Analysis Overview
SHA256
633d26a1267dba3a067c8d13e63586d5ede386c80116f81cba9fb09fa675d0d1
Threat Level: Likely benign
The file sample was found to be: Likely benign.
Malicious Activity Summary
Changes its process name
Checks CPU configuration
Command and Scripting Interpreter: JavaScript
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-08-26 20:48
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-08-26 20:48
Reported
2024-08-26 21:19
Platform
win11-20240802-en
Max time kernel
1468s
Max time network
1480s
Command Line
Signatures
Command and Scripting Interpreter: JavaScript
Processes
C:\Windows\system32\wscript.exe
wscript.exe C:\Users\Admin\AppData\Local\Temp\sample.js
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 88.156.103.20.in-addr.arpa | udp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
Files
Analysis: behavioral2
Detonation Overview
Submitted
2024-08-26 20:48
Reported
2024-08-26 21:21
Platform
debian9-mipsel-20240729-en
Max time kernel
9s
Max time network
1679s
Command Line
Signatures
Changes its process name
| Description | Indicator | Process | Target |
| Changes the process name, possibly in an attempt to hide itself | V8 WorkerThread | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | V8 WorkerThread | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | V8 WorkerThread | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | V8 WorkerThread | N/A | N/A |
Checks CPU configuration
| Description | Indicator | Process | Target |
| File opened for reading | /proc/cpuinfo | /usr/bin/nodejs | N/A |
Processes
/usr/bin/nodejs
[nodejs /tmp/sample.js]
Network
| Country | Destination | Domain | Proto |
| US | 1.1.1.1:53 | debian9-mipsel-20240729-en-5 | udp |
| US | 1.1.1.1:53 | debian9-mipsel-20240729-en-5 | udp |