Malware Analysis Report

2024-12-07 16:16

Sample ID 241113-qbc1kascre
Target document-170032474.js
SHA256 d2f3c5515e6aaa2626744acdd021949eee6032c91b2c97c03c96f4bb84f9ec92
Tags
execution
score
3/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
3/10

SHA256

d2f3c5515e6aaa2626744acdd021949eee6032c91b2c97c03c96f4bb84f9ec92

Threat Level: Likely benign

The file document-170032474.js was found to be: Likely benign.

Malicious Activity Summary

execution

Command and Scripting Interpreter: JavaScript

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-11-13 13:04

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-11-13 13:04

Reported

2024-11-13 13:06

Platform

win10ltsc2021-20241023-en

Max time kernel

61s

Max time network

63s

Command Line

wscript.exe C:\Users\Admin\AppData\Local\Temp\document-170032474.js

Signatures

Command and Scripting Interpreter: JavaScript

execution

Processes

C:\Windows\system32\wscript.exe

wscript.exe C:\Users\Admin\AppData\Local\Temp\document-170032474.js

Network

Country Destination Domain Proto
US 8.8.8.8:53 232.168.11.51.in-addr.arpa udp
US 8.8.8.8:53 asyc.shop udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
US 8.8.8.8:53 76.32.126.40.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 200.163.202.172.in-addr.arpa udp
US 8.8.8.8:53 fd.api.iris.microsoft.com udp
US 8.8.8.8:53 171.39.242.20.in-addr.arpa udp

Files

N/A