Analysis
-
max time kernel
148s -
max time network
149s -
platform
windows7_x64 -
resource
win7-20240903-en -
resource tags
arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system -
submitted
21-10-2024 11:15
Static task
static1
Behavioral task
behavioral1
Sample
Solicitação de Cotação.js
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
Solicitação de Cotação.js
Resource
win10v2004-20241007-en
General
-
Target
Solicitação de Cotação.js
-
Size
184KB
-
MD5
29a46a991f69322c414cd76707bf04ae
-
SHA1
0a484d57667361f03619f5e55fc8df61ec48ec6b
-
SHA256
c480fe7adba62a2d2f5b983c88358306ee204d94eedceae5f72e9c8c0c6e701a
-
SHA512
25049793b5c8a2e81562153377bea8182fa0967a55534113a1dce787b985d932f2554964c604348024bf785906d75c8de6b361cb3eb8e4336f24f9ff959b0182
-
SSDEEP
3072:xmc9ypzk6F5Sp8Co92lb5yeCCy3g4PU5wBCuRBx7OEFVxKZlvy+6OnpnbQxwHWku:xRMpQ6F5q8RglQdCyQx14x7OEdYb8wH4
Malware Config
Signatures
-
Command and Scripting Interpreter: JavaScript 1 TTPs
-
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 3056 wrote to memory of 2784 3056 wscript.exe 31 PID 3056 wrote to memory of 2784 3056 wscript.exe 31 PID 3056 wrote to memory of 2784 3056 wscript.exe 31
Processes
-
C:\Windows\system32\wscript.exewscript.exe "C:\Users\Admin\AppData\Local\Temp\Solicitação de Cotação.js"1⤵
- Suspicious use of WriteProcessMemory
PID:3056 -
C:\Program Files\Java\jre7\bin\javaw.exe"C:\Program Files\Java\jre7\bin\javaw.exe" -jar "C:\Users\Admin\AppData\Roaming\hjvzsxluyo.txt"2⤵PID:2784
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
92KB
MD59f529d816bffd28587755104a62e7ffe
SHA12ced260d71011c450dab5145881fad5460d00edb
SHA2567bd8097de078f21e7f97dc04fac6ed6a4d7bc042934e2ec179706838303efe2f
SHA512ccb1437c4fc7465bfdd62e5a7556a13f2bbebafe73e6c545a0125fe0289e833928b6c9f61ce36102ea107a6054f6ac738fae81ac068555fc500f1df15ac6baab