Analysis
-
max time kernel
144s -
max time network
147s -
platform
windows10_x64 -
resource
win10v20201028 -
submitted
13-01-2021 06:46
General
-
Target
SwiftCopies.js
-
Size
249KB
-
MD5
c64283d97b88c7596e77dbe2cf07aa96
-
SHA1
adc39012adf334ae763bed7d3986b7c5488e610f
-
SHA256
99806dffcac81a0036f89ac02826ef83ab0c0affe42f9d3276c7a73416712e99
-
SHA512
e6f31cea207546b9bc8e04a86e17e6a3b1d7185fda4a0e1186c113e523109f83d55a6979996a9123e6b55c65755a760571c21808c8326d3bad288ba926d8552a
Score
8/10
Malware Config
Signatures
-
Blocklisted process makes network request 43 IoCs
-
Drops startup file 4 IoCs
-
Adds Run key to start application 2 TTPs 4 IoCs
-
Looks up external IP address via web service 1 IoCs
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Modifies registry class 1 IoCs
-
Suspicious use of WriteProcessMemory 2 IoCs
Processes
-
C:\Windows\system32\wscript.exewscript.exe C:\Users\Admin\AppData\Local\Temp\SwiftCopies.js1⤵
- Blocklisted process makes network request
- Drops startup file
- Adds Run key to start application
- Modifies registry class
- Suspicious use of WriteProcessMemory
-
C:\Windows\System32\WScript.exe"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\sing.js"2⤵
- Blocklisted process makes network request
- Drops startup file
-
Network
MITRE ATT&CK Enterprise v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
MD5
32b1accd6a263f1b850e52bffac047a5
SHA1f8be4389b327be9e742e618eceae6919e0144b2e
SHA25667be2d8895a4d7a72e14c45d127c4784be588eff872dc04cb055a6f3fb816a92
SHA512bee63cf8981e71d9005f9068a37438e16b8b8c0caa3603b50d5f41f2c9b86cacff362b34c6b3bb57da91e6ef883098a6a36e411db2f6b33bdcf35c61cddf3fee
-