ac994f567908f4a9dae681fbe4d4613753d161855a7bd2cd31397b038b90726a

Analysis

max time kernel
148s
max time network
152s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
20-01-2025 16:52

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

f7debb28e4cb5808148ee09ea605aada5964208d031bdd9d05277408e85f3103.js
Size

4.1MB
MD5

40952de7adcb0e98c28a63eaa7bf7a0e
SHA1

eb1c4358d2851f7499360f3a8e274de3f35dd828
SHA256

f7debb28e4cb5808148ee09ea605aada5964208d031bdd9d05277408e85f3103
SHA512

a3efea122f7e072ac70c2303adea37de2fc21626fa030687b3b7da424f7581ce4ab2f5fea5a6094d191d67bc55d99ccd14ebf0e55fa8697b5e005b783ac6995a
SSDEEP

49152:Nsz6FvpOiHY7sz6FvpOiHYH9qZKpKmKZK7K6wTiAmMOsyzCu9C0W0w0i0GpMxkS7:N0WQ0Wq

Score

8^/10

execution persistence

Malware Config

Signatures

Blocklisted process makes network request 1 IoCs

flow	pid	Process
11	3296	wscript.exe

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ = "C:\\ProgramData\\g9keufr\\client32.exe"	wscript.exe

Command and Scripting Interpreter: JavaScript 1 TTPs
execution

JavaScript
T1059.007

C:\Windows\system32\wscript.exe
wscript.exe C:\Users\Admin\AppData\Local\Temp\f7debb28e4cb5808148ee09ea605aada5964208d031bdd9d05277408e85f3103.js
1⤵
- Blocklisted process makes network request
- Adds Run key to start application
PID:3296

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

T1059

JavaScript

T1059.007

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads