4c441c9397b178978fa07b47d0d5ab09f37be8cfc8d496fb2b3404578c4f3af4

Analysis

max time kernel
120s
max time network
121s
platform
windows7_x64
resource
win7-20240220-en
resource tags

arch:x64arch:x86image:win7-20240220-enlocale:en-usos:windows7-x64system
submitted
10/06/2024, 11:54

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

9-YUB-2019-R83942.js
Size

92KB
MD5

659963d96ffae892090e98b8ffa1ff62
SHA1

0ceff08a48aad18a7494fa151f8aeecc2a4bd1fc
SHA256

783cf5eff1762ca544ba31f17f2100c4ab413aae319384039a2290a231d2cb12
SHA512

7b981944eed7766f2ea3f664471d945eb962ef898bb9d9a3b22d39d4ce72f1be2dd505028d1e632d74dde22ee44a04cad1c28d51b33c4df1d1e16098c92ca42e
SSDEEP

1536:tPa7HhgTqBUVo/dSLi5UBPq9aaMifjPb9GkSXWVJjlq7YTWFLG6HMwm/RE90qyuu:tPIHhgAUq/dSLi5U5q9aaMifjP5GkSXW

Score

8^/10

execution

Malware Config

Signatures

Blocklisted process makes network request 3 IoCs

flow	pid	Process
7	2872	wscript.exe
12	2872	wscript.exe
14	2872	wscript.exe

Command and Scripting Interpreter: JavaScript 1 TTPs
execution

JavaScript
T1059.007
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

C:\Windows\system32\wscript.exe
wscript.exe C:\Users\Admin\AppData\Local\Temp\9-YUB-2019-R83942.js
1⤵
- Blocklisted process makes network request
PID:2872

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

T1059

JavaScript

T1059.007

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads