Overview

overview

10

Static

static

1

PO#518464.js

windows7-x64

3

PO#518464.js

windows10-2004-x64

10

Analysis

  • max time kernel
    150s
  • max time network
    153s
  • platform
    windows7_x64
  • resource
    win7-20240729-en
  • resource tags

    arch:x64arch:x86image:win7-20240729-enlocale:en-usos:windows7-x64system
  • submitted
    27-09-2024 08:28

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    PO#518464.js

  • Size

    458KB

  • MD5

    bad891ad34cea31a079100af2269d1a2

  • SHA1

    5ec553750e242c145483984e6d856cd8a8749fb3

  • SHA256

    25c4220159b9f1acd768415b14403854a8dec47c3d1a1286e75631f60bc54ebf

  • SHA512

    2b95217a632bc953115bf6eb5632fe5476f9b1b6b037edb9fed507d4681784aec3f62e4ba62acec707eca5d507ee29d1e278ff4022dd572f02e2f63790fc6b8f

  • SSDEEP

    6144:HQ79rj8xxZDM9PuwTd51LkiZJsuRnuXtMVDjCWMtZlAgQmXauo72q3Hs5lcflfrC:w9ASJDJkgnRLDjQ3AL2q362C

Score
3/10
execution

Malware Config

Signatures

  • Command and Scripting Interpreter: JavaScript 1 TTPs
    execution
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Windows\system32\wscript.exe
    wscript.exe C:\Users\Admin\AppData\Local\Temp\PO#518464.js
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2856
    • C:\Program Files\Java\jre7\bin\javaw.exe
      "C:\Program Files\Java\jre7\bin\javaw.exe" -jar "C:\Users\Admin\AppData\Roaming\kkadtrslq.txt"
      2⤵
        PID:1488

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\Roaming\kkadtrslq.txt
      Filesize

      209KB

      MD5

      9253a3ae8d339ad044eddacb81295060

      SHA1

      27d8793f419328ea690734e7b5c4c4c1287fad3f

      SHA256

      5269f44114815dbe9d98fbc756da86969b056b4d7362c9c96d8c58dd17be161c

      SHA512

      fca47b36359817e769064f9b8c3d4b36ffa5e6bbba3904f06cb2c3bf7b21fa1332be506b7e45754b6c884d6d2e12da64c3bea66fc15b8baea8312b29578c557c

      Download Submit

    • memory/1488-4-0x0000000002770000-0x00000000029E0000-memory.dmp

      Filesize

      2.4MB

      Download

    • memory/1488-12-0x0000000000330000-0x0000000000331000-memory.dmp

      Filesize

      4KB

      Download

    • memory/1488-19-0x0000000000330000-0x0000000000331000-memory.dmp

      Filesize

      4KB

      Download

    • memory/1488-27-0x0000000000330000-0x0000000000331000-memory.dmp

      Filesize

      4KB

      Download

    • memory/1488-31-0x0000000000330000-0x0000000000331000-memory.dmp

      Filesize

      4KB

      Download

    • memory/1488-34-0x0000000000330000-0x0000000000331000-memory.dmp

      Filesize

      4KB

      Download

    • memory/1488-42-0x0000000000330000-0x0000000000331000-memory.dmp

      Filesize

      4KB

      Download

    • memory/1488-43-0x0000000000330000-0x0000000000331000-memory.dmp

      Filesize

      4KB

      Download

    • memory/1488-49-0x0000000000330000-0x0000000000331000-memory.dmp

      Filesize

      4KB

      Download

    • memory/1488-64-0x0000000000330000-0x0000000000331000-memory.dmp

      Filesize

      4KB

      Download

    • memory/1488-66-0x0000000000330000-0x0000000000331000-memory.dmp

      Filesize

      4KB

      Download

    • memory/1488-68-0x0000000000330000-0x0000000000331000-memory.dmp

      Filesize

      4KB

      Download

    • memory/1488-70-0x0000000000330000-0x0000000000331000-memory.dmp

      Filesize

      4KB

      Download

    • memory/1488-75-0x0000000000330000-0x0000000000331000-memory.dmp

      Filesize

      4KB

      Download

    • memory/1488-81-0x0000000000330000-0x0000000000331000-memory.dmp

      Filesize

      4KB

      Download

    • memory/1488-98-0x0000000000330000-0x0000000000331000-memory.dmp

      Filesize

      4KB

      Download

    • memory/1488-142-0x0000000002770000-0x00000000029E0000-memory.dmp

      Filesize

      2.4MB

      Download