99b6692bedd84a5e92e3d7a9f24c826d913c31dfd55ca89bf6eee67f20ee221f

Analysis

max time kernel
120s
max time network
120s
platform
windows7_x64
resource
win7-20240708-en
resource tags

arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
submitted
08-09-2024 03:36

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

AMERICAN GROUP.js
Size

5KB
MD5

709df3d382b86fffeda0e0c534206ec1
SHA1

570e38194e3d5e977af449ca2fe1ef9f05b9c7de
SHA256

ca5a213e123d830ad88e6eb9da341326fa6ea6c5bb535069406f9454b5aecccc
SHA512

8e6d6a7038ae9f3edcec8b2bdbb536f356fe565b11f6114fc06425a1e1efeaa84693e2750d3b4a843daccb799bfc37b8a6b0fd3d8296c43909174b5179ae2365
SSDEEP

96:XHSZyZ020gtthyohPx1MMEqzHQH0TqfpkIiup77jIf:i/dyU4I370

Score

8^/10

execution

Malware Config

Signatures

Blocklisted process makes network request 3 IoCs

flow	pid	Process
3	2184	wscript.exe
5	2184	wscript.exe
6	2184	wscript.exe

Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs

Web Service

T1102

flow	ioc
2	pastebin.com
3	pastebin.com

Command and Scripting Interpreter: JavaScript 1 TTPs
execution

JavaScript
T1059.007

Script User-Agent 1 IoCs

Uses user-agent string associated with script host/environment.

description	flow	ioc
HTTP User-Agent header	3	Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)

C:\Windows\system32\wscript.exe
wscript.exe "C:\Users\Admin\AppData\Local\Temp\AMERICAN GROUP.js"
1⤵
- Blocklisted process makes network request
PID:2184

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

T1059

JavaScript

T1059.007

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads