4c441c9397b178978fa07b47d0d5ab09f37be8cfc8d496fb2b3404578c4f3af4

Analysis

max time kernel
125s
max time network
126s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
10/06/2024, 11:54

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

9-YUB-2019-R83942.js
Size

92KB
MD5

659963d96ffae892090e98b8ffa1ff62
SHA1

0ceff08a48aad18a7494fa151f8aeecc2a4bd1fc
SHA256

783cf5eff1762ca544ba31f17f2100c4ab413aae319384039a2290a231d2cb12
SHA512

7b981944eed7766f2ea3f664471d945eb962ef898bb9d9a3b22d39d4ce72f1be2dd505028d1e632d74dde22ee44a04cad1c28d51b33c4df1d1e16098c92ca42e
SSDEEP

1536:tPa7HhgTqBUVo/dSLi5UBPq9aaMifjPb9GkSXWVJjlq7YTWFLG6HMwm/RE90qyuu:tPIHhgAUq/dSLi5U5q9aaMifjP5GkSXW

Score

8^/10

execution

Malware Config

Signatures

Blocklisted process makes network request 3 IoCs

flow	pid	Process
6	3400	wscript.exe
29	3400	wscript.exe
31	3400	wscript.exe

Checks computer location settings 2 TTPs 1 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000\Control Panel\International\Geo\Nation	wscript.exe

Command and Scripting Interpreter: JavaScript 1 TTPs
execution

JavaScript
T1059.007
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

C:\Windows\system32\wscript.exe
wscript.exe C:\Users\Admin\AppData\Local\Temp\9-YUB-2019-R83942.js
1⤵
- Blocklisted process makes network request
- Checks computer location settings
PID:3400

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --field-trial-handle=3688,i,14648456027158448592,4956305794400220180,262144 --variations-seed-version --mojo-platform-channel-handle=2700 /prefetch:8
1⤵
PID:3100

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

T1059

JavaScript

T1059.007

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\a7aon1f5t.exe

Filesize
114B

MD5
e89f75f918dbdcee28604d4e09dd71d7

SHA1
f9d9055e9878723a12063b47d4a1a5f58c3eb1e9

SHA256
6dc9c7fc93bb488bb0520a6c780a8d3c0fb5486a4711aca49b4c53fac7393023

SHA512
8df0ab2e3679b64a6174deff4259ae5680f88e3ae307e0ea2dfff88ec4ba14f3477c9fe3a5aa5da3a8e857601170a5108ed75f6d6975958ac7a314e4a336aed0

Download Submit