General
-
Target
08112024_0043_RECHN__3778.js.zip
-
Size
11KB
-
Sample
241108-a3d4ya1fqe
-
MD5
902c82b942cd436ba36383d92b0d519b
-
SHA1
1ec9b206b3492b4cdc20949ac67005b911f312f8
-
SHA256
8151a20772ce49a7c2a494fe5a4efe75ec6d0edc38ace49ddec1c027e36ddde8
-
SHA512
22299c0949b51106e17ee1b94cc81156421d8790430cb98f1e0a33fe0f177f645604b6f81ea72ccaf0b1a4b7bc1e00da19b13cac216ed193bae26820b30da897
-
SSDEEP
192:9C+hVJrSQ0bgkMnXH179aWZjZYGFvG0xHh8h+VABVBb5uvPdlvipc:99tP0bgkA1HjZYG1G0xeh+OBVBgHl
Static task
static1
Behavioral task
behavioral1
Sample
RECHN__3778.js
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
RECHN__3778.js
Resource
win10v2004-20241007-en
Malware Config
Targets
-
-
Target
RECHN__3778.js
-
Size
11KB
-
MD5
622ed073989d08a15dc77c40cb8a3ed1
-
SHA1
1b8d364b5ef571c306bc00697f10456b3c48b5ed
-
SHA256
547943260e1cc19a3bb9535a712c05ec2fa2dba38c2db10541c146a3df77c687
-
SHA512
82d01b51720b0a27312141d70f89d416fe0039e178cd0d04df8c01c78578f466eddcfaf62369f4d70d647ed4d0e41e5a920dad65266d3503074ec143ffe98c85
-
SSDEEP
192:AC+hVJrSQ0bgkMnXH179aWZjZYGFvG0xHh8h+VABVBb5uvPdlvipv:A9tP0bgkA1HjZYG1G0xeh+OBVBgHC
-
Blocklisted process makes network request
-
Downloads MZ/PE file
-
Sets service image path in registry
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Event Triggered Execution: Component Object Model Hijacking
Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.
-
Executes dropped EXE
-
Loads dropped DLL
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Boot or Logon Autostart Execution: Authentication Package
Suspicious Windows Authentication Registry Modification.
-
Drops file in System32 directory
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
2Authentication Package
1Registry Run Keys / Startup Folder
1Event Triggered Execution
1Component Object Model Hijacking
1Privilege Escalation
Boot or Logon Autostart Execution
2Authentication Package
1Registry Run Keys / Startup Folder
1Event Triggered Execution
1Component Object Model Hijacking
1