Overview

overview

4

Static

static

3

StealthGuard.appx

windows7-x64

StealthGuard.appx

windows10-2004-x64

3

VFS/AppDat...DME.js

windows7-x64

3

VFS/AppDat...DME.js

windows10-2004-x64

3

VFS/AppDat...dex.js

windows7-x64

3

VFS/AppDat...dex.js

windows10-2004-x64

3

VFS/AppDat...DME.js

windows7-x64

3

VFS/AppDat...DME.js

windows10-2004-x64

3

VFS/AppDat...dex.js

windows7-x64

3

VFS/AppDat...dex.js

windows10-2004-x64

4

VFS/AppDat...dex.js

windows7-x64

3

VFS/AppDat...dex.js

windows10-2004-x64

3

VFS/AppDat...nts.js

windows7-x64

3

VFS/AppDat...nts.js

windows10-2004-x64

3

VFS/AppDat...dex.js

windows7-x64

3

VFS/AppDat...dex.js

windows10-2004-x64

3

VFS/AppDat...DME.js

windows7-x64

3

VFS/AppDat...DME.js

windows10-2004-x64

3

VFS/AppDat...dex.js

windows7-x64

3

VFS/AppDat...dex.js

windows10-2004-x64

3

VFS/AppDat...cmd.js

ubuntu-18.04-amd64

1

VFS/AppDat...cmd.js

debian-9-armhf

1

VFS/AppDat...cmd.js

debian-9-mips

1

VFS/AppDat...cmd.js

debian-9-mipsel

1

VFS/AppDat...dex.js

windows7-x64

3

VFS/AppDat...dex.js

windows10-2004-x64

3

VFS/AppDat...ade.js

windows7-x64

3

VFS/AppDat...ade.js

windows10-2004-x64

3

VFS/AppDat...ual.js

windows7-x64

3

VFS/AppDat...ual.js

windows10-2004-x64

3

VFS/AppDat...ive.js

windows7-x64

3

VFS/AppDat...ive.js

windows10-2004-x64

3

Analysis

  • max time kernel
    148s
  • max time network
    155s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240802-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
  • submitted
    18-09-2024 05:11

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    VFS/AppData/StealthGuard/node_modules/minipass/index.js

  • Size

    18KB

  • MD5

    6cd6e305cb0922ce5e2e9f68c4df7204

  • SHA1

    1e611c864d9e6a84497d3005a7f6a2cf2f40a8b0

  • SHA256

    d86124188d77d38942ee04b0a79013b942524a9b3f761e6114369a52091794f7

  • SHA512

    6ca059e4d7ecfbdf3639b8c43371a21ec00cfeab3b19383e3f7a9ebae09b4d199020415e499ba04da2b7275cb3a07b65e5c01d1795fea567308bd1c7655c22bd

  • SSDEEP

    384:njFrEMc8CIQrEO5Gpk7qBlWJXxK6+EcX8Pj4x0WpFUAPsBAf7BUNbPCpWI:njFrEcUhK3zFaut

Score
4/10
execution

Malware Config

Signatures

  • Drops file in Windows directory 1 IoCs
  • Command and Scripting Interpreter: JavaScript 1 TTPs
    execution
  • Suspicious behavior: AddClipboardFormatListener 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 2 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of FindShellTrayWindow 4 IoCs
  • Suspicious use of SendNotifyMessage 3 IoCs
  • Suspicious use of SetWindowsHookEx 5 IoCs

Processes

  • C:\Windows\system32\wscript.exe
    wscript.exe C:\Users\Admin\AppData\Local\Temp\VFS\AppData\StealthGuard\node_modules\minipass\index.js
    1⤵
      PID:5080
    • C:\Windows\system32\mspaint.exe
      "C:\Windows\system32\mspaint.exe" "C:\Users\Admin\Desktop\LimitClose.bmp"
      1⤵
      • Drops file in Windows directory
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of SetWindowsHookEx
      PID:3500
    • C:\Windows\system32\svchost.exe
      C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s DeviceAssociationService
      1⤵
        PID:964
      • C:\Program Files\VideoLAN\VLC\vlc.exe
        "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file "C:\Users\Admin\Desktop\CompressAssert.mov"
        1⤵
        • Suspicious behavior: AddClipboardFormatListener
        • Suspicious behavior: GetForegroundWindowSpam
        • Suspicious use of FindShellTrayWindow
        • Suspicious use of SendNotifyMessage
        • Suspicious use of SetWindowsHookEx
        PID:4624

      Network

      MITRE ATT&CK Enterprise v15

      Replay Monitor

      Loading Replay Monitor...

      Downloads

      • memory/4624-14-0x00007FFE179C0000-0x00007FFE179F4000-memory.dmp

        Filesize

        208KB

        Download

      • memory/4624-13-0x00007FF77B2A0000-0x00007FF77B398000-memory.dmp

        Filesize

        992KB

        Download

      • memory/4624-15-0x00007FFE02A00000-0x00007FFE02CB6000-memory.dmp

        Filesize

        2.7MB

        Download

      • memory/4624-16-0x00007FFE01590000-0x00007FFE02640000-memory.dmp

        Filesize

        16.7MB

        Download