Overview

overview

10

Static

static

1

1cef3a6382...858.js

windows7-x64

3

1cef3a6382...858.js

windows10-2004-x64

10

Analysis

  • max time kernel
    149s
  • max time network
    150s
  • platform
    windows7_x64
  • resource
    win7-20241023-en
  • resource tags

    arch:x64arch:x86image:win7-20241023-enlocale:en-usos:windows7-x64system
  • submitted
    27-11-2024 02:12

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    1cef3a638243fd070d898fb3edabf7676d050246e736b73cdb9f23201d4f7858.js

  • Size

    731KB

  • MD5

    c3e39b8ea6a8813ffb4001cbd044a027

  • SHA1

    36dc1ec5510e2531b23931b317e25ae2240df789

  • SHA256

    1cef3a638243fd070d898fb3edabf7676d050246e736b73cdb9f23201d4f7858

  • SHA512

    b61d5c9935f383334a33dc713bcf7c3ede9cda7f21766c9f06da3bd07dd874115c18fc6d58cbd3f20b99297c4a9017eb5b998db60f437a2d42fe1756f490e1f6

  • SSDEEP

    6144:eQoo+DmkAh/CyDJuTg0lFPmx61HCLu+yHsWsLy+HiuNHW2Z5nJRU/pqFvVu77HEa:1+

Score
3/10
execution

Malware Config

Signatures

  • Command and Scripting Interpreter: JavaScript 1 TTPs
    execution
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Windows\system32\wscript.exe
    wscript.exe C:\Users\Admin\AppData\Local\Temp\1cef3a638243fd070d898fb3edabf7676d050246e736b73cdb9f23201d4f7858.js
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2396
    • C:\Program Files\Java\jre7\bin\javaw.exe
      "C:\Program Files\Java\jre7\bin\javaw.exe" -jar "C:\Users\Admin\AppData\Roaming\hibqjpt.txt"
      2⤵
        PID:2536

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\Roaming\hibqjpt.txt
      Filesize

      92KB

      MD5

      2543beb989715570292d7263b60bab1a

      SHA1

      ebb68838c9ce8f235349c2616bdd65f294b271ee

      SHA256

      3ec814fcff2491c0863b5d5e5e26af3799bae70bc7fa4768cb5fbac74f0e0cab

      SHA512

      c47b6f843bcc4906b03e011b0405b4bfb3bb65422e14fd6dd8bc7bc4975e055d5e93a3562c0031dcb065649d82b8e5ca30cf1279044bea572eb5c9ee30a264db

      Download Submit

    • memory/2536-4-0x0000000002660000-0x00000000028D0000-memory.dmp

      Filesize

      2.4MB

      Download

    • memory/2536-12-0x0000000000430000-0x0000000000431000-memory.dmp

      Filesize

      4KB

      Download

    • memory/2536-19-0x0000000000430000-0x0000000000431000-memory.dmp

      Filesize

      4KB

      Download

    • memory/2536-26-0x0000000000430000-0x0000000000431000-memory.dmp

      Filesize

      4KB

      Download

    • memory/2536-30-0x0000000000430000-0x0000000000431000-memory.dmp

      Filesize

      4KB

      Download

    • memory/2536-31-0x0000000000430000-0x0000000000431000-memory.dmp

      Filesize

      4KB

      Download

    • memory/2536-40-0x0000000000430000-0x0000000000431000-memory.dmp

      Filesize

      4KB

      Download

    • memory/2536-41-0x0000000002660000-0x00000000028D0000-memory.dmp

      Filesize

      2.4MB

      Download

    • memory/2536-44-0x0000000000430000-0x0000000000431000-memory.dmp

      Filesize

      4KB

      Download

    • memory/2536-46-0x0000000000430000-0x0000000000431000-memory.dmp

      Filesize

      4KB

      Download

    • memory/2536-48-0x0000000000430000-0x0000000000431000-memory.dmp

      Filesize

      4KB

      Download

    • memory/2536-79-0x0000000000430000-0x0000000000431000-memory.dmp

      Filesize

      4KB

      Download

    • memory/2536-86-0x0000000000430000-0x0000000000431000-memory.dmp

      Filesize

      4KB

      Download

    • memory/2536-88-0x0000000000430000-0x0000000000431000-memory.dmp

      Filesize

      4KB

      Download

    • memory/2536-93-0x0000000000430000-0x0000000000431000-memory.dmp

      Filesize

      4KB

      Download

    • memory/2536-91-0x0000000000430000-0x0000000000431000-memory.dmp

      Filesize

      4KB

      Download

    • memory/2536-90-0x0000000000430000-0x0000000000431000-memory.dmp

      Filesize

      4KB

      Download