2c9aed573b4e284f47a691470acacacba2fda9f95381fb093037310889ed7d73

Analysis

max time kernel
121s
max time network
125s
platform
windows7_x64
resource
win7-20240220-en
resource tags

arch:x64arch:x86image:win7-20240220-enlocale:en-usos:windows7-x64system
submitted
01/06/2024, 11:39

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Rechnungs_Details_2728242565DE_Mai_10_2019.js
Size

4KB
MD5

8f4c4b1aeab1b8a5cea66beef22a8da3
SHA1

8fb18d29bedbcfa680dcf6cfe9e197adf64e474c
SHA256

9cc55391cab46feb884731f30349d70a8db8db242a5eebdd45fcbbc3f00bf404
SHA512

ab83142c6b918890c80fecbbcd2304b8c49c4ad95eaa15589d6d01e823558de9e765e723bdee33d7e7908512040297592f549e6be76ab1fb46c79882a7e8d70c
SSDEEP

48:FFpkFSuOGEyMAEti7h2hPEfEDtXZpzKHFIqgAiRZnTLAs6ueL/k/kVB3EiVPmv0r:FfjpOh2GfExqg/gjscpPmNa

Score

8^/10

execution

Malware Config

Signatures

Blocklisted process makes network request 3 IoCs

flow	pid	Process
6	2060	wscript.exe
8	2060	wscript.exe
11	2060	wscript.exe

Command and Scripting Interpreter: JavaScript 1 TTPs
execution

JavaScript
T1059.007
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

C:\Windows\system32\wscript.exe
wscript.exe C:\Users\Admin\AppData\Local\Temp\Rechnungs_Details_2728242565DE_Mai_10_2019.js
1⤵
- Blocklisted process makes network request
PID:2060

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

T1059

JavaScript

T1059.007

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads