Overview

overview

10

Static

static

10

c-users-se...-js.js

windows7-x64

8

c-users-se...-js.js

windows10-2004-x64

8

Analysis

  • max time kernel
    149s
  • max time network
    150s
  • platform
    windows7_x64
  • resource
    win7-20240708-en
  • resource tags

    arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
  • submitted
    29-08-2024 20:09

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    c-users-secretary-appdata-roaming-microsoft-windows-start-menu-programs-startup-jzygdby8m3-js.js

  • Size

    184KB

  • MD5

    e533ffedc8288d2f1038cfc77782d6da

  • SHA1

    f4a78ddfeeac8c36e7b4ece4e7a1341a00ec58cc

  • SHA256

    5896bd105c977d63bbecedff5f1f994e4172429e91f76815131b626e0378204f

  • SHA512

    67dede606baca032763127bc0ede51161eb866c30b92356716741d47dc27d9c0bcdd6dd392235b90ec8b119e847e10204dc29fd7907dcbb472da7fa69217844d

  • SSDEEP

    3072:hp8xbeXigeXajd1LHLLdV60Q0bampZevEzRbURCBeGK/6bbIpklgVDSxGfmuZmUu:hp8xbeXigeXud1LH3dV6zMovRCBeGKWd

Score
8/10
execution

Malware Config

Signatures

  • Blocklisted process makes network request 2 IoCs
  • Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs
  • Command and Scripting Interpreter: JavaScript 1 TTPs
    execution
  • Script User-Agent 1 IoCs

    Uses user-agent string associated with script host/environment.

Processes

  • C:\Windows\system32\wscript.exe
    wscript.exe C:\Users\Admin\AppData\Local\Temp\c-users-secretary-appdata-roaming-microsoft-windows-start-menu-programs-startup-jzygdby8m3-js.js
    1⤵
    • Blocklisted process makes network request
    PID:2652

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads