Analysis
-
max time kernel
150s -
max time network
147s -
platform
windows7_x64 -
resource
win7-20240221-en -
resource tags
arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system -
submitted
12-06-2024 01:08
Static task
static1
Behavioral task
behavioral1
Sample
1cb72dd000981a7f72f42e187c7a9788ec3d8c972ef0b6052f65ec059cbbb1a1.js
Resource
win7-20240221-en
General
-
Target
1cb72dd000981a7f72f42e187c7a9788ec3d8c972ef0b6052f65ec059cbbb1a1.js
-
Size
835KB
-
MD5
a5e17a3b0f562f722011b2025ad1badf
-
SHA1
e3e8457df8c12a7d76c021851c923fbb3f090257
-
SHA256
1cb72dd000981a7f72f42e187c7a9788ec3d8c972ef0b6052f65ec059cbbb1a1
-
SHA512
23930d5bbdc3336fe5599b39c23de6a1319d2032713866eb8bbcb54c4d91aaf4de296b1fa441b7a6bc17dad2bacedf8fd6ed7a4e0efc81a5fb23726d8c4eee7f
-
SSDEEP
768:XQ9KqO+g0ESJoOYHmxzFQi0O7I02iVuUBbS4OPtI0KIr3l9MgkmJ3Eudgis8aidB:XQfRVQgpATGGzIQ1DQ8lU+
Malware Config
Signatures
-
Command and Scripting Interpreter: JavaScript 1 TTPs
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Suspicious use of WriteProcessMemory 3 IoCs
Processes:
wscript.exedescription pid Process procid_target PID 2884 wrote to memory of 2344 2884 wscript.exe 28 PID 2884 wrote to memory of 2344 2884 wscript.exe 28 PID 2884 wrote to memory of 2344 2884 wscript.exe 28
Processes
-
C:\Windows\system32\wscript.exewscript.exe C:\Users\Admin\AppData\Local\Temp\1cb72dd000981a7f72f42e187c7a9788ec3d8c972ef0b6052f65ec059cbbb1a1.js1⤵
- Suspicious use of WriteProcessMemory
PID:2884 -
C:\Program Files\Java\jre7\bin\javaw.exe"C:\Program Files\Java\jre7\bin\javaw.exe" -jar "C:\Users\Admin\AppData\Roaming\ntmjuhbjn.txt"2⤵PID:2344
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
92KB
MD540324e4190ca694d65c17b8142490c1e
SHA114f8a7fbd6580cc1146a04af95c37b6772bb5215
SHA256943a982c65ebf476f6f454a95e4f8105f6c89d3e90d638113f718a208aa51db0
SHA512885107f66e0441f1d14ae4f193bcacea831f46872ec74501d82f29af7e51731714acf8a63fce72dac557c20c6cd15d1e77734e3fa443bc28dd3cda5aca22f5b7