Overview

overview

10

Static

static

10

para battl...nce.js

windows7-x64

3

para battl...nce.js

windows10-2004-x64

3

para battl...min.js

windows7-x64

3

para battl...min.js

windows10-2004-x64

3

para battl...xin.js

windows7-x64

3

para battl...xin.js

windows10-2004-x64

3

para battl...ile.js

windows7-x64

3

para battl...ile.js

windows10-2004-x64

3

para battl...dex.js

windows7-x64

3

para battl...dex.js

windows10-2004-x64

3

para battl...DME.js

windows7-x64

3

para battl...DME.js

windows10-2004-x64

3

para battl...enc.js

windows7-x64

3

para battl...enc.js

windows10-2004-x64

3

para battl...cli.js

ubuntu-18.04-amd64

3

para battl...cli.js

debian-9-armhf

4

para battl...cli.js

debian-9-mips

1

para battl...cli.js

debian-9-mipsel

1

para battl...sum.js

windows7-x64

3

para battl...sum.js

windows10-2004-x64

3

para battl...umd.js

windows7-x64

3

para battl...umd.js

windows10-2004-x64

3

para battl...umd.js

windows7-x64

3

para battl...umd.js

windows10-2004-x64

3

para battl...min.js

windows7-x64

3

para battl...min.js

windows10-2004-x64

3

para battl...min.js

windows7-x64

3

para battl...min.js

windows10-2004-x64

3

para battl...ner.js

windows7-x64

3

para battl...ner.js

windows10-2004-x64

3

para battl...ner.js

windows7-x64

3

para battl...ner.js

windows10-2004-x64

3

Analysis

  • max time kernel
    121s
  • max time network
    144s
  • platform
    windows7_x64
  • resource
    win7-20240704-en
  • resource tags

    arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
  • submitted
    13-07-2024 16:52

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    para battly launcher/resources/app/node_modules/chance/docs/chance.js

  • Size

    335KB

  • MD5

    2a7e4cd83751c9fbcac248eab22fc40f

  • SHA1

    9e9ac01dd1208d1b55b6c489b61b2b41ee796561

  • SHA256

    1bc5fb5b5f7b1fb9709a4305b25401cdcf7bb2711e3be545fe5f54682c2a5e24

  • SHA512

    b7ebb6ab03d1dc56eb54c0e01d7ed7b82693f1aebbecfeb671d09d52beee6396589018a1ecbbf0138844aa163ac4d35ff7ab9fda6570febac2ae140f8b641ad3

  • SSDEEP

    3072:0ck3/ju4/kCXEhTfxC/+1J/JjD8HMV1KE+gBvzyPbXrazVsJnpTR3cUWl+85iTLH:0ckvjatfnfwbXra4TsUWl+5H

Score
3/10
execution

Malware Config

Signatures

  • Command and Scripting Interpreter: JavaScript 1 TTPs
    execution
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Checks processor information in registry 2 TTPs 9 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Modifies registry class 10 IoCs
  • Suspicious use of AdjustPrivilegeToken 2 IoCs
  • Suspicious use of FindShellTrayWindow 4 IoCs
  • Suspicious use of SendNotifyMessage 3 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs
  • Uses Task Scheduler COM API 1 TTPs

    The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.

    persistence

Processes

  • C:\Windows\system32\wscript.exe
    wscript.exe "C:\Users\Admin\AppData\Local\Temp\para battly launcher\resources\app\node_modules\chance\docs\chance.js"
    1⤵
      PID:2672
    • C:\Windows\system32\rundll32.exe
      "C:\Windows\system32\rundll32.exe" C:\Windows\system32\shell32.dll,OpenAs_RunDLL C:\Users\Admin\Desktop\UnlockPop.tmp
      1⤵
      • Modifies registry class
      • Suspicious use of WriteProcessMemory
      PID:3040
      • C:\Program Files\Mozilla Firefox\firefox.exe
        "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "C:\Users\Admin\Desktop\UnlockPop.tmp"
        2⤵
        • Suspicious use of WriteProcessMemory
        PID:3056
        • C:\Program Files\Mozilla Firefox\firefox.exe
          "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url C:\Users\Admin\Desktop\UnlockPop.tmp
          3⤵
          • Checks processor information in registry
          • Modifies registry class
          • Suspicious use of AdjustPrivilegeToken
          • Suspicious use of FindShellTrayWindow
          • Suspicious use of SendNotifyMessage
          • Suspicious use of WriteProcessMemory
          PID:1320
          • C:\Program Files\Mozilla Firefox\firefox.exe
            "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1320.0.1883102740\771399523" -parentBuildID 20221007134813 -prefsHandle 1276 -prefMapHandle 1256 -prefsLen 20847 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {50fad2a6-a5d9-419e-86b4-af896f6a791c} 1320 "\\.\pipe\gecko-crash-server-pipe.1320" 1372 fef0658 gpu
            4⤵
              PID:1724
            • C:\Program Files\Mozilla Firefox\firefox.exe
              "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1320.1.1241080839\1595672085" -parentBuildID 20221007134813 -prefsHandle 1524 -prefMapHandle 1520 -prefsLen 21708 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {22ac02a8-10d0-4d14-b323-acc2982d524e} 1320 "\\.\pipe\gecko-crash-server-pipe.1320" 1552 41ed758 socket
              4⤵
              • Checks processor information in registry
              PID:3060
            • C:\Program Files\Mozilla Firefox\firefox.exe
              "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1320.2.1779601821\832107413" -childID 1 -isForBrowser -prefsHandle 2128 -prefMapHandle 2124 -prefsLen 21746 -prefMapSize 233444 -jsInitHandle 824 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {2f5db64a-c5eb-4f5b-96b0-96ef50d49283} 1320 "\\.\pipe\gecko-crash-server-pipe.1320" 2140 198af958 tab
              4⤵
                PID:2300
              • C:\Program Files\Mozilla Firefox\firefox.exe
                "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1320.3.909270016\786760053" -childID 2 -isForBrowser -prefsHandle 2832 -prefMapHandle 2828 -prefsLen 26216 -prefMapSize 233444 -jsInitHandle 824 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {a07e276b-62b6-490c-8977-3ef2ce216f11} 1320 "\\.\pipe\gecko-crash-server-pipe.1320" 2844 1b0dea58 tab
                4⤵
                  PID:1960
                • C:\Program Files\Mozilla Firefox\firefox.exe
                  "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1320.4.1538510400\100947087" -childID 3 -isForBrowser -prefsHandle 3892 -prefMapHandle 3908 -prefsLen 26526 -prefMapSize 233444 -jsInitHandle 824 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {f34bfb5a-586a-429a-91ad-c385af57a532} 1320 "\\.\pipe\gecko-crash-server-pipe.1320" 3916 20121958 tab
                  4⤵
                    PID:308
                  • C:\Program Files\Mozilla Firefox\firefox.exe
                    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1320.5.153936281\891788307" -childID 4 -isForBrowser -prefsHandle 3996 -prefMapHandle 4000 -prefsLen 26526 -prefMapSize 233444 -jsInitHandle 824 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {806ab7a6-43a5-4cd5-ab41-caa01a2eaef0} 1320 "\\.\pipe\gecko-crash-server-pipe.1320" 3984 20122e58 tab
                    4⤵
                      PID:1736
                    • C:\Program Files\Mozilla Firefox\firefox.exe
                      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1320.6.798607094\416773726" -childID 5 -isForBrowser -prefsHandle 4176 -prefMapHandle 4180 -prefsLen 26526 -prefMapSize 233444 -jsInitHandle 824 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {6118b0c1-5fd0-45e9-828f-7d963814d9ea} 1320 "\\.\pipe\gecko-crash-server-pipe.1320" 4164 20122558 tab
                      4⤵
                        PID:1860

                Network

                MITRE ATT&CK Enterprise v15

                Replay Monitor

                Loading Replay Monitor...

                Downloads

                • C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\id09dv1m.default-release\activity-stream.discovery_stream.json.tmp
                  Filesize

                  23KB

                  MD5

                  22f44eb490d7635bb581fc89f992b9c4

                  SHA1

                  b55afd3dae216040376fac8ada179c7d077f0ea3

                  SHA256

                  473e21938ae3793b72878ac7dd82cce159d7251295dff5b457b0f2d1e99018fd

                  SHA512

                  9eb935a8d258d4193128a3a59b355ddba5f752bf5195a530ca8c24cc263dc35793e38ab1b33c7e140db8a26a160fe9ccb770805becd08b7ddaa33f6cc7da9a05

                  Download Submit

                • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\id09dv1m.default-release\datareporting\glean\db\data.safe.bin
                  Filesize

                  2KB

                  MD5

                  f6c71418862aa348621c6dc9480b14db

                  SHA1

                  dfc2a8ce95306aa14e45c5fb9b2184bf434aae4a

                  SHA256

                  c474aa87b3012c1436a7df2083c19ef5323c328153dd3412e568f461e563ad7c

                  SHA512

                  4c240339c85f87c9cf60155e80004d9ee729b3af90589cb02a3283dd31ba7c1e424bebd80c222636d189627dce5f3f89a07b901f1da5766d53148bad1237f13d

                  Download Submit

                • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\id09dv1m.default-release\datareporting\glean\pending_pings\373fdbe3-2367-40a7-899f-952950a41e7d
                  Filesize

                  10KB

                  MD5

                  8c8de6d0ee628197877e1653b54a0e98

                  SHA1

                  eb17dc4812c51e7a036af7f4d5d2caa0e0cfc19d

                  SHA256

                  d850f05243fe2820dcca532829f0a276e151f9f6c02447cfde6a3b692532fac6

                  SHA512

                  ad66eadad0c0544cd8406591a47b139418c0f9f5d125e2081df2ff773efbe8d6f7cef6b78f7e43b898bb30139cd40ce2af10aee38ed8d03a14f8cf472af756ee

                  Download Submit

                • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\id09dv1m.default-release\datareporting\glean\pending_pings\948fde28-4666-47be-8b10-8c4c436f69c6
                  Filesize

                  745B

                  MD5

                  f6196753e08421593e31e369b6b58fea

                  SHA1

                  24d27ca25cd42888c3c07162e75ba162308b0ad7

                  SHA256

                  9f6ec571c243215d157b971f87641f27515212bc794670ea2a1ae2459f819a97

                  SHA512

                  1f640379cfb0dbcbe427fa68e001da1040c4297a78967e80fd413bd042b0843d19161b2e9722122d20458261ebb59cc3dd3c972b23f77cb56ed8cbaaf2a50a33

                  Download Submit

                • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\id09dv1m.default-release\prefs-1.js
                  Filesize

                  6KB

                  MD5

                  c719621e6cbe2ff65e7c934ceda9cfc8

                  SHA1

                  e49da8778e84fb87110f0f46f46becfeb6dcc000

                  SHA256

                  ee7e8a9772b7c2189595dd2ce5da01e6ee48331328c5c4d6161b796059a041a4

                  SHA512

                  29c4c905d47378e7354832ba717cc361820ae425604e68d3c991cb5f58a9d3139d819a14b3ba02d9028acc4b1d979d77d763d83aef129109996f0323995eb40e

                  Download Submit

                • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\id09dv1m.default-release\prefs.js
                  Filesize

                  6KB

                  MD5

                  8b0bab3295e35275ec0d6996dfc1c61d

                  SHA1

                  5d4399b08801c38151a0907d6b24857cf008bcdb

                  SHA256

                  7eece90b46bb2e9c6007b95454e45fd319d98db0568c01bcf422234b6fd6314a

                  SHA512

                  d499826e026bf3cd82416a5c089213f0b6678cddbca5cd016a6138e7ff6c11b457dc6459a98b99e1c59e2362cd43c840f877210a4d97a59a688b9cf95d2e8ccc

                  Download Submit

                • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\id09dv1m.default-release\sessionstore.jsonlz4
                  Filesize

                  576B

                  MD5

                  b8210d2cad32080d1a6001531a28ac68

                  SHA1

                  7110c134248cb4337341d1bf433ad3629bff0947

                  SHA256

                  237e8bbd1b2f9e24b033d4540a91743227397714fabbcdcd320a47e722e51e91

                  SHA512

                  1b513a897f76e0c52e9295a8d1e954d32795d5971cf9c798497a18f1561d79112ffdc8b743f236519b9730d0f9a7fe01073f3d29f16e8ff605661d0f0c03b911

                  Download Submit