Overview

overview

10

Static

static

1

PO#518463.js

windows7-x64

3

PO#518463.js

windows10-2004-x64

10

Analysis

  • max time kernel
    150s
  • max time network
    151s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    26-09-2024 10:21

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    PO#518463.js

  • Size

    453KB

  • MD5

    f04f4fb3190c6cd423a4d84cf521cf65

  • SHA1

    9d11423067f7e004d14a3803b3fe2ee046ab3dfd

  • SHA256

    5709dc35796f2a91483860820770e74dead9f01eaf2433832016fdacd2eed209

  • SHA512

    6bf28689632f5c7f8a19e03e3d2efd7af34f6d6d73f8f78c4b5ae97f7af051e85cbaac40640334cfe089337aa0c5388a11ad4e7a71e98841ea67585c710c1162

  • SSDEEP

    12288:woWNEiYoNEy3ND5k6XrhqncWkhLPDS430IR:w4SR5xbWkhLN30s

Score
3/10
execution

Malware Config

Signatures

  • Command and Scripting Interpreter: JavaScript 1 TTPs
    execution
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Windows\system32\wscript.exe
    wscript.exe C:\Users\Admin\AppData\Local\Temp\PO#518463.js
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2856
    • C:\Program Files\Java\jre7\bin\javaw.exe
      "C:\Program Files\Java\jre7\bin\javaw.exe" -jar "C:\Users\Admin\AppData\Roaming\zwquutoh.txt"
      2⤵
        PID:2708

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\Roaming\zwquutoh.txt
      Filesize

      209KB

      MD5

      337db9434c13692b630511cb9a09ac0c

      SHA1

      414b08bda16868e47eac31909befbb5ae8bdd658

      SHA256

      ade8c69bb2bfdf28b1f39c37f0409788e0a3cd41e68838ea7b642f998ff3fd4d

      SHA512

      9fa7f3b07a5de778dc1db202c5880c331a1c975f2bb0f40659c4f6f173326643c8cb3516fc260e458dd8d62b5eac2c5acad1a54db20d8b092c38f09ef86b3b7c

      Download Submit

    • memory/2708-35-0x0000000001B60000-0x0000000001B61000-memory.dmp

      Filesize

      4KB

      Download

    • memory/2708-26-0x0000000001B60000-0x0000000001B61000-memory.dmp

      Filesize

      4KB

      Download

    • memory/2708-19-0x0000000001B60000-0x0000000001B61000-memory.dmp

      Filesize

      4KB

      Download

    • memory/2708-12-0x0000000001B60000-0x0000000001B61000-memory.dmp

      Filesize

      4KB

      Download

    • memory/2708-4-0x0000000002690000-0x0000000002900000-memory.dmp

      Filesize

      2.4MB

      Download

    • memory/2708-41-0x0000000001B60000-0x0000000001B61000-memory.dmp

      Filesize

      4KB

      Download

    • memory/2708-50-0x0000000001B60000-0x0000000001B61000-memory.dmp

      Filesize

      4KB

      Download

    • memory/2708-54-0x0000000001B60000-0x0000000001B61000-memory.dmp

      Filesize

      4KB

      Download

    • memory/2708-56-0x0000000001B60000-0x0000000001B61000-memory.dmp

      Filesize

      4KB

      Download

    • memory/2708-92-0x0000000001B60000-0x0000000001B61000-memory.dmp

      Filesize

      4KB

      Download

    • memory/2708-237-0x0000000002690000-0x0000000002900000-memory.dmp

      Filesize

      2.4MB

      Download