18d2e95dcfbff23a6436cdcd4a59a62f4edec3654e0a035cd203533c8c59e4ac

Analysis

max time kernel
133s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
23-05-2024 02:08

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

F_4600007_04242019.js
Size

26KB
MD5

dc325decfb873739d6c09055b09fc043
SHA1

50dfe46b30f8dee35bc6f1285138e3dd631165ee
SHA256

f9a3d8d2568059bff0da6d27fe8d474fa8dc1c0f97c24433f2fd9caed3594b0f
SHA512

3a468cb4ad8ebc69cd53891868949856bd5877b72191bcc500b097bd2e090ee326ca8ef82b6f0d69f9296ab79091c57788d09f905f9b8eefd87a34af3aad341f
SSDEEP

768:/mpSpUgP3uPJSNRAyMLNhRKl0TSGkFDbLKXyAXStfwzrR2nr2IT1JRT2xML1i7GS:OpSpUgP3kSNJMLAqqo

Score

8^/10

execution

Malware Config

Signatures

Blocklisted process makes network request 14 IoCs

Processes:

wscript.exe

flow	pid	process
5	2236	wscript.exe
6	2236	wscript.exe
8	2236	wscript.exe
10	2236	wscript.exe
12	2236	wscript.exe
39	2236	wscript.exe
41	2236	wscript.exe
50	2236	wscript.exe
52	2236	wscript.exe
53	2236	wscript.exe
54	2236	wscript.exe
68	2236	wscript.exe
70	2236	wscript.exe
72	2236	wscript.exe

Checks computer location settings 2 TTPs 1 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

Processes:

wscript.exe

description	ioc	process
Key value queried	\REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000\Control Panel\International\Geo\Nation	wscript.exe

Command and Scripting Interpreter: JavaScript 1 TTPs
execution

JavaScript
T1059.007
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

C:\Windows\system32\wscript.exe
wscript.exe C:\Users\Admin\AppData\Local\Temp\F_4600007_04242019.js
1⤵
- Blocklisted process makes network request
- Checks computer location settings
PID:2236

Network

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Command and Scripting Interpreter

T1059

JavaScript

T1059.007

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\xw2l7glhu.exe
Filesize
46KB

MD5
b9d757b3c7cb694865ea174a895caa2e

SHA1
5c9dc9cee9f7cb155fc6eed0f88d4d1099301157

SHA256
3d614fd17cc98a365fcade36cfb9fdab672fde00b0c051fd12dc618fb742d193

SHA512
d0fce96a5ac58c4c508a685be856e2ae87027f34174b9a2a461c14a9262b07505bf30bdb82a543b9dffb2045b3e6b6666f6b18de20348617bdab0b9708f6c4c1

Download Submit