Analysis

  • max time kernel
    150s
  • max time network
    150s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    05-10-2024 01:44

General

  • Target

    b5fab9889d333c721fed265c13879f11315afe346d13356d4d1d61d16cc2b9d7.js

  • Size

    455KB

  • MD5

    ec7b21746a03ffd34199f1943b74fe5e

  • SHA1

    c575de9f5fe3af6b479d6b0eff608ba2cbad2c9a

  • SHA256

    b5fab9889d333c721fed265c13879f11315afe346d13356d4d1d61d16cc2b9d7

  • SHA512

    581e999de6f8a2fe6083ac2b3688422b7241779d606d0cd48547e2f967ce5e79be0b37bd52a839c68d1c9689e6fe290745c292f808f7b39a3ee462687195466b

  • SSDEEP

    12288:wpJc5fLTwmpBt3bSZoWeA/3nk4I4eTrSfD:wO73lW5

Score
3/10

Malware Config

Signatures

  • Command and Scripting Interpreter: JavaScript 1 TTPs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Windows\system32\wscript.exe
    wscript.exe C:\Users\Admin\AppData\Local\Temp\b5fab9889d333c721fed265c13879f11315afe346d13356d4d1d61d16cc2b9d7.js
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1204
    • C:\Program Files\Java\jre7\bin\javaw.exe
      "C:\Program Files\Java\jre7\bin\javaw.exe" -jar "C:\Users\Admin\AppData\Roaming\vnmoneelyl.txt"
      2⤵
        PID:2808

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\Roaming\vnmoneelyl.txt

      Filesize

      209KB

      MD5

      844290ed18eb3b9635b3e8791d8010e4

      SHA1

      9af22c6adb2932835ab50d864e0651229721a0e8

      SHA256

      1d1640fd890d14e7a04a5561136c3d1b4bd35f4de5de923b9af5f1d5a197fbc8

      SHA512

      532f471a23a8b96337147f1d9265d5b1c19df6ae5454667d8a122873e92e8a461d500c244ef2c56acf14ce3e7148f6c9b21b4cf13c63455b08bad36113f00ad8

    • memory/2808-4-0x0000000002550000-0x00000000027C0000-memory.dmp

      Filesize

      2.4MB

    • memory/2808-12-0x0000000002040000-0x0000000002041000-memory.dmp

      Filesize

      4KB

    • memory/2808-19-0x0000000002040000-0x0000000002041000-memory.dmp

      Filesize

      4KB

    • memory/2808-25-0x0000000002040000-0x0000000002041000-memory.dmp

      Filesize

      4KB

    • memory/2808-31-0x0000000002040000-0x0000000002041000-memory.dmp

      Filesize

      4KB

    • memory/2808-36-0x0000000002040000-0x0000000002041000-memory.dmp

      Filesize

      4KB

    • memory/2808-39-0x0000000002040000-0x0000000002041000-memory.dmp

      Filesize

      4KB

    • memory/2808-40-0x0000000002040000-0x0000000002041000-memory.dmp

      Filesize

      4KB

    • memory/2808-41-0x0000000002550000-0x00000000027C0000-memory.dmp

      Filesize

      2.4MB

    • memory/2808-43-0x0000000002040000-0x0000000002041000-memory.dmp

      Filesize

      4KB

    • memory/2808-45-0x0000000002040000-0x0000000002041000-memory.dmp

      Filesize

      4KB

    • memory/2808-47-0x0000000002040000-0x0000000002041000-memory.dmp

      Filesize

      4KB

    • memory/2808-49-0x0000000002040000-0x0000000002041000-memory.dmp

      Filesize

      4KB

    • memory/2808-53-0x0000000002040000-0x0000000002041000-memory.dmp

      Filesize

      4KB

    • memory/2808-57-0x0000000002040000-0x0000000002041000-memory.dmp

      Filesize

      4KB

    • memory/2808-94-0x0000000002040000-0x0000000002041000-memory.dmp

      Filesize

      4KB

    • memory/2808-96-0x0000000002040000-0x0000000002041000-memory.dmp

      Filesize

      4KB

    • memory/2808-100-0x0000000002040000-0x0000000002041000-memory.dmp

      Filesize

      4KB

    • memory/2808-106-0x0000000002040000-0x0000000002041000-memory.dmp

      Filesize

      4KB