Overview

overview

10

Static

static

1

Zilcorp_PayCheck.js

windows7-x64

3

Zilcorp_PayCheck.js

windows10-2004-x64

10

Analysis

  • max time kernel
    150s
  • max time network
    150s
  • platform
    windows7_x64
  • resource
    win7-20240508-en
  • resource tags

    arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
  • submitted
    18-06-2024 09:35

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Zilcorp_PayCheck.js

  • Size

    415KB

  • MD5

    b7bef63b1d36f38f696469ace03c61c4

  • SHA1

    6354ac040b6fda031ebf37e90eae9eb68b97bd94

  • SHA256

    201483f282a58582d9a11ac56491bd74bd25caa0635987297d6cc985f4078bea

  • SHA512

    a94833b8df108d34f39c87377ab0f46a81774056e40e45f34e504c25ed7e99e647a4622b30be7096e526e1a359a69c99261f69805cc7e956d8bc4f865a3ffd45

  • SSDEEP

    6144:XQ6gcED4sXas+CryilhnTUX5jcniqlSu+yxq3RKN24mR1V3JMV9DLC7:g688sXasSsUXiXEwgLcLC7

Score
3/10
execution

Malware Config

Signatures

  • Command and Scripting Interpreter: JavaScript 1 TTPs
    execution
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Windows\system32\wscript.exe
    wscript.exe C:\Users\Admin\AppData\Local\Temp\Zilcorp_PayCheck.js
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1932
    • C:\Program Files\Java\jre7\bin\javaw.exe
      "C:\Program Files\Java\jre7\bin\javaw.exe" -jar "C:\Users\Admin\AppData\Roaming\ezvkhwvuj.txt"
      2⤵
        PID:2172

    Network

    MITRE ATT&CK Matrix ATT&CK v13

    Initial Access

    Execution

    Command and Scripting Interpreter

    1
    T1059

    JavaScript

    1
    T1059.007

    Persistence

    Privilege Escalation

    Defense Evasion

    Credential Access

    Discovery

    Lateral Movement

    Collection

    Exfiltration

    Command and Control

    Impact

    Resource Development

    Reconnaissance

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\Roaming\ezvkhwvuj.txt
      Filesize

      202KB

      MD5

      4c6cadc27c84e3c1cc0e0a02eedf70b4

      SHA1

      6744f248d56276d11eb2a4b72e0bf83b56088510

      SHA256

      ea567fa68562fae02b4ca07fb22a4aab17a2970b2083c4fe65a5bad3a9324dd4

      SHA512

      f14f1ef647b573fa016b5fb84130a18018814a00c31ce9f48dc2e701cbd693ca1655f2d76905f3cd89cdf84927708c5abefc58561991701e8028da0f927a6be3

      Download Submit
    • memory/2172-4-0x0000000002550000-0x00000000027C0000-memory.dmp
      Filesize

      2.4MB

      Download
    • memory/2172-12-0x0000000000230000-0x0000000000231000-memory.dmp
      Filesize

      4KB

      Download
    • memory/2172-19-0x0000000000230000-0x0000000000231000-memory.dmp
      Filesize

      4KB

      Download
    • memory/2172-27-0x0000000000230000-0x0000000000231000-memory.dmp
      Filesize

      4KB

      Download
    • memory/2172-30-0x0000000000230000-0x0000000000231000-memory.dmp
      Filesize

      4KB

      Download
    • memory/2172-36-0x0000000000230000-0x0000000000231000-memory.dmp
      Filesize

      4KB

      Download
    • memory/2172-42-0x0000000000230000-0x0000000000231000-memory.dmp
      Filesize

      4KB

      Download
    • memory/2172-48-0x0000000000230000-0x0000000000231000-memory.dmp
      Filesize

      4KB

      Download
    • memory/2172-50-0x0000000000230000-0x0000000000231000-memory.dmp
      Filesize

      4KB

      Download
    • memory/2172-54-0x0000000000230000-0x0000000000231000-memory.dmp
      Filesize

      4KB

      Download
    • memory/2172-96-0x0000000000230000-0x0000000000231000-memory.dmp
      Filesize

      4KB

      Download
    • memory/2172-104-0x0000000000230000-0x0000000000231000-memory.dmp
      Filesize

      4KB

      Download
    • memory/2172-234-0x0000000002550000-0x00000000027C0000-memory.dmp
      Filesize

      2.4MB

      Download