Analysis Overview
SHA256
630a2dec95e68275d9ffa75a87d4809a9da69434c30cd95099fa401c9e4c9ebc
Threat Level: Known bad
The file 630a2dec95e68275d9ffa75a87d4809a9da69434c30cd95099fa401c9e4c9ebc was found to be: Known bad.
Malicious Activity Summary
Masslogger family
ModiLoader Second Stage
Modiloader family
Xmrig family
Zeppelin family
Detected Mount Locker ransomware
Detects Zeppelin payload
XMRig Miner payload
MassLogger log file
Mountlocker family
Command and Scripting Interpreter: JavaScript
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-12-19 19:15
Signatures
Detected Mount Locker ransomware
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Detects Zeppelin payload
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
MassLogger log file
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Masslogger family
ModiLoader Second Stage
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Modiloader family
Mountlocker family
XMRig Miner payload
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Xmrig family
Zeppelin family
Analysis: behavioral1
Detonation Overview
Submitted
2024-12-19 19:15
Reported
2024-12-20 03:56
Platform
win11-20241007-en
Max time kernel
435s
Max time network
1164s
Command Line
Signatures
Command and Scripting Interpreter: JavaScript
Processes
C:\Windows\system32\wscript.exe
wscript.exe C:\Users\Admin\AppData\Local\Temp\630a2dec95e68275d9ffa75a87d4809a9da69434c30cd95099fa401c9e4c9ebc.js
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 23.236.111.52.in-addr.arpa | udp |