c1fc5546843864a8d825b8d1bc19682e40d9d2755486397f4336d3d56a8e2f2f | Triage

Analysis

max time kernel
93s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
20/01/2025, 21:42 UTC

Sharing

Report Analysis Logs

General

Target

scripts/config.js
Size

220KB
MD5

96c673c9e9dedefec5fd5e27284e4f29
SHA1

1b5865f8998749a1fd61f62e6357d19dedcc9a2c
SHA256

d92b9e01e24935e1cc6144734c0b39379edef1e3c06aedbd547dc304e7334d77
SHA512

4ac805e8528f1003911960ce317150d186022a30dc31c479a54e1f6adbbf9cbce882da4b46f8cf0991c9e07fb4239f970d07c1538e4d16c79b560b5b272e5b83
SSDEEP

3072:ubmjIIxdmqlnRf1/QyZs2WWwjojiS06SK9J8Iq8jltsBo0FXnihq/+43j:uBCdFllFLsSok9Jg4lutNb+4T

Score

3^/10

execution

Malware Config

Signatures

Command and Scripting Interpreter: JavaScript 1 TTPs
execution

JavaScript
T1059.007

C:\Windows\system32\wscript.exe
wscript.exe C:\Users\Admin\AppData\Local\Temp\scripts\config.js
1⤵
PID:4656

Network

DNS

180.129.81.91.in-addr.arpa

Remote address:

8.8.8.8:53

Request

180.129.81.91.in-addr.arpa

IN PTR

Response
DNS

104.219.191.52.in-addr.arpa

Remote address:

8.8.8.8:53

Request

104.219.191.52.in-addr.arpa

IN PTR

Response
DNS

17.160.190.20.in-addr.arpa

Remote address:

8.8.8.8:53

Request

17.160.190.20.in-addr.arpa

IN PTR

Response
DNS

167.173.78.104.in-addr.arpa

Remote address:

8.8.8.8:53

Request

167.173.78.104.in-addr.arpa

IN PTR

Response

167.173.78.104.in-addr.arpa

IN PTR

a104-78-173-167deploystaticakamaitechnologiescom
DNS

212.20.149.52.in-addr.arpa

Remote address:

8.8.8.8:53

Request

212.20.149.52.in-addr.arpa

IN PTR

Response
DNS

171.39.242.20.in-addr.arpa

Remote address:

8.8.8.8:53

Request

171.39.242.20.in-addr.arpa

IN PTR

Response
DNS

85.49.80.91.in-addr.arpa

Remote address:

8.8.8.8:53

Request

85.49.80.91.in-addr.arpa

IN PTR

Response
DNS

60.153.16.2.in-addr.arpa

Remote address:

8.8.8.8:53

Request

60.153.16.2.in-addr.arpa

IN PTR

Response

60.153.16.2.in-addr.arpa

IN PTR

a2-16-153-60deploystaticakamaitechnologiescom
DNS

8.153.16.2.in-addr.arpa

Remote address:

8.8.8.8:53

Request

8.153.16.2.in-addr.arpa

IN PTR

Response

8.153.16.2.in-addr.arpa

IN PTR

a2-16-153-8deploystaticakamaitechnologiescom

No results found

8.8.8.8:53

180.129.81.91.in-addr.arpa

dns

72 B
147 B
1
1

DNS Request

180.129.81.91.in-addr.arpa
8.8.8.8:53

104.219.191.52.in-addr.arpa

dns

73 B
147 B
1
1

DNS Request

104.219.191.52.in-addr.arpa
8.8.8.8:53

17.160.190.20.in-addr.arpa

dns

72 B
158 B
1
1

DNS Request

17.160.190.20.in-addr.arpa
8.8.8.8:53

167.173.78.104.in-addr.arpa

dns

73 B
139 B
1
1

DNS Request

167.173.78.104.in-addr.arpa
8.8.8.8:53

212.20.149.52.in-addr.arpa

dns

72 B
146 B
1
1

DNS Request

212.20.149.52.in-addr.arpa
8.8.8.8:53

171.39.242.20.in-addr.arpa

dns

72 B
158 B
1
1

DNS Request

171.39.242.20.in-addr.arpa
8.8.8.8:53

85.49.80.91.in-addr.arpa

dns

70 B
145 B
1
1

DNS Request

85.49.80.91.in-addr.arpa
8.8.8.8:53

60.153.16.2.in-addr.arpa

dns

70 B
133 B
1
1

DNS Request

60.153.16.2.in-addr.arpa
8.8.8.8:53

8.153.16.2.in-addr.arpa

dns

69 B
131 B
1
1

DNS Request

8.153.16.2.in-addr.arpa

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

JavaScript

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads