Analysis
-
max time kernel
145s -
max time network
145s -
platform
windows7_x64 -
resource
win7-20240220-en -
resource tags
arch:x64arch:x86image:win7-20240220-enlocale:en-usos:windows7-x64system -
submitted
30-05-2024 03:25
Static task
static1
Behavioral task
behavioral1
Sample
4ed0b23797cd71aaf3dd2ecb91211fffadad14b77c4f10812f2ce32e05b58709.js
Resource
win7-20240220-en
General
-
Target
4ed0b23797cd71aaf3dd2ecb91211fffadad14b77c4f10812f2ce32e05b58709.js
-
Size
857KB
-
MD5
edaaa3cafcede4a37ebd20a66186a1d6
-
SHA1
7013756895e02f1b05262aae29bbb95880ec683f
-
SHA256
4ed0b23797cd71aaf3dd2ecb91211fffadad14b77c4f10812f2ce32e05b58709
-
SHA512
bf42d14e1d3fe81dac16650490246aa3e6fd60bba25b77e8740e890643e99de645a84b6dae4095622022074969ab4c5532b233ff184b30b42d2e7546765d775b
-
SSDEEP
6144:XQ9qyW7HvTqAaoSW6KaUOAhTPhmyfoWhqfoFPBwgoTXGdSj7lJq/mpt5eWIQNy1d:go
Malware Config
Signatures
-
Command and Scripting Interpreter: JavaScript 1 TTPs
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Suspicious use of WriteProcessMemory 3 IoCs
Processes:
wscript.exedescription pid Process procid_target PID 2872 wrote to memory of 2520 2872 wscript.exe 28 PID 2872 wrote to memory of 2520 2872 wscript.exe 28 PID 2872 wrote to memory of 2520 2872 wscript.exe 28
Processes
-
C:\Windows\system32\wscript.exewscript.exe C:\Users\Admin\AppData\Local\Temp\4ed0b23797cd71aaf3dd2ecb91211fffadad14b77c4f10812f2ce32e05b58709.js1⤵
- Suspicious use of WriteProcessMemory
PID:2872 -
C:\Program Files\Java\jre7\bin\javaw.exe"C:\Program Files\Java\jre7\bin\javaw.exe" -jar "C:\Users\Admin\AppData\Roaming\rkwapbz.txt"2⤵PID:2520
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
92KB
MD52cc7e15396dc275497fcf51f461da38d
SHA16fa0f11b6d9e3812a86ff1d43a86ad34bfc41062
SHA256e14f1c7e11a1f1ddd570d605e4204a694a7370d603c1b1ca157e505f180ccc48
SHA512daf71473c48f9592d33a49ff2f6d7b84e2c3a992f18a29979494cae86623328f0137c6ae9046cf3bbeb75d90d2a030d1fdbf3aca8718ea769429ce1e6e4a931f