Overview

overview

10

Static

static

1

ZILCORP_POP.js

windows7-x64

3

ZILCORP_POP.js

windows10-2004-x64

10

Analysis

  • max time kernel
    148s
  • max time network
    150s
  • platform
    windows7_x64
  • resource
    win7-20231129-en
  • resource tags

    arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
  • submitted
    24-06-2024 08:53

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    ZILCORP_POP.js

  • Size

    424KB

  • MD5

    228ffb4e92fdb79da09e379168d28b7d

  • SHA1

    00ab295a54b2a2892dc9a178be819c8cf6648ed0

  • SHA256

    93b921e53498e0ce61fa8740e083f55a10d72b0b9a406cdb05a9860ffcc94eb9

  • SHA512

    6c3c76b0294a9a5ac2c55f03c0524d9ac5a037c5f374c1a80aa6e15d6f4f1068b65d9db0460e5d37becb06709c414c3f2c81060d76dbf7077fc46330f1b066c9

  • SSDEEP

    6144:XQqj5e5byQl5AQE/fGn+Z+8sE1mTzJh2gIABvxOsMUURJNOkk52dUe:g3VlS2+4vKCzbtB5Os/r2dUe

Score
3/10
execution

Malware Config

Signatures

  • Command and Scripting Interpreter: JavaScript 1 TTPs
    execution
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Windows\system32\wscript.exe
    wscript.exe C:\Users\Admin\AppData\Local\Temp\ZILCORP_POP.js
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2316
    • C:\Program Files\Java\jre7\bin\javaw.exe
      "C:\Program Files\Java\jre7\bin\javaw.exe" -jar "C:\Users\Admin\AppData\Roaming\wtcwghzm.txt"
      2⤵
        PID:2968

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\Roaming\wtcwghzm.txt
      Filesize

      202KB

      MD5

      4c6cadc27c84e3c1cc0e0a02eedf70b4

      SHA1

      6744f248d56276d11eb2a4b72e0bf83b56088510

      SHA256

      ea567fa68562fae02b4ca07fb22a4aab17a2970b2083c4fe65a5bad3a9324dd4

      SHA512

      f14f1ef647b573fa016b5fb84130a18018814a00c31ce9f48dc2e701cbd693ca1655f2d76905f3cd89cdf84927708c5abefc58561991701e8028da0f927a6be3

      Download Submit

    • memory/2968-4-0x0000000002670000-0x00000000028E0000-memory.dmp

      Filesize

      2.4MB

      Download

    • memory/2968-12-0x00000000001D0000-0x00000000001D1000-memory.dmp

      Filesize

      4KB

      Download

    • memory/2968-19-0x00000000001D0000-0x00000000001D1000-memory.dmp

      Filesize

      4KB

      Download

    • memory/2968-29-0x00000000001D0000-0x00000000001D1000-memory.dmp

      Filesize

      4KB

      Download

    • memory/2968-34-0x00000000001D0000-0x00000000001D1000-memory.dmp

      Filesize

      4KB

      Download

    • memory/2968-41-0x00000000001D0000-0x00000000001D1000-memory.dmp

      Filesize

      4KB

      Download

    • memory/2968-43-0x00000000001D0000-0x00000000001D1000-memory.dmp

      Filesize

      4KB

      Download

    • memory/2968-45-0x00000000001D0000-0x00000000001D1000-memory.dmp

      Filesize

      4KB

      Download

    • memory/2968-52-0x00000000001D0000-0x00000000001D1000-memory.dmp

      Filesize

      4KB

      Download

    • memory/2968-55-0x00000000001D0000-0x00000000001D1000-memory.dmp

      Filesize

      4KB

      Download

    • memory/2968-59-0x00000000001D0000-0x00000000001D1000-memory.dmp

      Filesize

      4KB

      Download

    • memory/2968-64-0x00000000001D0000-0x00000000001D1000-memory.dmp

      Filesize

      4KB

      Download

    • memory/2968-90-0x00000000001D0000-0x00000000001D1000-memory.dmp

      Filesize

      4KB

      Download

    • memory/2968-98-0x00000000001D0000-0x00000000001D1000-memory.dmp

      Filesize

      4KB

      Download

    • memory/2968-101-0x00000000001D0000-0x00000000001D1000-memory.dmp

      Filesize

      4KB

      Download

    • memory/2968-103-0x00000000001D0000-0x00000000001D1000-memory.dmp

      Filesize

      4KB

      Download

    • memory/2968-252-0x0000000002670000-0x00000000028E0000-memory.dmp

      Filesize

      2.4MB

      Download