b17737a19e78307ea11a7f3764b51365df6e73102a8716c3207a1306c41eb1c0

Analysis

max time kernel
117s
max time network
118s
platform
windows7_x64
resource
win7-20240729-en
resource tags

arch:x64arch:x86image:win7-20240729-enlocale:en-usos:windows7-x64system
submitted
05-02-2025 12:45

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Платіжне доручення_496/Платіжне доручення_496.js
Size

442KB
MD5

ef74d082583d313298680a756f0d82d8
SHA1

0dbeb317d8b00cb74137ef69d5f99b71b01fc333
SHA256

327d738d22e9d8e0a40761521c507d3ca9d92128031ff82503b34c0a86f64f76
SHA512

65f7169362aa63ffe708301735878e1b1cb2c4ea12fbfec7408e659787388125b06d861554e7a0b7af339ed4d0ed018fd6c44eb55c4643da4b2c1c90dc6340f0
SSDEEP

12288:sWAmOGMiKvfXXr8D4/I+cvNN6Sf+GaLC1iXg5Xjd2qOWSlFq6c:uAMiKvfX79uiC1iXg5XXSlC

Score

8^/10

execution persistence

Malware Config

Signatures

Blocklisted process makes network request 4 IoCs

flow	pid	Process
5	2340	wscript.exe
6	2340	wscript.exe
7	2340	wscript.exe
8	2340	wscript.exe

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Windows\CurrentVersion\Run\ = "C:\\ProgramData\\s3d37yg\\client32.exe"	wscript.exe

Command and Scripting Interpreter: JavaScript 1 TTPs
execution

JavaScript
T1059.007

C:\Windows\system32\wscript.exe
wscript.exe "C:\Users\Admin\AppData\Local\Temp\Платіжне доручення_496\Платіжне доручення_496.js"
1⤵
- Blocklisted process makes network request
- Adds Run key to start application
PID:2340

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

T1059

JavaScript

T1059.007

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads