a6fc2e334541ffe6b0aba132b098a1b05c96dc064a00918575726c0233e7ea57 | Triage

Analysis

max time kernel
142s
max time network
150s
platform
windows10_x64
resource
win10v20201028
submitted
13-01-2021 06:51

Sharing

Report Analysis Logs

General

Target

POrder.js
Size

28KB
MD5

be51f0be7f09810371f295b5107e761a
SHA1

c682dc23529552a71bf8f170204a1b44d25246e7
SHA256

a6fc2e334541ffe6b0aba132b098a1b05c96dc064a00918575726c0233e7ea57
SHA512

da69f1c7703f82a33c7d7babed569634ec72428a63df140c3ab0abeb42e7f7597167966c41a18ba235c7a4fb5f6624f4fbd6a135532e3eca162932ed712eb370

Score

8^/10

Malware Config

Signatures

Blocklisted process makes network request 15 IoCs

Processes:

wscript.exe

flow	pid	process
8	640	wscript.exe
10	640	wscript.exe
12	640	wscript.exe
16	640	wscript.exe
23	640	wscript.exe
24	640	wscript.exe
25	640	wscript.exe
26	640	wscript.exe
30	640	wscript.exe
31	640	wscript.exe
32	640	wscript.exe
33	640	wscript.exe
34	640	wscript.exe
35	640	wscript.exe
36	640	wscript.exe

Drops startup file 1 IoCs

Processes:

wscript.exe

description ioc process

File created C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\POrder.js wscript.exe

C:\Windows\system32\wscript.exe
wscript.exe C:\Users\Admin\AppData\Local\Temp\POrder.js
1⤵
- Blocklisted process makes network request
- Drops startup file
PID:640

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/640-2-0x0000027422C10000-0x0000027422C14000-memory.dmp

Filesize
16KB

Download