1d503f8439839103192d3c1649cdfc1d52ee38e9c2a2a34e7a47d1c4310ffe1f

Analysis

max time kernel
13s
max time network
19s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
06-09-2024 14:00

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

AMERICAN GROUP.js
Size

5KB
MD5

5be88d052188df8add0940e02e81c7ba
SHA1

f94e8408818fe5537653a25bc30dadd9dd1e274f
SHA256

4858ae3bd1364f5c2246a46b84dc9abc15b1ea5ffc98a15dc5610b976042aea6
SHA512

135e6707323d014de36ed1028ea7a5fd9ca4afcf15f8e5c65dc9bc8b22173f9990e71f1f7be1c693339df48cfb7e3fbc8c9b997b2901069334f4a605ed32c8b7
SSDEEP

96:lkPtC7pMHzQL4hl0m5VqOM/C7yieEPjOQOUQ8CcZJEp6LWQPjwo47f:e879iUCFF9Q8Ccbj94r

Score

8^/10

execution

Malware Config

Signatures

Blocklisted process makes network request 3 IoCs

flow	pid	Process
3	488	wscript.exe
5	488	wscript.exe
6	488	wscript.exe

Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs

Web Service

T1102

flow	ioc
2	pastebin.com
3	pastebin.com

Command and Scripting Interpreter: JavaScript 1 TTPs
execution

JavaScript
T1059.007

Script User-Agent 1 IoCs

Uses user-agent string associated with script host/environment.

description	flow	ioc
HTTP User-Agent header	3	Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)

C:\Windows\system32\wscript.exe
wscript.exe "C:\Users\Admin\AppData\Local\Temp\AMERICAN GROUP.js"
1⤵
- Blocklisted process makes network request
PID:488

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

T1059

JavaScript

T1059.007

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads