Resubmissions
26-11-2024 05:37
241126-gbb9latlhp 826-11-2024 05:34
241126-f9mbsatlcr 326-11-2024 05:28
241126-f6dkgatkbq 526-11-2024 05:19
241126-fzwsgasqhk 326-11-2024 05:16
241126-fx7ryswnbv 426-11-2024 05:10
241126-ft7b1sspaq 326-11-2024 05:10
241126-ft1jgawlg1 326-11-2024 05:09
241126-ftmbvasngr 326-11-2024 05:06
241126-frdxpasmhk 4Analysis
-
max time kernel
290s -
max time network
204s -
platform
windows10-2004_x64 -
resource
win10v2004-20241007-en -
resource tags
arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system -
submitted
26-11-2024 05:10
Static task
static1
Behavioral task
behavioral1
Sample
sample.js
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
sample.js
Resource
win10v2004-20241007-en
General
-
Target
sample.js
-
Size
66KB
-
MD5
871ec2c9c1f5fb35e9aeccc269714074
-
SHA1
1e74f1f8acb9dd1248996fda1b68a5a970a1ca83
-
SHA256
5a2775ce2aae72216b9aca4ab5c16fcb097f23c8d0f1698f68585ff2db64a677
-
SHA512
e56a0e5aa5614a22d0f859098410accb0c1d44fab50b9e47396dd7c36c7e1938a636643c4ab1ca99a89aafbb9931fc7f085dacee03ed019eb7eb52d0ad6926d9
-
SSDEEP
1536:U69UFLCCwNieoupehNFZuSuWtWWxSRoH1rjWAkSSpcEqN2RI6ZsnJVr+5va0Ym6C:T9UFLhwjLRoH1rjWAkSSpcEqN2RI6Zsm
Malware Config
Signatures
-
Command and Scripting Interpreter: JavaScript 1 TTPs
Processes
-
C:\Windows\system32\wscript.exewscript.exe C:\Users\Admin\AppData\Local\Temp\sample.js1⤵PID:2068
-
C:\Windows\System32\rundll32.exeC:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding1⤵PID:3124
-
C:\Windows\system32\cmd.exe"C:\Windows\system32\cmd.exe"1⤵PID:4120
Network
-
Remote address:8.8.8.8:53Request104.219.191.52.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Request95.221.229.192.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Request69.31.126.40.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Request232.168.11.51.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Request50.23.12.20.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Request198.187.3.20.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Request88.210.23.2.in-addr.arpaIN PTRResponse88.210.23.2.in-addr.arpaIN PTRa2-23-210-88deploystaticakamaitechnologiescom
-
73 B 147 B 1 1
DNS Request
104.219.191.52.in-addr.arpa
-
73 B 144 B 1 1
DNS Request
95.221.229.192.in-addr.arpa
-
71 B 157 B 1 1
DNS Request
69.31.126.40.in-addr.arpa
-
72 B 158 B 1 1
DNS Request
232.168.11.51.in-addr.arpa
-
70 B 156 B 1 1
DNS Request
50.23.12.20.in-addr.arpa
-
71 B 157 B 1 1
DNS Request
198.187.3.20.in-addr.arpa
-
70 B 133 B 1 1
DNS Request
88.210.23.2.in-addr.arpa