Resubmissions

26-11-2024 05:37

241126-gbb9latlhp 8

26-11-2024 05:34

241126-f9mbsatlcr 3

26-11-2024 05:28

241126-f6dkgatkbq 5

26-11-2024 05:19

241126-fzwsgasqhk 3

26-11-2024 05:16

241126-fx7ryswnbv 4

26-11-2024 05:10

241126-ft7b1sspaq 3

26-11-2024 05:10

241126-ft1jgawlg1 3

26-11-2024 05:09

241126-ftmbvasngr 3

26-11-2024 05:06

241126-frdxpasmhk 4

Analysis

  • max time kernel
    290s
  • max time network
    204s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20241007-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
  • submitted
    26-11-2024 05:10

General

  • Target

    sample.js

  • Size

    66KB

  • MD5

    871ec2c9c1f5fb35e9aeccc269714074

  • SHA1

    1e74f1f8acb9dd1248996fda1b68a5a970a1ca83

  • SHA256

    5a2775ce2aae72216b9aca4ab5c16fcb097f23c8d0f1698f68585ff2db64a677

  • SHA512

    e56a0e5aa5614a22d0f859098410accb0c1d44fab50b9e47396dd7c36c7e1938a636643c4ab1ca99a89aafbb9931fc7f085dacee03ed019eb7eb52d0ad6926d9

  • SSDEEP

    1536:U69UFLCCwNieoupehNFZuSuWtWWxSRoH1rjWAkSSpcEqN2RI6ZsnJVr+5va0Ym6C:T9UFLhwjLRoH1rjWAkSSpcEqN2RI6Zsm

Score
3/10

Malware Config

Signatures

Processes

  • C:\Windows\system32\wscript.exe
    wscript.exe C:\Users\Admin\AppData\Local\Temp\sample.js
    1⤵
      PID:2068
    • C:\Windows\System32\rundll32.exe
      C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
      1⤵
        PID:3124
      • C:\Windows\system32\cmd.exe
        "C:\Windows\system32\cmd.exe"
        1⤵
          PID:4120

        Network

        • flag-us
          DNS
          104.219.191.52.in-addr.arpa
          Remote address:
          8.8.8.8:53
          Request
          104.219.191.52.in-addr.arpa
          IN PTR
          Response
        • flag-us
          DNS
          95.221.229.192.in-addr.arpa
          Remote address:
          8.8.8.8:53
          Request
          95.221.229.192.in-addr.arpa
          IN PTR
          Response
        • flag-us
          DNS
          69.31.126.40.in-addr.arpa
          Remote address:
          8.8.8.8:53
          Request
          69.31.126.40.in-addr.arpa
          IN PTR
          Response
        • flag-us
          DNS
          232.168.11.51.in-addr.arpa
          Remote address:
          8.8.8.8:53
          Request
          232.168.11.51.in-addr.arpa
          IN PTR
          Response
        • flag-us
          DNS
          50.23.12.20.in-addr.arpa
          Remote address:
          8.8.8.8:53
          Request
          50.23.12.20.in-addr.arpa
          IN PTR
          Response
        • flag-us
          DNS
          198.187.3.20.in-addr.arpa
          Remote address:
          8.8.8.8:53
          Request
          198.187.3.20.in-addr.arpa
          IN PTR
          Response
        • flag-us
          DNS
          88.210.23.2.in-addr.arpa
          Remote address:
          8.8.8.8:53
          Request
          88.210.23.2.in-addr.arpa
          IN PTR
          Response
          88.210.23.2.in-addr.arpa
          IN PTR
          a2-23-210-88deploystaticakamaitechnologiescom
        No results found
        • 8.8.8.8:53
          104.219.191.52.in-addr.arpa
          dns
          73 B
          147 B
          1
          1

          DNS Request

          104.219.191.52.in-addr.arpa

        • 8.8.8.8:53
          95.221.229.192.in-addr.arpa
          dns
          73 B
          144 B
          1
          1

          DNS Request

          95.221.229.192.in-addr.arpa

        • 8.8.8.8:53
          69.31.126.40.in-addr.arpa
          dns
          71 B
          157 B
          1
          1

          DNS Request

          69.31.126.40.in-addr.arpa

        • 8.8.8.8:53
          232.168.11.51.in-addr.arpa
          dns
          72 B
          158 B
          1
          1

          DNS Request

          232.168.11.51.in-addr.arpa

        • 8.8.8.8:53
          50.23.12.20.in-addr.arpa
          dns
          70 B
          156 B
          1
          1

          DNS Request

          50.23.12.20.in-addr.arpa

        • 8.8.8.8:53
          198.187.3.20.in-addr.arpa
          dns
          71 B
          157 B
          1
          1

          DNS Request

          198.187.3.20.in-addr.arpa

        • 8.8.8.8:53
          88.210.23.2.in-addr.arpa
          dns
          70 B
          133 B
          1
          1

          DNS Request

          88.210.23.2.in-addr.arpa

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        We care about your privacy.

        This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.