Analysis Overview
score
8/10
SHA256
a05933c299a81badef96fd575ff0f7d934c3edaf0f7478e897a2299f1ef8f11e
Threat Level: Likely malicious
The file Update.js was found to be: Likely malicious.
Malicious Activity Summary
Blocklisted process makes network request
Command and Scripting Interpreter: JavaScript
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-10-08 17:41
Signatures
N/A
Analysis: behavioral1
Detonation Overview
Submitted
2024-10-08 17:41
Reported
2024-10-08 18:12
Platform
win11-20241007-en
Max time kernel
1508s
Max time network
1480s
Command Line
wscript.exe C:\Users\Admin\AppData\Local\Temp\Update.js
Signatures
Blocklisted process makes network request
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\wscript.exe | N/A |
| N/A | N/A | C:\Windows\system32\wscript.exe | N/A |
| N/A | N/A | C:\Windows\system32\wscript.exe | N/A |
| N/A | N/A | C:\Windows\system32\wscript.exe | N/A |
Command and Scripting Interpreter: JavaScript
Processes
C:\Windows\system32\wscript.exe
wscript.exe C:\Users\Admin\AppData\Local\Temp\Update.js
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | ggoryo.com | udp |
| US | 77.83.199.112:443 | ggoryo.com | tcp |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 112.199.83.77.in-addr.arpa | udp |
| GB | 2.23.210.82:80 | r11.o.lencr.org | tcp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
Files
N/A