Overview

overview

3

Static

static

1

api/poll.js

windows7-x64

3

api/poll.js

windows10-2004-x64

3

api/uc.js

windows7-x64

3

api/uc.js

windows10-2004-x64

3

api/新云软件.url

windows7-x64

1

api/新云软件.url

windows10-2004-x64

1

config/con...lt.ps1

windows7-x64

3

config/con...lt.ps1

windows10-2004-x64

3

data/ipdata/index.htm

windows7-x64

3

data/ipdata/index.htm

windows10-2004-x64

1

install/in...on.ps1

windows7-x64

3

install/in...on.ps1

windows10-2004-x64

3

install/in...sql.js

windows7-x64

3

install/in...sql.js

windows10-2004-x64

3

install/index.js

windows7-x64

3

install/index.js

windows10-2004-x64

3

install/update.ps1

windows7-x64

3

install/update.ps1

windows10-2004-x64

3

source/adm...der.js

windows7-x64

3

source/adm...der.js

windows10-2004-x64

3

source/adm...ain.js

windows7-x64

3

source/adm...ain.js

windows10-2004-x64

3

source/adm...ile.js

windows7-x64

3

source/adm...ile.js

windows10-2004-x64

3

source/adm...ll.ps1

windows7-x64

3

source/adm...ll.ps1

windows10-2004-x64

3

source/adm...ex.htm

windows7-x64

3

source/adm...ex.htm

windows10-2004-x64

3

source/cla...ncp.js

windows7-x64

3

source/cla...ncp.js

windows10-2004-x64

3

source/cla...ode.js

windows7-x64

3

source/cla...ode.js

windows10-2004-x64

3

Analysis

  • max time kernel
    120s
  • max time network
    126s
  • platform
    windows7_x64
  • resource
    win7-20240704-en
  • resource tags

    arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
  • submitted
    13-08-2024 03:25

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    source/admincp/admincp_main.js

  • Size

    11KB

  • MD5

    abefbbf23499bdc8fa0f41fa9e1d0252

  • SHA1

    cde5503cbaec06eb44819ada1db14c8bf0dff744

  • SHA256

    15225e225e7510b6296e9b22031cf26dd18af9fbc49b74eeda6f3b1861b85983

  • SHA512

    4ba3fca65b2abf704cd3fbf920409e64e68a33288d91019e9e0b939277bb4bd283f6eee724b850a8292ea502a25a062fe52939d1f113e072016d870daf480fd2

  • SSDEEP

    192:Iwde4I0/JReqFDO39sAu+czXsNWtM1uXN0PUo7u6I4ounalWgA//m6mLxyh:gf0/JR/W9sAEzXWWtM1yCPUo7GBGalWP

Score
3/10
execution

Malware Config

Signatures

Processes

  • C:\Windows\system32\wscript.exe
    wscript.exe C:\Users\Admin\AppData\Local\Temp\source\admincp\admincp_main.js
    1⤵
      PID:2376

    Network

    MITRE ATT&CK Matrix ATT&CK v13

    Initial Access

    Execution

    Command and Scripting Interpreter

    1
    T1059

    JavaScript

    1
    T1059.007

    Persistence

    Privilege Escalation

    Defense Evasion

    Credential Access

    Discovery

    Lateral Movement

    Collection

    Exfiltration

    Command and Control

    Impact

    Resource Development

    Reconnaissance

    Replay Monitor

    Loading Replay Monitor...

    Downloads