5709dc35796f2a91483860820770e74dead9f01eaf2433832016fdacd2eed209

Analysis

max time kernel
150s
max time network
153s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
27-09-2024 07:54

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

5709dc35796f2a91483860820770e74dead9f01eaf2433832016fdacd2eed209.js
Size

453KB
MD5

f04f4fb3190c6cd423a4d84cf521cf65
SHA1

9d11423067f7e004d14a3803b3fe2ee046ab3dfd
SHA256

5709dc35796f2a91483860820770e74dead9f01eaf2433832016fdacd2eed209
SHA512

6bf28689632f5c7f8a19e03e3d2efd7af34f6d6d73f8f78c4b5ae97f7af051e85cbaac40640334cfe089337aa0c5388a11ad4e7a71e98841ea67585c710c1162
SSDEEP

12288:woWNEiYoNEy3ND5k6XrhqncWkhLPDS430IR:w4SR5xbWkhLN30s

Score

3^/10

execution

Malware Config

Signatures

Command and Scripting Interpreter: JavaScript 1 TTPs
execution

JavaScript
T1059.007

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1060 wrote to memory of 2256	1060	wscript.exe	30
PID 1060 wrote to memory of 2256	1060	wscript.exe	30
PID 1060 wrote to memory of 2256	1060	wscript.exe	30

C:\Windows\system32\wscript.exe
wscript.exe C:\Users\Admin\AppData\Local\Temp\5709dc35796f2a91483860820770e74dead9f01eaf2433832016fdacd2eed209.js
1⤵
- Suspicious use of WriteProcessMemory
PID:1060
- C:\Program Files\Java\jre7\bin\javaw.exe
  "C:\Program Files\Java\jre7\bin\javaw.exe" -jar "C:\Users\Admin\AppData\Roaming\osspqkjajn.txt"
  2⤵
  PID:2256

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

T1059

JavaScript

T1059.007

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Roaming\osspqkjajn.txt

Filesize
209KB

MD5
337db9434c13692b630511cb9a09ac0c

SHA1
414b08bda16868e47eac31909befbb5ae8bdd658

SHA256
ade8c69bb2bfdf28b1f39c37f0409788e0a3cd41e68838ea7b642f998ff3fd4d

SHA512
9fa7f3b07a5de778dc1db202c5880c331a1c975f2bb0f40659c4f6f173326643c8cb3516fc260e458dd8d62b5eac2c5acad1a54db20d8b092c38f09ef86b3b7c

Download Submit
memory/2256-4-0x00000000024F0000-0x0000000002760000-memory.dmp

Filesize
2.4MB

Download
memory/2256-12-0x0000000001C60000-0x0000000001C61000-memory.dmp

Filesize
4KB

Download
memory/2256-19-0x0000000001C60000-0x0000000001C61000-memory.dmp

Filesize
4KB

Download
memory/2256-27-0x0000000001C60000-0x0000000001C61000-memory.dmp

Filesize
4KB

Download
memory/2256-36-0x0000000001C60000-0x0000000001C61000-memory.dmp

Filesize
4KB

Download
memory/2256-46-0x0000000001C60000-0x0000000001C61000-memory.dmp

Filesize
4KB

Download
memory/2256-56-0x0000000001C60000-0x0000000001C61000-memory.dmp

Filesize
4KB

Download
memory/2256-58-0x0000000001C60000-0x0000000001C61000-memory.dmp

Filesize
4KB

Download
memory/2256-62-0x0000000001C60000-0x0000000001C61000-memory.dmp

Filesize
4KB

Download
memory/2256-64-0x0000000001C60000-0x0000000001C61000-memory.dmp

Filesize
4KB

Download
memory/2256-65-0x0000000001C60000-0x0000000001C61000-memory.dmp

Filesize
4KB

Download
memory/2256-67-0x0000000001C60000-0x0000000001C61000-memory.dmp

Filesize
4KB

Download
memory/2256-100-0x0000000001C60000-0x0000000001C61000-memory.dmp

Filesize
4KB

Download
memory/2256-115-0x0000000001C60000-0x0000000001C61000-memory.dmp

Filesize
4KB

Download
memory/2256-117-0x0000000001C60000-0x0000000001C61000-memory.dmp

Filesize
4KB

Download
memory/2256-235-0x00000000024F0000-0x0000000002760000-memory.dmp

Filesize
2.4MB

Download