Overview

overview

10

Static

static

1

Doc171836.js

windows7-x64

7

Doc171836.js

windows10-2004-x64

10

Analysis

  • max time kernel
    119s
  • max time network
    120s
  • platform
    windows7_x64
  • resource
    win7-20241010-en
  • resource tags

    arch:x64arch:x86image:win7-20241010-enlocale:en-usos:windows7-x64system
  • submitted
    19-02-2025 18:01

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Doc171836.js

  • Size

    412KB

  • MD5

    da7ed43b68df0e3a40b48e1fbb8b539b

  • SHA1

    c53936f0811fe54dd3f57e525c1dd31f04bf249d

  • SHA256

    eb164525c66c559aec32c119a9e2fa54444caefcd32b944a12c459e80fd568c4

  • SHA512

    bcadaf98784a8ef2b5fef711cf2f6402a932e9241220fc337294aeeaa08e3be9d98545b30a286dac4a0fdf51a462b7ca6930e44341f92fdad8a8035015c1ff41

  • SSDEEP

    3072:D5RU5Rv5RjiL2wiL2niL2WGyTGyR3d54+e0ekewer:VRkRRRj2T2m23GyTGydXJ5S

Score
7/10
discoveryexecution

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 6 IoCs
  • Blocklisted process makes network request 5 IoCs
  • Enumerates connected drives 3 TTPs 23 IoCs

    Attempts to read the root path of hard drives other than the default C: drive.

  • Drops file in Windows directory 9 IoCs
  • Command and Scripting Interpreter: JavaScript 1 TTPs
    execution
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Modifies data under HKEY_USERS 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 2 IoCs
  • Suspicious use of AdjustPrivilegeToken 52 IoCs
  • Suspicious use of WriteProcessMemory 10 IoCs

Processes

  • C:\Windows\system32\wscript.exe
    wscript.exe C:\Users\Admin\AppData\Local\Temp\Doc171836.js
    1⤵
    • Suspicious use of AdjustPrivilegeToken
    PID:1280
  • C:\Windows\system32\msiexec.exe
    C:\Windows\system32\msiexec.exe /V
    1⤵
    • Loads dropped DLL
    • Blocklisted process makes network request
    • Enumerates connected drives
    • Drops file in Windows directory
    • Modifies data under HKEY_USERS
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:2368
    • C:\Windows\syswow64\MsiExec.exe
      C:\Windows\syswow64\MsiExec.exe -Embedding 5CD7DBA453A0AAB67DA71CC26EE18942
      2⤵
      • Loads dropped DLL
      • Blocklisted process makes network request
      • System Location Discovery: System Language Discovery
      PID:2440
    • C:\Users\Admin\AppData\Roaming\nvidia\NVIDIA Notification.exe
      "C:\Users\Admin\AppData\Roaming\nvidia\NVIDIA Notification.exe"
      2⤵
      • Executes dropped EXE
      • Loads dropped DLL
      PID:2100

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Config.Msi\f76f72e.rbs
    Filesize

    2KB

    MD5

    2df5b6fd7999cb04fec777db37892d50

    SHA1

    c3ce8b9def45d6456174e6c9258fa39507cbb1a1

    SHA256

    1536785c5b8be10067c58f68189d514080a4b18f1a9251613d6e569b27c63901

    SHA512

    bfd792637b6441f19533633a92e5ad996e764a77c6bf47fd865c55f3304715579605186def3dd761a86ea165cf601fa29b4b82b620359551cbb25c812330792b

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    a836103467018e917866a264cfbb3eab

    SHA1

    a2eae68a6dcf311389fb2831a7ab4c96cdc103f4

    SHA256

    cd81ddea1ea1588090c8e2bc241c3a5b3b86f3beac4d53bfb6ae59dc6dacb414

    SHA512

    459925c021b3cb5028a7b74a063524214a40d09dfa6c9251d35babd52d17422df9fd736c4193521cf8fd2aa24206c60127b9debff4bb11096741b7117e6f2528

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\CabE42B.tmp
    Filesize

    70KB

    MD5

    49aebf8cbd62d92ac215b2923fb1b9f5

    SHA1

    1723be06719828dda65ad804298d0431f6aff976

    SHA256

    b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

    SHA512

    bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\TarE4F8.tmp
    Filesize

    181KB

    MD5

    4ea6026cf93ec6338144661bf1202cd1

    SHA1

    a1dec9044f750ad887935a01430bf49322fbdcb7

    SHA256

    8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

    SHA512

    6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

    Download Submit

  • C:\Windows\Installer\MSIDDF0.tmp
    Filesize

    4.6MB

    MD5

    27708977fc83f3b70177d6cf68900eba

    SHA1

    f679bb77e2876b17da2276017df6cf252aa5bd22

    SHA256

    ec3ca0877e599ae9c40cbcec51a9a4718114e33d9e2d9d8c72f5f24d7cebdcbf

    SHA512

    831ccd1e4fdda16ff7cd16096e3291b9fa986f814e56aec9d8d0c6a36ae402002940a9d9aa7c1c5c8cf1b8e65c2d9ee529956f9cae3832e513a37bff3839c8ac

    Download Submit

  • C:\Windows\Installer\MSIE7C3.tmp
    Filesize

    436KB

    MD5

    475d20c0ea477a35660e3f67ecf0a1df

    SHA1

    67340739f51e1134ae8f0ffc5ae9dd710e8e3a08

    SHA256

    426e6cf199a8268e8a7763ec3a4dd7add982b28c51d89ebea90ca792cbae14dd

    SHA512

    99525aaab2ab608134b5d66b5313e7fc3c2e2877395c5c171897d7a6c66efb26b606de1a4cb01118c2738ea4b6542e4eb4983e631231b3f340bf85e509a9589e

    Download Submit

  • C:\Windows\Installer\MSIE8FD.tmp
    Filesize

    355KB

    MD5

    cac65e61b287555ea0e2a7f1aa0645cc

    SHA1

    0c93bdbfddd7e00ec30c81dbff8f3a1bfaf62519

    SHA256

    57c0d90010d3a476770c8085d2641cbf234b0ca47ec687ca4aabbf4db92df737

    SHA512

    e80076eb7e632e40f8dcb013b854a5825e7a19dd451505aa121a47a110032a1c571cd6d9e3e5aeacdb8f5897cb17ece4e65846b5d9080605e81176fe0811456a

    Download Submit

  • \Users\Admin\AppData\Roaming\nvidia\NVIDIA Notification.exe
    Filesize

    3.2MB

    MD5

    07459a0b5f524ad62b5b5401133d4d55

    SHA1

    bcaec0c106f7f97c09618870e0d4868a156c93ec

    SHA256

    6c94c9d7e231523e06b41275ab208e42cdd39278f341123b066b05a0a6830e4d

    SHA512

    5133970b743eaa730e97baf9c4f52c05af469b880cd158900e62447daab45445112b41cc31c330fb90ee1e274d85e444ab86cfffc3e4fea7380d4217c446e9b5

    Download Submit

  • \Users\Admin\AppData\Roaming\nvidia\libcef.dll
    Filesize

    3.2MB

    MD5

    c6bb7631c35b6a8fc21077ca49aa8559

    SHA1

    240d2d8e8da0bba108ee831bcc7a17a92d190db2

    SHA256

    6b3854e74a1ec9a70f14d124c9ae8456129c0b5968f3781b95e430940c64fad4

    SHA512

    1cc5f67413727ea12b0ff0c26ef822fe689b15c674ee4bb03789b949879cfd0f84ad76bd8b93db53ef35160c751344134fc36d8bb3995be658ca7c268bdada72

    Download Submit

  • memory/2100-149-0x00000003A6450000-0x00000003A649B000-memory.dmp

    Filesize

    300KB

    Download