f78402ac5f696919d453f3195e3db802c1effee29505729692edf7194055ce21

Analysis

max time kernel
95s
max time network
122s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
27/09/2024, 05:43

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

01052019-02DC42822-4895690A.js
Size

46KB
MD5

d7b20b2cf020a260c97cd1493a94fc51
SHA1

4a903fba618b31f5159474c9e1b8b8826712b4d6
SHA256

aeeb4d50eedd8fd602417c1d59e0d0b6b3d08c4d8045eae9b69e3b1777048062
SHA512

d7f839e473566c82a6d34b4baf96f28a04c0bfbfd09ecdcce860412f9b912dba761d9acccd542ab0a6d2ab4b415b01e8bd1ea84ce697dddf5a6245887b6ce005
SSDEEP

768:pwkZXi7LIcEf8HSLiFV2kBY0jKj390jVImehVTu2xA2uRx6LN3A+m4T+uUghMNF6:ppi7LIcEf8HSLiFV2kB7jKjSam4dUuaC

Score

8^/10

execution

Malware Config

Signatures

Blocklisted process makes network request 3 IoCs

flow	pid	Process
8	3384	wscript.exe
10	3384	wscript.exe
15	3384	wscript.exe

Checks computer location settings 2 TTPs 1 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-1194130065-3471212556-1656947724-1000\Control Panel\International\Geo\Nation	wscript.exe

Command and Scripting Interpreter: JavaScript 1 TTPs
execution

JavaScript
T1059.007
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

C:\Windows\system32\wscript.exe
wscript.exe C:\Users\Admin\AppData\Local\Temp\01052019-02DC42822-4895690A.js
1⤵
- Blocklisted process makes network request
- Checks computer location settings
PID:3384

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

T1059

JavaScript

T1059.007

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\dz5qrihur.exe

Filesize
67KB

MD5
d88485415b3f8a05fed278ce04bd23ca

SHA1
824ce50f3bd5ebe0e3627b5cc9ef87fbd90a430d

SHA256
4fed46e9717d13ac9b3edb6867f73da0f62d23032ad9ffd510362e94f0768431

SHA512
ae1d6b4f7bc86a9ab2dc4a22ac5d3467d6820f582a819aec1708e2be0f36c58a3a0e3e5b20646258d3ddaef5bf6a3020fddf87c7e0caf51ac729063153f29038

Download Submit