c31cee51acf037dd2a09dd6dfddc5e889df9646af5625f827007c5b795b0dbb6

Analysis

max time kernel
149s
max time network
155s
platform
windows7_x64
resource
win7-20241010-en
resource tags

arch:x64arch:x86image:win7-20241010-enlocale:en-usos:windows7-x64system
submitted
24-10-2024 02:10

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

c31cee51acf037dd2a09dd6dfddc5e889df9646af5625f827007c5b795b0dbb6.js
Size

205KB
MD5

b60592cb963de5d1cb804db6c07dd289
SHA1

20c09f859df663850c5f6ec109bc9a5a2831c022
SHA256

c31cee51acf037dd2a09dd6dfddc5e889df9646af5625f827007c5b795b0dbb6
SHA512

253537ea93ebf4c2decacea5a99ef1b7351d839498f690357a9ce6bc57baf2835b40cc7a7d4819a0e69cdfabea28290c0b6f3ea6c71971ca99967c789a59e251
SSDEEP

3072:DQGJLNtKFO/4xaWihrT5UAE5mZgyFz+OOdBdlsNzsQVmWp7:DQ6/n/WaWiha95bQz+OOjdMzsQVmWZ

Score

3^/10

execution

Malware Config

Signatures

Command and Scripting Interpreter: JavaScript 1 TTPs
execution

JavaScript
T1059.007
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious use of WriteProcessMemory 3 IoCs

Processes:

wscript.exe

description	pid	process	target process
PID 2880 wrote to memory of 2744	2880	wscript.exe	javaw.exe
PID 2880 wrote to memory of 2744	2880	wscript.exe	javaw.exe
PID 2880 wrote to memory of 2744	2880	wscript.exe	javaw.exe

C:\Windows\system32\wscript.exe
wscript.exe C:\Users\Admin\AppData\Local\Temp\c31cee51acf037dd2a09dd6dfddc5e889df9646af5625f827007c5b795b0dbb6.js
1⤵
- Suspicious use of WriteProcessMemory
PID:2880
- C:\Program Files\Java\jre7\bin\javaw.exe
  "C:\Program Files\Java\jre7\bin\javaw.exe" -jar "C:\Users\Admin\AppData\Roaming\mqzibkh.txt"
  2⤵
  PID:2744

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

T1059

JavaScript

T1059.007

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Roaming\mqzibkh.txt

Filesize
92KB

MD5
7b51be77942ed021489dbf24edec3de0

SHA1
87c16cedede053c98a0e8ee17ffbfdeb8525071b

SHA256
489004af1fd6085da359ab80ecce733e9bda9d5f7ddf08edcd5ae38a24826177

SHA512
5590644bcebbebd12d597ab11a5fe6fa584800ca8eda8cea45b5bd5b81bccccc92a1f5362282b74934f68ce5820bb6cd89c5e43cf328445105c42d4367194706

Download Submit
memory/2744-4-0x0000000002250000-0x00000000024C0000-memory.dmp

Filesize
2.4MB

Download
memory/2744-12-0x0000000000210000-0x0000000000211000-memory.dmp

Filesize
4KB

Download
memory/2744-19-0x0000000000210000-0x0000000000211000-memory.dmp

Filesize
4KB

Download
memory/2744-26-0x0000000000210000-0x0000000000211000-memory.dmp

Filesize
4KB

Download
memory/2744-28-0x0000000000210000-0x0000000000211000-memory.dmp

Filesize
4KB

Download
memory/2744-38-0x0000000000210000-0x0000000000211000-memory.dmp

Filesize
4KB

Download
memory/2744-39-0x0000000002250000-0x00000000024C0000-memory.dmp

Filesize
2.4MB

Download
memory/2744-55-0x0000000000210000-0x0000000000211000-memory.dmp

Filesize
4KB

Download
memory/2744-50-0x0000000000210000-0x0000000000211000-memory.dmp

Filesize
4KB

Download
memory/2744-63-0x0000000000210000-0x0000000000211000-memory.dmp

Filesize
4KB

Download
memory/2744-84-0x0000000000210000-0x0000000000211000-memory.dmp

Filesize
4KB

Download
memory/2744-86-0x0000000000210000-0x0000000000211000-memory.dmp

Filesize
4KB

Download
memory/2744-93-0x0000000000210000-0x0000000000211000-memory.dmp

Filesize
4KB

Download
memory/2744-97-0x0000000000210000-0x0000000000211000-memory.dmp

Filesize
4KB

Download