Analysis

  • max time kernel
    133s
  • max time network
    125s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240508-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
  • submitted
    03/06/2024, 07:46

General

  • Target

    054089924142DE_Mai_09_2019.js

  • Size

    42KB

  • MD5

    f498b52c97166598e564f3354c223740

  • SHA1

    3d0dcae0e2a63796b3042c7940a48495bfbd1a88

  • SHA256

    08324ad1663b948f09fa5c46383575683088ba414169958d1c6230ce336015ae

  • SHA512

    d22dee79e086a323b6267e4540d2ebd7a22a7fe7733ec6d46f115b9a2100ee9d1c654d969c3362a34b684cf7e29b88e28fd89630e7c30a4bfb5b41dafa33c31d

  • SSDEEP

    768:n1u87RUaNI9m3CpKtvkSDgkDWnCDnilnMuppCXyijVvLccIpLZn3NOv4EOmMlOAd:n1u87RUaNIGO2wXaCID8H+1unT7josbX

Score
8/10

Malware Config

Signatures

  • Blocklisted process makes network request 6 IoCs
  • Checks computer location settings 2 TTPs 1 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Command and Scripting Interpreter: JavaScript 1 TTPs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

Processes

  • C:\Windows\system32\wscript.exe
    wscript.exe C:\Users\Admin\AppData\Local\Temp\054089924142DE_Mai_09_2019.js
    1⤵
    • Blocklisted process makes network request
    • Checks computer location settings
    PID:1172

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\vl2c51cuw.exe

    Filesize

    15KB

    MD5

    9831d56f861601f50b8e97eae97c4f3b

    SHA1

    a08a888b7b0ab157740c450c10ae87e32dec8ba7

    SHA256

    d08c94f834d5b1c9ec3c2f6572d1a412cbe377ea60ea68d61e2bb4ad6437ad52

    SHA512

    4055147ac2633434bcb0ed1a14f7a446c9da633de6fd2e25257cd09a73a82aa2ab554ab3a2c5b5a65e04067810884789215aca4cc6dd57344a8ebb3529263fbb