Overview

overview

3

Static

static

1

sample.js

windows11-21h2-x64

Analysis

  • max time kernel
    55s
  • max time network
    57s
  • platform
    windows11-21h2_x64
  • resource
    win11-20240426-en
  • resource tags

    arch:x64arch:x86image:win11-20240426-enlocale:en-usos:windows11-21h2-x64system
  • submitted
    20/05/2024, 10:05

Sharing

Copy URL
Twitter E-mail

Errors

Reason
Machine shutdown
Report Analysis Logs

General

  • Target

    sample.js

  • Size

    17KB

  • MD5

    ee9bd4405b5a92a7b635e64b050a33f3

  • SHA1

    30785a7af8d250a4138aebee945d4776a1e525df

  • SHA256

    217dec5d0b839effaca78e88c1e72807e50aaffb7b1506c5b89f80158c8c4234

  • SHA512

    0c6c601ed0e5ce18be47f0541db0fde752e93edc0d41367a1e7aba15b62a336c37095f5bb817bd596b492280f6b332dacf633ddb5c6cc1bb8d11c3f03dac06f3

  • SSDEEP

    192:rOqxB6WbR9W1P+uTRQQZs3ntnMCCNTZ5gkS8uyqkCEO8fktp8S6eTAt5gviM+Bji:rO23tM5NFS8uoZNoUd1Zs

Score
3/10
execution

Malware Config

Signatures

  • Command and Scripting Interpreter: JavaScript 1 TTPs
    execution
  • Enumerates system info in registry 2 TTPs 3 IoCs
  • Modifies data under HKEY_USERS 15 IoCs
  • Suspicious behavior: AddClipboardFormatListener 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 4 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs
  • Suspicious use of FindShellTrayWindow 35 IoCs
  • Suspicious use of SendNotifyMessage 20 IoCs
  • Suspicious use of SetWindowsHookEx 2 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Windows\system32\wscript.exe
    wscript.exe C:\Users\Admin\AppData\Local\Temp\sample.js
    1⤵
      PID:4264
    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://java.com/
      1⤵
      • Enumerates system info in registry
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SendNotifyMessage
      • Suspicious use of WriteProcessMemory
      PID:32
      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffbd71d3cb8,0x7ffbd71d3cc8,0x7ffbd71d3cd8
        2⤵
          PID:1080
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1908,1912465830724505460,3167941774245605579,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1876 /prefetch:2
          2⤵
            PID:3024
          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1908,1912465830724505460,3167941774245605579,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2336 /prefetch:3
            2⤵
            • Suspicious behavior: EnumeratesProcesses
            PID:3564
          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1908,1912465830724505460,3167941774245605579,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2728 /prefetch:8
            2⤵
              PID:900
            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,1912465830724505460,3167941774245605579,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3284 /prefetch:1
              2⤵
                PID:3548
              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,1912465830724505460,3167941774245605579,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3312 /prefetch:1
                2⤵
                  PID:1708
              • C:\Windows\System32\CompPkgSrv.exe
                C:\Windows\System32\CompPkgSrv.exe -Embedding
                1⤵
                  PID:3524
                • C:\Windows\System32\CompPkgSrv.exe
                  C:\Windows\System32\CompPkgSrv.exe -Embedding
                  1⤵
                    PID:3140
                  • C:\Program Files\VideoLAN\VLC\vlc.exe
                    "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file "C:\Users\Admin\Desktop\InvokeGroup.M2V"
                    1⤵
                    • Suspicious behavior: AddClipboardFormatListener
                    • Suspicious behavior: GetForegroundWindowSpam
                    • Suspicious use of FindShellTrayWindow
                    • Suspicious use of SendNotifyMessage
                    • Suspicious use of SetWindowsHookEx
                    PID:1652
                  • C:\Windows\system32\LogonUI.exe
                    "LogonUI.exe" /flags:0x4 /state0:0xa3a1b055 /state1:0x41c64e6d
                    1⤵
                    • Modifies data under HKEY_USERS
                    • Suspicious use of SetWindowsHookEx
                    PID:4620

                  Network

                  MITRE ATT&CK Enterprise v15

                  Replay Monitor

                  Loading Replay Monitor...

                  Downloads

                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
                    Filesize

                    152B

                    MD5

                    5e027def9b55f3d49cde9fb82beba238

                    SHA1

                    64baabd8454c210162cbc3a90d6a2daaf87d856a

                    SHA256

                    9816e980b04f1fe7efaa4b9c83ff6a0fdd485ee65a884c001b43a0cad7c39d83

                    SHA512

                    a315e1336c5ec70cbb002969e539068ba92f3ec681b6d863db95227fd1808a778fd994e2fb03f28f0e401677aa5f7c66813e315b6b99a5065384c49586f9782e

                    Download Submit

                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
                    Filesize

                    152B

                    MD5

                    0c5042350ee7871ccbfdc856bde96f3f

                    SHA1

                    90222f176bc96ec17d1bdad2d31bc994c000900c

                    SHA256

                    b8b1cb139d4d19a85adce0152fa3c4f6adfb73a322d7253820e848c6f82afc1b

                    SHA512

                    2efdb535fa6a06c4f9702b2129f2dd07c330e37fd10b492f2236007c660c1707773c22005d1e1fa580dbf633dc1a700ada3b7b611ef9accd9555a17a244f61ce

                    Download Submit

                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
                    Filesize

                    480B

                    MD5

                    77fbe1b3ef3847e47bd59b5ffa5e02a5

                    SHA1

                    330bf2fdc85c34a66586967d2125c0a5bad8c8b9

                    SHA256

                    d24ab6006e4bf52ae660f6e8c91759438d13e7e30db0a3a15f90c1ccb9129d40

                    SHA512

                    42ff07f08748b23b7d01f099c3cdd4a854613b90231aaf742f40dde312caf56474580c7546f628a11c718e76dd428bbebe20d05049646ef5c81f5a620a6fd62a

                    Download Submit

                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
                    Filesize

                    408B

                    MD5

                    34499fdb770abc1abc0f66bd00ddace9

                    SHA1

                    1dda4182024016adf2894ea65581281fcc7640fa

                    SHA256

                    47c68a92bcf22f29197cced99e4ea19cac8d3fca7e5b9d1cad501928d0a40d86

                    SHA512

                    236dbb189da59d4c9a4543f2a0070a3434919060773d73d2fb3b2b6cdee4a89d200002209e1b28ad944bf54cc933f0d5161c57c6bca676b1460867ef357d4c17

                    Download Submit

                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                    Filesize

                    5KB

                    MD5

                    92bec1bc3cafe495e53a157063122c6a

                    SHA1

                    01e2612c03c71e4b6d8967387dc3e8777d38db48

                    SHA256

                    a596cb07154fe28087a4d783ecd92f41a05ca80f9ffc2c200326bcac170a1d06

                    SHA512

                    f6e3e29c2f24462145a0c31192c4828f042257358fd3f1a5366a9850c5a2cfa92329d2f0c645ae9e3d4dcebc8d77edfec7b58e44cd3f4f3205679616d4773f48

                    Download Submit

                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                    Filesize

                    6KB

                    MD5

                    f53774d9c8925ed4ab6680f583e0991d

                    SHA1

                    2ef0d32d49131ff02d619926b8a15a5db7b043c8

                    SHA256

                    27209d99a9324beafc4181168ad81ec28b5519fac16ebd903e221bd8b5c09a2a

                    SHA512

                    446a7fa0e75454dac02d8d937b9fe56cccf9dc1f595f292c58dcd4c059ad1b2366e01a3c250a20c7391eb997b252d09ee9f99f0aa6cf958e5f65c29f6d0ad834

                    Download Submit

                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
                    Filesize

                    11KB

                    MD5

                    91b7cefd954e59926740690d291cda01

                    SHA1

                    bbecb2c5630cb2fa2f9c2394c3a1addadc4a4696

                    SHA256

                    98caa4dc1630f6bb91f55e6fe93c5702ba96bc97aa43b59b7c98c7f772cb3949

                    SHA512

                    45c78b14e5b9778dddb31515a09923fac52e66de8e167f57a6792c7ab5219cc82722116bc1f745c82fa1b17ef2cef0b97d09a17222662e663b5356da73a62595

                    Download Submit

                  • memory/1652-163-0x00007FFBE79A0000-0x00007FFBE79D4000-memory.dmp

                    Filesize

                    208KB

                    Download

                  • memory/1652-162-0x00007FF7B9EE0000-0x00007FF7B9FD8000-memory.dmp

                    Filesize

                    992KB

                    Download

                  • memory/1652-164-0x00007FFBD6600000-0x00007FFBD68B6000-memory.dmp

                    Filesize

                    2.7MB

                    Download

                  • memory/1652-166-0x0000012F58F40000-0x0000012F5904E000-memory.dmp

                    Filesize

                    1.1MB

                    Download

                  • memory/1652-165-0x00007FFBD5110000-0x00007FFBD61C0000-memory.dmp

                    Filesize

                    16.7MB

                    Download