639a17eed5125ced4bd08a468204732fa2d37d42d3a47465d22f3afe45b7c7a1 | Triage

Resubmissions

21/11/2024, 02:56 UTC

241121-dfcjdaxfnb 8

21/11/2024, 02:55 UTC

241121-destzaxfme 1

21/11/2024, 02:39 UTC

241121-c5hagsxenf 3

21/11/2024, 02:38 UTC

241121-c42yhaxrfv 3

21/11/2024, 02:35 UTC

241121-c3gwyasncl 3

21/11/2024, 02:23 UTC

241121-cvcl9axqh1 3

21/11/2024, 02:17 UTC

241121-cq22caxqgz 3

Analysis

max time kernel
67s
max time network
83s
platform
windows11-21h2_x64
resource
win11-20241007-en
resource tags

arch:x64arch:x86image:win11-20241007-enlocale:en-usos:windows11-21h2-x64system
submitted
21/11/2024, 02:23 UTC

Sharing

Report Analysis Logs

General

Target

du-store-main/backend/controller/cart.js
Size

2KB
MD5

08ecc9990eda6b24e693700b9974bbc5
SHA1

dc2bdc0ccc3730236905fdc70fefc87da1c07336
SHA256

b5c764a7d1bba16cfc74645ce0362e70d681f6c30808320e6894b7dfe94e48fa
SHA512

df84cadcf0012b7e98c8a95a6a428ab4ecdb90e559e517ffe32cf0c34a1038d2ef27d14dfbf345b73635576730cc4e4866f3fa9f91ec12bfde376591391ebe4f

Score

3^/10

execution

Malware Config

Signatures

Command and Scripting Interpreter: JavaScript 1 TTPs
execution

JavaScript
T1059.007

C:\Windows\system32\wscript.exe
wscript.exe C:\Users\Admin\AppData\Local\Temp\du-store-main\backend\controller\cart.js
1⤵
PID:2408

Network

DNS

8.8.8.8.in-addr.arpa

Remote address:

8.8.8.8:53

Request

8.8.8.8.in-addr.arpa

IN PTR

Response

8.8.8.8.in-addr.arpa

IN PTR

dnsgoogle
DNS

login.live.com

Remote address:

8.8.8.8:53

Request

login.live.com

IN A

Response

login.live.com

IN CNAME

login.msa.msidentity.com

login.msa.msidentity.com

IN CNAME

www.tm.lg.prod.aadmsa.trafficmanager.net

www.tm.lg.prod.aadmsa.trafficmanager.net

IN CNAME

prdv4a.aadg.msidentity.com

prdv4a.aadg.msidentity.com

IN CNAME

www.tm.v4.a.prd.aadg.trafficmanager.net

www.tm.v4.a.prd.aadg.trafficmanager.net

IN A

40.126.32.68

www.tm.v4.a.prd.aadg.trafficmanager.net

IN A

40.126.32.134

www.tm.v4.a.prd.aadg.trafficmanager.net

IN A

20.190.160.17

www.tm.v4.a.prd.aadg.trafficmanager.net

IN A

40.126.32.140

www.tm.v4.a.prd.aadg.trafficmanager.net

IN A

20.190.160.22

www.tm.v4.a.prd.aadg.trafficmanager.net

IN A

40.126.32.74

www.tm.v4.a.prd.aadg.trafficmanager.net

IN A

20.190.160.20

www.tm.v4.a.prd.aadg.trafficmanager.net

IN A

40.126.32.72
DNS

219.143.101.95.in-addr.arpa

Remote address:

8.8.8.8:53

Request

219.143.101.95.in-addr.arpa

IN PTR

Response

219.143.101.95.in-addr.arpa

IN PTR

a95-101-143-219deploystaticakamaitechnologiescom
DNS

browser.pipe.aria.microsoft.com

Remote address:

8.8.8.8:53

Request

browser.pipe.aria.microsoft.com

IN A

Response

browser.pipe.aria.microsoft.com

IN CNAME

browser.events.data.trafficmanager.net

browser.events.data.trafficmanager.net

IN CNAME

onedscolprduks04.uksouth.cloudapp.azure.com

onedscolprduks04.uksouth.cloudapp.azure.com

IN A

51.104.15.253
DNS

95.221.229.192.in-addr.arpa

Remote address:

8.8.8.8:53

Request

95.221.229.192.in-addr.arpa

IN PTR

Response
DNS

68.32.126.40.in-addr.arpa

Remote address:

8.8.8.8:53

Request

68.32.126.40.in-addr.arpa

IN PTR

Response

2.18.66.41:443

www.bing.com

tls

24.5kB
90.5kB
115
103
95.101.143.219:443

r.bing.com

tls

1.2kB
5.3kB
16
14
95.101.143.219:443

r.bing.com

tls

1.2kB
5.3kB
16
14
95.101.143.219:443

r.bing.com

tls

1.2kB
5.3kB
16
14
95.101.143.219:443

r.bing.com

tls

72.8kB
1.9MB
1420
1380
95.101.143.219:443

r.bing.com

tls

1.2kB
5.3kB
16
14
95.101.143.219:443

r.bing.com

tls

1.2kB
5.3kB
16
14
51.104.15.253:443

browser.pipe.aria.microsoft.com

tls

3.2kB
7.5kB
19
14

8.8.8.8:53

8.8.8.8.in-addr.arpa

dns

126 B
428 B
2
2

DNS Request

8.8.8.8.in-addr.arpa

DNS Request

login.live.com

DNS Response

40.126.32.68

40.126.32.134

20.190.160.17

40.126.32.140

20.190.160.22

40.126.32.74

20.190.160.20

40.126.32.72
8.8.8.8:53

219.143.101.95.in-addr.arpa

dns

150 B
338 B
2
2

DNS Request

219.143.101.95.in-addr.arpa

DNS Request

browser.pipe.aria.microsoft.com

DNS Response

51.104.15.253
8.8.8.8:53

95.221.229.192.in-addr.arpa

dns

144 B
301 B
2
2

DNS Request

95.221.229.192.in-addr.arpa

DNS Request

68.32.126.40.in-addr.arpa

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

JavaScript

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads