General
-
Target
08112024_0046_TRRECHN_3641.js.zip
-
Size
11KB
-
Sample
241108-a4lv6s1fnj
-
MD5
7c0b61635c612491ede7d1520b32e75c
-
SHA1
2edcc26f7f4f5b83399753b118b63ae897f10c00
-
SHA256
c13e647888ffccd327364dfc27119e95cfcf8b3e8c1ea0a047a5d32849f95606
-
SHA512
f713247659d8857c1fa8fabd05595c8a9e50339d26a440ee5b2c464b4b97e6522c9fed9d67a48bf3b8a888c1cf074aeebe913f1fc77a20309f5b783accc3d2a7
-
SSDEEP
192:ROC+hVJrSQ0bgkMnXH179aWZjZYGFvG0xHh8h+VABVBb5uvPdlvipGy:s9tP0bgkA1HjZYG1G0xeh+OBVBgHI
Static task
static1
Behavioral task
behavioral1
Sample
TRRECHN_3641.js
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
TRRECHN_3641.js
Resource
win10v2004-20241007-en
Malware Config
Targets
-
-
Target
TRRECHN_3641.js
-
Size
11KB
-
MD5
622ed073989d08a15dc77c40cb8a3ed1
-
SHA1
1b8d364b5ef571c306bc00697f10456b3c48b5ed
-
SHA256
547943260e1cc19a3bb9535a712c05ec2fa2dba38c2db10541c146a3df77c687
-
SHA512
82d01b51720b0a27312141d70f89d416fe0039e178cd0d04df8c01c78578f466eddcfaf62369f4d70d647ed4d0e41e5a920dad65266d3503074ec143ffe98c85
-
SSDEEP
192:AC+hVJrSQ0bgkMnXH179aWZjZYGFvG0xHh8h+VABVBb5uvPdlvipv:A9tP0bgkA1HjZYG1G0xeh+OBVBgHC
-
Blocklisted process makes network request
-
Downloads MZ/PE file
-
Sets service image path in registry
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Event Triggered Execution: Component Object Model Hijacking
Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.
-
Executes dropped EXE
-
Loads dropped DLL
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Boot or Logon Autostart Execution: Authentication Package
Suspicious Windows Authentication Registry Modification.
-
Drops file in System32 directory
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
2Authentication Package
1Registry Run Keys / Startup Folder
1Event Triggered Execution
1Component Object Model Hijacking
1Privilege Escalation
Boot or Logon Autostart Execution
2Authentication Package
1Registry Run Keys / Startup Folder
1Event Triggered Execution
1Component Object Model Hijacking
1