f252f6e0d8f9f687751843dbc0be03d4f2ceb468e8453a4940d203f78cc5f04d

Analysis

max time kernel
149s
max time network
153s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
21-10-2024 01:55

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

f252f6e0d8f9f687751843dbc0be03d4f2ceb468e8453a4940d203f78cc5f04d.js
Size

750KB
MD5

0bbebce60f58abbcc864f8baf65849ba
SHA1

dbab3d6f8c0c56ea0f463696b651aa3e93f5b19f
SHA256

f252f6e0d8f9f687751843dbc0be03d4f2ceb468e8453a4940d203f78cc5f04d
SHA512

a92928cec757ffb23b40ed60238dc5c214e0d930611c2bd52ddc39430cc7e421790373f205d6116b35d913974a74119fb8b671b31815889f032e033b25e800c1
SSDEEP

6144:DJc1zD8NUnXksQva1bZ1if4Crl4RMoo2GOOuZHvOHuQtEEOBOS09cH8Gxk5ovWew:T3

Score

3^/10

execution

Malware Config

Signatures

Command and Scripting Interpreter: JavaScript 1 TTPs
execution

JavaScript
T1059.007
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious use of WriteProcessMemory 3 IoCs

Processes:

wscript.exe

description	pid	process	target process
PID 2308 wrote to memory of 2000	2308	wscript.exe	javaw.exe
PID 2308 wrote to memory of 2000	2308	wscript.exe	javaw.exe
PID 2308 wrote to memory of 2000	2308	wscript.exe	javaw.exe

C:\Windows\system32\wscript.exe
wscript.exe C:\Users\Admin\AppData\Local\Temp\f252f6e0d8f9f687751843dbc0be03d4f2ceb468e8453a4940d203f78cc5f04d.js
1⤵
- Suspicious use of WriteProcessMemory
PID:2308
- C:\Program Files\Java\jre7\bin\javaw.exe
  "C:\Program Files\Java\jre7\bin\javaw.exe" -jar "C:\Users\Admin\AppData\Roaming\dbxlupbo.txt"
  2⤵
  PID:2000

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

T1059

JavaScript

T1059.007

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Roaming\dbxlupbo.txt

Filesize
88KB

MD5
c00501fc6a943e9212f1d0fd93235daa

SHA1
8ce6b95d7fac24cbb66ab2432dd9d90668c485a9

SHA256
fa454076cf36fe6868d54215ebb345cd9d6c8423fa9bd9f0bd56df9074915215

SHA512
d98364f960cf22f2766404c6311487eb73ecc59ab610dde8549462c93a00b69245b035ec5061ff180eb001ed582c2fae385444a0a787eee3471d9c07beaa3a28

Download Submit
memory/2000-4-0x00000000026A0000-0x0000000002910000-memory.dmp

Filesize
2.4MB

Download
memory/2000-12-0x0000000000230000-0x0000000000231000-memory.dmp

Filesize
4KB

Download
memory/2000-19-0x0000000000230000-0x0000000000231000-memory.dmp

Filesize
4KB

Download
memory/2000-23-0x0000000000230000-0x0000000000231000-memory.dmp

Filesize
4KB

Download
memory/2000-27-0x0000000000230000-0x0000000000231000-memory.dmp

Filesize
4KB

Download
memory/2000-28-0x0000000000230000-0x0000000000231000-memory.dmp

Filesize
4KB

Download
memory/2000-30-0x0000000000230000-0x0000000000231000-memory.dmp

Filesize
4KB

Download
memory/2000-32-0x0000000000230000-0x0000000000231000-memory.dmp

Filesize
4KB

Download
memory/2000-34-0x0000000000230000-0x0000000000231000-memory.dmp

Filesize
4KB

Download
memory/2000-38-0x0000000000230000-0x0000000000231000-memory.dmp

Filesize
4KB

Download
memory/2000-39-0x0000000000230000-0x0000000000231000-memory.dmp

Filesize
4KB

Download
memory/2000-42-0x0000000000230000-0x0000000000231000-memory.dmp

Filesize
4KB

Download
memory/2000-46-0x0000000000230000-0x0000000000231000-memory.dmp

Filesize
4KB

Download
memory/2000-49-0x00000000026A0000-0x0000000002910000-memory.dmp

Filesize
2.4MB

Download
memory/2000-55-0x0000000000230000-0x0000000000231000-memory.dmp

Filesize
4KB

Download
memory/2000-56-0x0000000000230000-0x0000000000231000-memory.dmp

Filesize
4KB

Download
memory/2000-61-0x0000000000230000-0x0000000000231000-memory.dmp

Filesize
4KB

Download
memory/2000-86-0x0000000000230000-0x0000000000231000-memory.dmp

Filesize
4KB

Download
memory/2000-92-0x0000000000230000-0x0000000000231000-memory.dmp

Filesize
4KB

Download