Malware Analysis Report

2024-10-23 16:11

Sample ID 241008-v9rc3axdjq
Target Update.js
SHA256 a05933c299a81badef96fd575ff0f7d934c3edaf0f7478e897a2299f1ef8f11e
Tags
execution
score
8/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
8/10

SHA256

a05933c299a81badef96fd575ff0f7d934c3edaf0f7478e897a2299f1ef8f11e

Threat Level: Likely malicious

The file Update.js was found to be: Likely malicious.

Malicious Activity Summary

execution

Blocklisted process makes network request

Command and Scripting Interpreter: JavaScript

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-10-08 17:41

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-10-08 17:41

Reported

2024-10-08 18:12

Platform

win11-20241007-en

Max time kernel

1508s

Max time network

1480s

Command Line

wscript.exe C:\Users\Admin\AppData\Local\Temp\Update.js

Signatures

Blocklisted process makes network request

Description Indicator Process Target
N/A N/A C:\Windows\system32\wscript.exe N/A
N/A N/A C:\Windows\system32\wscript.exe N/A
N/A N/A C:\Windows\system32\wscript.exe N/A
N/A N/A C:\Windows\system32\wscript.exe N/A

Command and Scripting Interpreter: JavaScript

execution

Processes

C:\Windows\system32\wscript.exe

wscript.exe C:\Users\Admin\AppData\Local\Temp\Update.js

Network

Country Destination Domain Proto
US 8.8.8.8:53 ggoryo.com udp
US 77.83.199.112:443 ggoryo.com tcp
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 112.199.83.77.in-addr.arpa udp
GB 2.23.210.82:80 r11.o.lencr.org tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp

Files

N/A