ee9a06d51dfca107de0e2108f829908f42b0d74a83f5977ce4b44f8dae6d40f5 | Triage

Analysis

max time kernel
145s
max time network
164s
platform
windows11-21h2_x64
resource
win11-20240426-en
resource tags

arch:x64arch:x86image:win11-20240426-enlocale:en-usos:windows11-21h2-x64system
submitted
10/06/2024, 15:08 UTC

Sharing

Report Analysis Logs

General

Target

Cheat Engine Clean Version/Cheat Engine 7.5 Clean/cheat-engine-7.5/Cheat Engine/autoassembler.js
Size

148KB
MD5

f97c5c2cadacbb821862008139f43188
SHA1

a2954b88da0bffd33911f39965ab8665554ef9a0
SHA256

500dcf78edd95aa2e19cbdfb1cbeea16ce4f51d5ad534c2f462ba51bcd47f387
SHA512

ed80cb2adac402f7140a27218d205f58142d9349e8b37c6933a754295d1f05d05cb968b23072ebfd498be87bed8cf9c2885416e77d8a5998ee62b766daf916cf
SSDEEP

1536:4nns05IHm+f9F+ZrngBgps4WLPMIyHtF8D5OqK0InwHi8IP9M:Ss0zThF8NK0C8IPG

Score

3^/10

execution

Malware Config

Signatures

Command and Scripting Interpreter: JavaScript 1 TTPs
execution

JavaScript
T1059.007

C:\Windows\system32\wscript.exe
wscript.exe "C:\Users\Admin\AppData\Local\Temp\Cheat Engine Clean Version\Cheat Engine 7.5 Clean\cheat-engine-7.5\Cheat Engine\autoassembler.js"
1⤵
PID:5096

Network

DNS

8.8.8.8.in-addr.arpa

Remote address:

8.8.8.8:53

Request

8.8.8.8.in-addr.arpa

IN PTR

Response

8.8.8.8.in-addr.arpa

IN PTR

dnsgoogle
DNS

self.events.data.microsoft.com

Remote address:

8.8.8.8:53

Request

self.events.data.microsoft.com

IN A

Response

self.events.data.microsoft.com

IN CNAME

self-events-data.trafficmanager.net

self-events-data.trafficmanager.net

IN CNAME

onedscolprdwus23.westus.cloudapp.azure.com

onedscolprdwus23.westus.cloudapp.azure.com

IN A

20.189.173.24
DNS

ctldl.windowsupdate.com

Remote address:

8.8.8.8:53

Request

ctldl.windowsupdate.com

IN A

Response

ctldl.windowsupdate.com

IN CNAME

ctldl.windowsupdate.com.delivery.microsoft.com

ctldl.windowsupdate.com.delivery.microsoft.com

IN CNAME

wu-b-net.trafficmanager.net

wu-b-net.trafficmanager.net

IN CNAME

download.windowsupdate.com.edgesuite.net

download.windowsupdate.com.edgesuite.net

IN CNAME

a767.dspw65.akamai.net

a767.dspw65.akamai.net

IN A

2.17.107.203

a767.dspw65.akamai.net

IN A

2.17.107.144
DNS

203.107.17.2.in-addr.arpa

Remote address:

8.8.8.8:53

Request

203.107.17.2.in-addr.arpa

IN PTR

Response

203.107.17.2.in-addr.arpa

IN PTR

a2-17-107-203deploystaticakamaitechnologiescom

No results found

8.8.8.8:53

8.8.8.8.in-addr.arpa

dns

282 B
702 B
4
4

DNS Request

8.8.8.8.in-addr.arpa

DNS Request

self.events.data.microsoft.com

DNS Response

20.189.173.24

DNS Request

ctldl.windowsupdate.com

DNS Response

2.17.107.203

2.17.107.144

DNS Request

203.107.17.2.in-addr.arpa

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

JavaScript

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads