Analysis
-
max time kernel
150s -
max time network
151s -
platform
windows7_x64 -
resource
win7-20240708-en -
resource tags
arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system -
submitted
23-10-2024 00:26
Static task
static1
Behavioral task
behavioral1
Sample
Proofofpayment.js
Resource
win7-20240708-en
Behavioral task
behavioral2
Sample
Proofofpayment.js
Resource
win10v2004-20241007-en
General
-
Target
Proofofpayment.js
-
Size
199KB
-
MD5
efe96b774d716e94b8ddf67f11799f72
-
SHA1
cebf7446b7712b0be7d4139690413cb0a3ec2926
-
SHA256
cc60fd66292a5edd37d23b5f3928015bd7aefa106df32d27adfe0604564ca682
-
SHA512
795ff59eab0a6d253c5e039e6695d9f00f6e0a13714f311ecb744102c67fdbf5158812b570b7198bdd21349c6a2757ee85101517e71c446e56910f488cccf853
-
SSDEEP
3072:DQ18m6EBIFcNzKF2+uKr0rZvInqhvFm+LeOn6dHihG+KwszDU:DQv6DSNWFUKrOQnqhvFm+0Vio+jR
Malware Config
Signatures
-
Command and Scripting Interpreter: JavaScript 1 TTPs
-
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 2448 wrote to memory of 2272 2448 wscript.exe 30 PID 2448 wrote to memory of 2272 2448 wscript.exe 30 PID 2448 wrote to memory of 2272 2448 wscript.exe 30
Processes
-
C:\Windows\system32\wscript.exewscript.exe C:\Users\Admin\AppData\Local\Temp\Proofofpayment.js1⤵
- Suspicious use of WriteProcessMemory
PID:2448 -
C:\Program Files\Java\jre7\bin\javaw.exe"C:\Program Files\Java\jre7\bin\javaw.exe" -jar "C:\Users\Admin\AppData\Roaming\htcqhoqc.txt"2⤵PID:2272
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
92KB
MD57b51be77942ed021489dbf24edec3de0
SHA187c16cedede053c98a0e8ee17ffbfdeb8525071b
SHA256489004af1fd6085da359ab80ecce733e9bda9d5f7ddf08edcd5ae38a24826177
SHA5125590644bcebbebd12d597ab11a5fe6fa584800ca8eda8cea45b5bd5b81bccccc92a1f5362282b74934f68ce5820bb6cd89c5e43cf328445105c42d4367194706