2e68fca7ca45cdb7e62e1cbb8619c2d5a5e91253642e4c9a2d68209a61bc76a9

Analysis

max time kernel
118s
max time network
118s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
11-06-2024 20:57

Target

?? ??? ??????????? ??????.jse
Size

5KB
MD5

21edf1a6ae8e0a869aca1890b3e34a97
SHA1

cd19915eb44c6b5d8ec3397db1280bbfbca16435
SHA256

073321b040b9b6820c5701dd61732c1aa88ac7e40687f14c0e37ebd1253211de
SHA512

00c9aeab7a5ce8f2fda77e7a051bc219fc2b9de25cce32deb0073c3bd6cbc3da4a5a61d2c4a2c7b1b85344b82f64a672758ab04d1073f3f19ec1f9c7d30e9a99
SSDEEP

96:ibhKmdpq+b5qwCKSgXRXuOj1u7KJVuSWlf2OqgcC8BtSuV0LeB5W:eppqG5NZSARXuOxuyEplf2Ot8XVFB5W

Score

8^/10

execution

Blocklisted process makes network request 2 IoCs

flow	pid	Process
3	1128	WScript.exe
7	1128	WScript.exe

Command and Scripting Interpreter: JavaScript 1 TTPs
execution

JavaScript
T1059.007

C:\Windows\System32\WScript.exe
C:\Windows\System32\WScript.exe "C:\Users\Admin\AppData\Local\Temp\__ ___ ___________ ______.jse"
1⤵
- Blocklisted process makes network request
PID:1128

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

JavaScript

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact