Analysis
-
max time kernel
150s -
max time network
150s -
platform
windows7_x64 -
resource
win7-20240903-en -
resource tags
arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system -
submitted
05-10-2024 01:44
Static task
static1
Behavioral task
behavioral1
Sample
b5fab9889d333c721fed265c13879f11315afe346d13356d4d1d61d16cc2b9d7.js
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
b5fab9889d333c721fed265c13879f11315afe346d13356d4d1d61d16cc2b9d7.js
Resource
win10v2004-20240802-en
General
-
Target
b5fab9889d333c721fed265c13879f11315afe346d13356d4d1d61d16cc2b9d7.js
-
Size
455KB
-
MD5
ec7b21746a03ffd34199f1943b74fe5e
-
SHA1
c575de9f5fe3af6b479d6b0eff608ba2cbad2c9a
-
SHA256
b5fab9889d333c721fed265c13879f11315afe346d13356d4d1d61d16cc2b9d7
-
SHA512
581e999de6f8a2fe6083ac2b3688422b7241779d606d0cd48547e2f967ce5e79be0b37bd52a839c68d1c9689e6fe290745c292f808f7b39a3ee462687195466b
-
SSDEEP
12288:wpJc5fLTwmpBt3bSZoWeA/3nk4I4eTrSfD:wO73lW5
Malware Config
Signatures
-
Command and Scripting Interpreter: JavaScript 1 TTPs
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Suspicious use of WriteProcessMemory 3 IoCs
Processes:
wscript.exedescription pid Process procid_target PID 1204 wrote to memory of 2808 1204 wscript.exe 30 PID 1204 wrote to memory of 2808 1204 wscript.exe 30 PID 1204 wrote to memory of 2808 1204 wscript.exe 30
Processes
-
C:\Windows\system32\wscript.exewscript.exe C:\Users\Admin\AppData\Local\Temp\b5fab9889d333c721fed265c13879f11315afe346d13356d4d1d61d16cc2b9d7.js1⤵
- Suspicious use of WriteProcessMemory
PID:1204 -
C:\Program Files\Java\jre7\bin\javaw.exe"C:\Program Files\Java\jre7\bin\javaw.exe" -jar "C:\Users\Admin\AppData\Roaming\vnmoneelyl.txt"2⤵PID:2808
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
209KB
MD5844290ed18eb3b9635b3e8791d8010e4
SHA19af22c6adb2932835ab50d864e0651229721a0e8
SHA2561d1640fd890d14e7a04a5561136c3d1b4bd35f4de5de923b9af5f1d5a197fbc8
SHA512532f471a23a8b96337147f1d9265d5b1c19df6ae5454667d8a122873e92e8a461d500c244ef2c56acf14ce3e7148f6c9b21b4cf13c63455b08bad36113f00ad8