94f7bb1f4a23e922b70ae87edd21664b885145c71a619e408fdc246b5de31233

Analysis

max time kernel
148s
max time network
152s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
07/09/2024, 07:41

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Группа Компаний ПИК подробности заказа.jse
Size

6KB
MD5

b4a607c686cd11dc0b8870d92424812d
SHA1

3e8c836ce13cbff2a1f013a41b684c5f82e34034
SHA256

2a006763fef6dd14c624c37c4d12f8e5c8d491bd04f5d3f31f8dbbf077d2596b
SHA512

4a74cd3e689e3b33f2258d9e601cbb1481bbeb37097f62fbf890d380a37e8ea86889f347e1164d7772fbf1b8a7d91d8be986b6dfd4b79b14a5e109e7c04b80c7
SSDEEP

96:WY7jjB1LBwLGpfqwX4aDsqZMUvpKjZWLOZMQkIUARj1aZPfD8WmrmlCUM:W+j5wLsn4aDaQp2ZWL6p9qZj8hylzM

Score

8^/10

execution

Malware Config

Signatures

Blocklisted process makes network request 2 IoCs

flow	pid	Process
4	3992	WScript.exe
8	3992	WScript.exe

Command and Scripting Interpreter: JavaScript 1 TTPs
execution

JavaScript
T1059.007

C:\Windows\System32\WScript.exe
C:\Windows\System32\WScript.exe "C:\Users\Admin\AppData\Local\Temp\Группа Компаний ПИК подробности заказа.jse"
1⤵
- Blocklisted process makes network request
PID:3992

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

T1059

JavaScript

T1059.007

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Windows 7 deprecation

Loading Replay Monitor...