7827a371a9ee2665af0b85718acd37162461dbdc6142feeae06e9eb79ba19293

Analysis

max time kernel
94s
max time network
125s
platform
windows10-2004_x64
resource
win10v2004-20240611-en
resource tags

arch:x64arch:x86image:win10v2004-20240611-enlocale:en-usos:windows10-2004-x64system
submitted
16-06-2024 00:28

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

L-730291-04242019.js
Size

30KB
MD5

d8dd72216bd060322ac46c7257740ffb
SHA1

7fda43b576dbdce7861163ee564b25cf6eb5ddd6
SHA256

fefeae81b80a964d3c5ea9071faa2c207766e7b929a15049a4aa2087e56684da
SHA512

33ec8c9a52e27e626e90ca88e285b1c9f007a9b2548ae55e104470f751e60653c7e4bcc6c3b3a6f12ad1d88f9e4356bc219b32ac9e6c23636b15aaed7b699813
SSDEEP

768:yV+kwj15VdeIkjjSLT5uJT5BkMkqzB35xIkPVeJMXFpB6X88QjfsCE4F8kuF8vf3:yV+kAVdeIkjjST5uJEMkqzd5xvIChSF2

Score

8^/10

execution

Malware Config

Signatures

Blocklisted process makes network request 11 IoCs

flow	pid	Process
2	1204	wscript.exe
19	1204	wscript.exe
20	1204	wscript.exe
22	1204	wscript.exe
26	1204	wscript.exe
28	1204	wscript.exe
29	1204	wscript.exe
31	1204	wscript.exe
34	1204	wscript.exe
36	1204	wscript.exe
38	1204	wscript.exe

Checks computer location settings 2 TTPs 1 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-2447855248-390457009-3660902674-1000\Control Panel\International\Geo\Nation	wscript.exe

Command and Scripting Interpreter: JavaScript 1 TTPs
execution

JavaScript
T1059.007
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

C:\Windows\system32\wscript.exe
wscript.exe C:\Users\Admin\AppData\Local\Temp\L-730291-04242019.js
1⤵
- Blocklisted process makes network request
- Checks computer location settings
PID:1204

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

T1059

JavaScript

T1059.007

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\eo5skjbal.exe

Filesize
1KB

MD5
6a21077a9975c496965893d9619e5df3

SHA1
9ceca1dcba41975588cb73583e958e858452e7b0

SHA256
81d2664cec2465b299bf715cc179618e5b26c437e9cba66e7ca24f8232883e43

SHA512
6171cbc689b57629fa6ae569ed536c782d6eb026027ee3d98dc7499228cb5242f7c7633d822402a6852f7cf9498942e150fa5105888fbf81450f79bab5a70fb8

Download Submit