Analysis
-
max time kernel
149s -
max time network
155s -
platform
windows7_x64 -
resource
win7-20241010-en -
resource tags
arch:x64arch:x86image:win7-20241010-enlocale:en-usos:windows7-x64system -
submitted
16-10-2024 15:33
Static task
static1
Behavioral task
behavioral1
Sample
002b815349c937aa5742a14d349dbc841c7348990e21a42fe7a503a5bfa562a6.js
Resource
win7-20241010-en
Behavioral task
behavioral2
Sample
002b815349c937aa5742a14d349dbc841c7348990e21a42fe7a503a5bfa562a6.js
Resource
win10v2004-20241007-en
General
-
Target
002b815349c937aa5742a14d349dbc841c7348990e21a42fe7a503a5bfa562a6.js
-
Size
199KB
-
MD5
aa597f36329d08510090f6340995538a
-
SHA1
096af4879ef8ee00c5e441670f6b3e4a94b010f4
-
SHA256
002b815349c937aa5742a14d349dbc841c7348990e21a42fe7a503a5bfa562a6
-
SHA512
c880c3f2f0d3eb70f39b50f8b5f7307a35f6f52318237f76cee209865f6de7d0c3e869e5697254bbf74f744368847f4af3b9e5fb9a9fd60fb30f15e6b33a3c3f
-
SSDEEP
6144:KQZlI75f7+TvI341Sz+7mgPe0RnX+FJlUR+mxR6LO5BGu+BVvvKBl7EDB0F52fzy:Z8LmB6tD7iFSg
Malware Config
Signatures
-
Command and Scripting Interpreter: JavaScript 1 TTPs
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 432 wrote to memory of 2772 432 wscript.exe 29 PID 432 wrote to memory of 2772 432 wscript.exe 29 PID 432 wrote to memory of 2772 432 wscript.exe 29
Processes
-
C:\Windows\system32\wscript.exewscript.exe C:\Users\Admin\AppData\Local\Temp\002b815349c937aa5742a14d349dbc841c7348990e21a42fe7a503a5bfa562a6.js1⤵
- Suspicious use of WriteProcessMemory
PID:432 -
C:\Program Files\Java\jre7\bin\javaw.exe"C:\Program Files\Java\jre7\bin\javaw.exe" -jar "C:\Users\Admin\AppData\Roaming\kdtsxmq.txt"2⤵PID:2772
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
92KB
MD52cc7e15396dc275497fcf51f461da38d
SHA16fa0f11b6d9e3812a86ff1d43a86ad34bfc41062
SHA256e14f1c7e11a1f1ddd570d605e4204a694a7370d603c1b1ca157e505f180ccc48
SHA512daf71473c48f9592d33a49ff2f6d7b84e2c3a992f18a29979494cae86623328f0137c6ae9046cf3bbeb75d90d2a030d1fdbf3aca8718ea769429ce1e6e4a931f