835bc4b59c124c2c28fd98acd9a8d6d43cb76f9859277b470a75d87e6b97d7f3

Analysis

max time kernel
150s
max time network
151s
platform
windows7_x64
resource
win7-20240708-en
resource tags

arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
submitted
04-10-2024 01:40

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

835bc4b59c124c2c28fd98acd9a8d6d43cb76f9859277b470a75d87e6b97d7f3.js
Size

455KB
MD5

e6c000051f40808e93931bfdf2c5256e
SHA1

d4777746ee558788c4d22c68df4ad699dcc2cd14
SHA256

835bc4b59c124c2c28fd98acd9a8d6d43cb76f9859277b470a75d87e6b97d7f3
SHA512

da811bbdbbc7bb5c52fdfd6d902af0b5e7c7e1d139db399adcb8eb3bc6530f111548eaa091850f923d05ceb8b15f636a637b402cb9d2d8763a309e9f0891c25c
SSDEEP

12288:wCcDYnaA2meIGJZakKOeZbZV0aJGeORhYj5AbaQW5Io9ST7:wDYh2mQakKpP9KOJU

Score

3^/10

execution

Malware Config

Signatures

Command and Scripting Interpreter: JavaScript 1 TTPs
execution

JavaScript
T1059.007
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious use of WriteProcessMemory 3 IoCs

Processes:

wscript.exe

description	pid	Process	procid_target
PID 2112 wrote to memory of 2172	2112	wscript.exe	30
PID 2112 wrote to memory of 2172	2112	wscript.exe	30
PID 2112 wrote to memory of 2172	2112	wscript.exe	30

C:\Windows\system32\wscript.exe
wscript.exe C:\Users\Admin\AppData\Local\Temp\835bc4b59c124c2c28fd98acd9a8d6d43cb76f9859277b470a75d87e6b97d7f3.js
1⤵
- Suspicious use of WriteProcessMemory
PID:2112
- C:\Program Files\Java\jre7\bin\javaw.exe
  "C:\Program Files\Java\jre7\bin\javaw.exe" -jar "C:\Users\Admin\AppData\Roaming\xjsmgnzatj.txt"
  2⤵
  PID:2172

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

T1059

JavaScript

T1059.007

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Roaming\xjsmgnzatj.txt

Filesize
209KB

MD5
9253a3ae8d339ad044eddacb81295060

SHA1
27d8793f419328ea690734e7b5c4c4c1287fad3f

SHA256
5269f44114815dbe9d98fbc756da86969b056b4d7362c9c96d8c58dd17be161c

SHA512
fca47b36359817e769064f9b8c3d4b36ffa5e6bbba3904f06cb2c3bf7b21fa1332be506b7e45754b6c884d6d2e12da64c3bea66fc15b8baea8312b29578c557c

Download Submit
memory/2172-4-0x0000000002520000-0x0000000002790000-memory.dmp

Filesize
2.4MB

Download
memory/2172-12-0x0000000000230000-0x0000000000231000-memory.dmp

Filesize
4KB

Download
memory/2172-19-0x0000000000230000-0x0000000000231000-memory.dmp

Filesize
4KB

Download
memory/2172-26-0x0000000000230000-0x0000000000231000-memory.dmp

Filesize
4KB

Download
memory/2172-34-0x0000000000230000-0x0000000000231000-memory.dmp

Filesize
4KB

Download
memory/2172-37-0x0000000000230000-0x0000000000231000-memory.dmp

Filesize
4KB

Download
memory/2172-39-0x0000000000230000-0x0000000000231000-memory.dmp

Filesize
4KB

Download
memory/2172-46-0x0000000000230000-0x0000000000231000-memory.dmp

Filesize
4KB

Download
memory/2172-65-0x0000000000230000-0x0000000000231000-memory.dmp

Filesize
4KB

Download
memory/2172-70-0x0000000000230000-0x0000000000231000-memory.dmp

Filesize
4KB

Download
memory/2172-72-0x0000000000230000-0x0000000000231000-memory.dmp

Filesize
4KB

Download
memory/2172-73-0x0000000000230000-0x0000000000231000-memory.dmp

Filesize
4KB

Download
memory/2172-77-0x0000000000230000-0x0000000000231000-memory.dmp

Filesize
4KB

Download
memory/2172-95-0x0000000000230000-0x0000000000231000-memory.dmp

Filesize
4KB

Download
memory/2172-142-0x0000000002520000-0x0000000002790000-memory.dmp

Filesize
2.4MB

Download