp

      Filesize

      4KB

      Download

    • memory/2344-164-0x0000000002540000-0x00000000027B0000-memory.dmp

      Filesize

      2.4MB

      Download